Comments for jwiltshire.org.uk

Comment on StartSSL: finally, a trustworthy certifier* by Brad

Brad — Fri, 24 Jun 2011 20:44:56 +0000

They’re back up, no false certs issued or private keys stolen. more info here.

http://www.theregister.co.uk/2011/06/21/startssl_security_breach/

amazing to me how little the company bothered to communication their situation. I have a class2 cert with them and would certainly want their assurance that docs I provided them were not compromised / stolen etc.

Comment on StartSSL: finally, a trustworthy certifier* by Corsac

Corsac — Tue, 21 Jun 2011 06:35:59 +0000

Hmhm, advertising StartSSL might not have been a good idea, they’ve just been compromised:

Due to a security breach that occurred at the 15th of June, issuance of digital certificates and related services has been suspended. Our services will remain offline until further notice.

Subscribers and holders of valid certificates are not affected in any form.

Visitors to web sites and other parties relying on valid certificates are not affected.

We apologize for the temporary inconvenience and thank you for your understanding.

Comment on StartSSL: finally, a trustworthy certifier* by Kint

Kint — Mon, 20 Jun 2011 22:43:51 +0000

http://www.h-online.com/security/news/item/Attack-on-Israeli-Certificate-Authority-1264008.html

Comment on StartSSL: finally, a trustworthy certifier* by Ben

Ben — Tue, 14 Jun 2011 20:59:42 +0000

To clarify a bit what Jon said, you only need to verify a domain in order to get a certificate for that domain, and you may wait up to 30 days after verifying a domain before requesting a certificate. After 30 days you will need to re-verify your domain if you haven’t gotten a certificate for it yet, but you don’t need to if you already got one.

From what I could tell, you can only get one certificate per (verified) domain, e-mail address…but I may have missed something.

Comment on StartSSL: finally, a trustworthy certifier* by Jon

Jon — Tue, 14 Jun 2011 13:08:02 +0000

Asheesh, sure. The process is:
– undergo Class 2 identify verification and pay the fee
– for each domain, verify it by getting a code by email
– within thirty days issue one or more certificates for that domain (you can mix domains on the same certificate)

Repeat steps 2 and 3 for a year.

Comment on StartSSL: finally, a trustworthy certifier* by Philipp Kern

Philipp Kern — Tue, 14 Jun 2011 08:09:04 +0000

But I’d really need to pay 60 USD every year? Mhhh… ):

(Yes, I know that’s much less than other CAs want, given enough certificates issues. Except for CAcert…)

Comment on StartSSL: finally, a trustworthy certifier* by Asheesh Laroia

Asheesh Laroia — Tue, 14 Jun 2011 01:30:25 +0000

“Being verified once and then issuing as many certificates as I need” seems really useful to me. Can you explain more about the process for doing that?

I tried to find it on the StartCom website, but actually had some trouble.

Comment on Privacy specialists should hire security specialists by Chris

Chris — Mon, 11 Apr 2011 23:29:45 +0000

AFCAIT you’ve covered all the bases with this answer!

Comment on A little civil disobedience by Jon

Jon — Sun, 27 Mar 2011 22:50:27 +0000

Excellent! I defy any census staff to first penetrate the door of my shared building, and then find me at home…

Comment on A little civil disobedience by Ker

Ker — Sun, 27 Mar 2011 22:42:14 +0000

It will get classed as an incomplete or blank form and you wil receive a home visit from census staff. Can you really be bothered with that? I’d rather get mine complete, sent, and never be bothered with it again… for ten years anyway.