Topic: [Mail forwording from StartCom] new service startencrypt

[davidS]

Dear StartCom customers,

This electronic mail message was created by StartCom's Administration Personnel:

StartCom, a leading global Certificate Authority (CA) and provider of trusted identity and authentication services, announces a new service – StartEncrypt today, an automatic SSL certificate issuance and installation software for your web server.

StartEncrypt is based the StartAPI system to let you get SSL certificate and install the SSL certificate in your web server for free and automatically, no any coding, just one click to install it in your server.

Compare with Let’s Encrypt, StartEncrypt support Windows and Linux server for most popular web server software, and have many incomparable advantages as:

(1) Not just get the SSL certificate automatically, but install it automatically;

(2) Not just Encrypted, but also identity validated to display EV Green Bar and OV organization name in the certificate;

(3) Not just 90 days period certificate, but up to 39 months, more than 1180 days;

(4) Not just low assurance DV SSL certificate, but also high assurance OV SSL certificate and green bar EV SSL certificate;

(5) Not just for one domain, but up to 120 domains with wildcard support;

(6) All OV SSL certificate and EV SSL certificate are free, just make sure your StartSSL account is verified as Class 3 or Class 4 identity.

StartEncrypt together with StartSSL to let your website start to https without any pain, to let your website keep green bar that give more confident to your online customer and bring to online revenue to you. Let’s start to encrypt now.

Please do not reply to this email. This is an unmonitored email address, and replies to this email cannot be responded to or read.
If you have any question or comments, just click Here ((https://startssl.com/reply) to send your question to us, thanks.

Best Regards
StartCom™ Certification Authority

[Jean-Philippe Pialasse]

moved from SME9 to General topics.

Interesting seems like let's encrypt has now some alternatives after only few months.

I am just wondering what is the market behind free certificates after so many years of so high fees for certificates.
in fact I get it : "just charge the validation cost annually , certificate is FREE!"

your hip surgery is free, you just have to pay a small fee for hospital admission of 20000$ 


JP

[edited for typo]

[Stefano]

davidS, would you mind to edit your OP telling that you are just forwarding a mail you received?

I'm asking you so because now it looks like a spam message and my first thought was to delete it and issue a warning

TIA

[DanB35]

It's good to see that Let's Encrypt is starting to shake things up a bit in the CA industry, but I guess an honest comparison was too much to hope for.

Compare with Let’s Encrypt, StartEncrypt support Windows and Linux server for most popular web server software, and have many incomparable advantages as:

There are many Windows clients for LE as well.

(1) Not just get the SSL certificate automatically, but install it automatically;

Let's Encrypt, using the official certbot client, can install the cert automatically, at least in some configurations.  With SME server, cert installation is a matter of setting three config database properties and firing the ssl-update event.

(2) Not just Encrypted, but also identity validated to display EV Green Bar and OV organization name in the certificate;

I'm not convinced that OV certs add any value over DV certs, but EV certs certainly do for some people.  Point in startssl.com's favor.

(3) Not just 90 days period certificate, but up to 39 months, more than 1180 days;

So what?  If the automated issuance is working well (and it is for LE, and we'll presume it is for startssl.com), certificate lifetime is a non-issue.  It could be 24 hours for all it matters.

(4) Not just low assurance DV SSL certificate, but also high assurance OV SSL certificate and green bar EV SSL certificate;

Only at the fourth item on their list, and they're already repeating themselves?  That isn't a good sign.

(5) Not just for one domain, but up to 120 domains with wildcard support;

LE has never been limited to one domain.  You can have up to 100 hostnames on a single cert, and as many certs as you want.

(6) All OV SSL certificate and EV SSL certificate are free, just make sure your StartSSL account is verified as Class 3 or Class 4 identity.

The cert is free, just pay $200 to validate who you are before we'll issue the cert.  That's more than a little misleading.  Plus an extra fee for revocation of any cert, which is just wrong.

Let’s start to encrypt now.

There are lots of bogus trademark infringement claims being made, and I'm not an expert on the subject, but this sounds like it could be infringing on LE's trademark.

So, stripped of the nonsense, the real advantage over LE is that that once they validate you, they'll automatically issue OV or EV certs, while LE only does DV certs.  If the green bar in the browser is important (which it is to some people), this could be a good thing.

[Daniel B.]

If the automated issuance is working well (and it is for LE, and we'll presume it is for startssl.com), certificate lifetime is a non-issue.  It could be 24 hours for all it matters

Not in every circumstances. For simple servers (including SME Servers), yes, automatic renewal makes the short validity period a non issue. But you can't automate everything (think of an appliances where you can upload a certificate manually only, BMC boards like iDRAC/iLO, administrated switches etc...all this won't be able to run an ACME client, and in those cases, having a longer validity is better)

[Stefano]

good point but, let me say, for those devices/cases, you won't use letsencrypt..

we're talking about servers, so I think that Dan's point are good..

[Daniel B.]

good point but, let me say, for those devices/cases, you won't use letsencrypt..

Yes, for those devices, we don't use Let's Encrypt because of the 90 days limitation. So, if something similar allows certificates with longer validity, it can be interesting. Not directly for SME I agree.

[DanB35]

Fair enough point about devices to which you can't automatically deploy the cert. Kind of an edge case, I'd think, but a valid point nonetheless. Though it's surprising how many devices do allow a cert to be automatically deployed--my UPS allows it, for example.

[DanB35]

So rather than using the existing ACME protocol, StartSSL decided to roll their own.  And do it badly.
https://www.computest.nl/blog/startencrypt-considered-harmful-today/

[DanB35]

...and after the whole Internet pointed out how badly they did StartEncrypt, they're suspending it and replacing it with an ACME client/server model instead (which would have been the sensible thing to do in the first place): https://www.startssl.com/NewsDetails?date=20160606