Stop allowing the perpetrators to hide behind the corporate veil.

Well, if you live within 100 miles inside the boarder, you have no Rights anyway. Stands to reason it would be even more so outside the border.

Compared to the anal probing from Comcast et. al.? Yeah, it's free.

Yeah, and after all that work to prepare, the rest of the world said "I don't know why you nerds made such a big deal out of this. Nothing happened!" It's enough to make you want to quit your job, cut the soles off your shoes, sit in a tree and learn to play the flute.

They should show them pirated pirate movies.

The NSA has not been caught red-handed, either. The article even points out that the pictures have not been independently verified.

It's useful, I don't know if it's convenient. Most sites won't even load anymore if you have Javascript turned off.

What does "obsolete" mean? If his writing instrument does what he needs it to do and he's happy using it, then more power to him. Who's to tell him he can't use it, or an IBM Selectric, or even a quill pen and vellum? Nothing is obsolete if it still works for your needs.

If they're not a NASA astronaut, why would they?

>If you have a site where an attacker would have bothered with the elaborate process of getting the private key, and then do MITM attacks with it on users, and it >would actually matter, you wouldn't have used StartSSL in the first place, and $25 would be absolutely nothing for you.

>Hint: not you

None of which has any bearing on my original point, which is that we need a better and more secure way of applying security to web servers that isn't reliant on the good graces of a third party (either through their schedule of fees or through their procedures and policies). If you want a more secure internet, you have to make it cheaper and easier for the guys who are just like me. As I mentioned in my top post, the admins I spoke of can't afford to replace their certificates and so their sites remain unsecured.

StartSSL won't revoke a certificate unless you pay the $25 revocation fee and they won't just let you cut a new certificate while the old one is unrevoked. How is that not extortion? The only option is to either pay up or find another provider (and leave your old, unrevoked certificate out there).

>Yup, twenty-five whole dollars. That's the price of several Big Macs, with fries!. Shameless what some CAs will charge.

(Not defending the CA racket here, but $25 isn't really that much when they give the certs out for free. In any case why revoke them, just replace them with a new, free cert. Yes, I know someone can spoof the server using the old cert, but if you want to save the $25...).

That's $25 per certificate. That may sound cheap to you, but it's not cheap to everyone and especially not when you may have several (or dozens) to replace. In any case, revocations should be free. Also, StartSSL won't let you cut a new certificate for a host while an unrevoked certificate exists for that host, so you either pay them to revoke it, wait until it expires, or change the hostname (or move to a different CA, I guess). All three are unacceptable scenarios, IMHO.

What would help is if there were some certificate system that didn't rely on extortion or exorbitant prices. I know several admins that mitigated the hole but couldn't replace their certificates either because the signer charges a ridiculous revocation fee (I'm looking at you, StartSSL), or because the cost of cutting and signing new certificates was too high. We need a better trust system.

Well, no....it won't be a Lamborghini really, but it will look just like one, we promise! Ok, the engine will only be a four-cylinder but it will only cost twice as much as Google's Lamborghini! No, we won't charge you for gas or oil for the first six months, but after that we may have to charge a slight service fee. The speedometer goes up to 200MPH, but most of the time, you won't be able to go over 35. Also, you can only drive to three cities per month before you hit your mileage cap because we don't want you taking unfair advantage of the roads. Speaking of roads, did we mention the slight access fee to help cover the cost of building out new roads (someday, maybe, if someone else threatens to build roads first)?

They don't have sarcasm where you're from?