I actually asked Eddy Nigg (startcom CTO) to do the gnome deal and give us ssl c... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

SEJeff on Sept 2, 2016 | parent | context | favorite | on: WoSign's secret purchase of StartCom: WoSign threa...

I actually asked Eddy Nigg (startcom CTO) to do the gnome deal and give us ssl certs for free (back when I was able to ssh/irc from work and be a member of the GNOME Sysadmin Team), which they did. As much hate as they get, they are one of the few "secure" CAs of all of them I've ever worked with. One of the more quiet things when it was first revealed Comodo was hacked was that Startcom was also hacked. Eddy went on the record as bragging not a single rogue SSL certificate was issued as they have a human validate every single certificate request (yes seriously) and that prevented any rogue certificates.

So as much as people think Startcom is scummy, they are actually pretty decent people. They're also quite secure. So YMMV.

This was long before the alleged sale to china though, maybe 5-8 years ago? I forget.

BillinghamJ on Sept 2, 2016 [–]

They definitely don't visually check every cert any more. They're issued instantly.

SEJeff on Sept 2, 2016 | [–]

Oh I wasn't referring to their lame knock off letsencrypt product, but their main ssl cert.

BillinghamJ on Sept 3, 2016 | | [–]

Their normal ones are issued instantly also.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact