Would be more awesome if they offered free certificates and an API to renew them...

bdamm · on Aug 7, 2014

The SSL CA model is deeply flawed, so it bothers me that I have to pay into this broken cartel.

An effective social network for website trust, combining cryptographic assurances with trust networks that already exist, is my dream.

(Edit: Clarify that the SSL CA model is flawed for the Internet at large, but has many useful applications elsewhere.)

ra · on Aug 7, 2014

> Would be more awesome if they offered free certificates and an API to renew them.

If someone were able to do this and pull the rug out from under the SSL cartel overnight, that would be awesome.

kmfrk · on Aug 7, 2014

Many "free" certificate services don't give reissued certificates for free, though, so if something like Heartbleed happens again, you might still pay a fee.

diafygi · on Aug 7, 2014

What about a kickstarter to subsidize SSL costs? Or how about one to buy a root CA and make it free?

icebraining · on Aug 7, 2014

There is already a community-driven CA: http://www.cacert.org/

The problem is that it's not only about money. You need to follow certain procedures or browsers and OSs won't include your root certificate.

iancarroll · on Aug 8, 2014

I don't think anyone has confidence in CACert anymore. IIRC they bombed their internal audit...

watwut · on Aug 7, 2014

They are free to get, but you have to pay money if you need to revoke that certificate.

tomjen3 · on Aug 7, 2014

Which you don't really need to. Sure it disables all the security, but if you only care about the speed boost/cover your ass part it is a non-issue.

iancarroll · on Aug 8, 2014

Yes, you do. If there is another Heartbleed, your certificate is worthless if someone has the chance to grab it.