Sure, and there are also StartSSL certs used on systems that don't use OpenSSL. ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		wlesieutre on April 9, 2014 \| parent \| context \| favorite \| on: Most StartSSL certs will stay compromised Sure, and there are also StartSSL certs used on systems that don't use OpenSSL. Do we just nuke every certificate, destroy their business, and force people with secure computers to buy new ones elsewhere even though their servers weren't affected by heartbleed? Because that option sucks too.

claudius on April 9, 2014 [–]

As a user, I much prefer that my browser and my OS never ever again show a StartSSL-signed cert as valid over even just one compromised cert being displayed with a fancy lock. How StartSSL is going to achieve that, I don’t care, but neither do I care whether or not they go out of business over this.

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact