- From: Kornel Lesiński <kornel@geekhood.net>
- Date: Fri, 07 Jan 2011 13:49:28 -0000
On Fri, 07 Jan 2011 11:11:55 -0000, Glenn Maynard <glenn at zewt.org> wrote: > I gave it a try earlier, since it was mentioned. It created my > account, rejected my CSR, and I got a message saying that I somehow > failed to create a login certificate, that I'd no longer be able to > log in, and according to the FAQ the only way to continue would be to > create a whole new account on a different email address and to ask > them to manually merge the accounts. That's broken in countless ways; > no CA should have such a brittle, half-baked account system. StartSSL uses client certificates to log in, which theoretically is a great idea, as account access (thus security of all its certificates) relies on strong cryptography, rather than some custom password-based mechanism. In practice it's not so great, but maybe it's not StartSSL's fault, but due to complexity of certificates, inflexibility of <keygen> and very rough implementations of it. -- regards, Kornel Lesi?ski
Received on Friday, 7 January 2011 05:49:28 UTC