Access to www.gnupg.org only via TLS
Doug Barton
dougb at dougbarton.us
Wed Apr 30 21:23:02 CEST 2014
On 04/30/2014 01:25 AM, Martin Gollowitzer wrote:
> You might want to consider my blogpost about StartSSL
Yeah, I don't quite see your point. They are providing a very valuable
service for free, and charge a nominal fee for revoking a cert. If you
add up all the times you have not paid fees for the certificates
themselves, vs. the rare occasions when you have to revoke one, I think
you're still coming out way ahead. Personally I think it's awesome that
they're allowing a free revocation re Heartbleed at all, since ...
... your whole premise seems to be invalid as there is no clear evidence
at this time (that I'm aware of, and I've been paying attention) that
any actual secret keys have been compromised by Heartbleed. It was
listed as a potential risk when the vulnerability was first announced,
but several groups have done research on that specific point and have
found that it would be sufficiently difficult, if not actually
impossible; to render this particular risk as negligible at best.
Meanwhile, if your response is going to be in the nature of, "Everything
I want should be given to me free just because I want it" please don't
bother.
Doug
More information about the Gnupg-users
mailing list