
StartCom launches a new service – StartEncrypt - JoshTriplett
https://startssl.com/NewsDetails?date=20160606
======
hlandau
Okay, there's a lot that's dubious about this.

Firstly, they've completely ignored the existing standards effort of ACME,
which Let's Encrypt has cooperated with to develop, and created their own API.
This detracts from the effort to standardise this, to no real end. Use Let's
Encrypt and you can avail yourself of the entire ecosystem of ACME clients, of
which there are many (I develop one). It's likely there will be other CAs
supporting ACME in time as well. Whereas this is a CA-specific API with,
presently, one implementation.

Secondly, they're still carrying out the dubious practice of charging for
revocations.

Thirdly, they claim "Not just for one domain, but up to 120 domains with
wildcard support", but this is under their 'Pro' offering, yet Let's Encrypt
supports up to 100 SANs per certificate for free. Their free service is
limited to 5 SANs.

The only apparent benefit of their free certificates over LE certificates is
the one year expiry time. But the whole point of the LE 90 day expiry time is
to motivate automation, which is a gain in the long term.

Fourthly, their website is full of broken English, which is impressively
amateurish for a CA and the high barriers to entry you generally expect that
to imply.

~~~
regecks
Bit late, but an R&D contact from StartCom told me that they will be
supporting IETF ACME with StartEncrypt, with the possibility of open source as
well.

------
Jaruzel
As a StartSSL customer, I've just had the email in my inbox telling me all
about this.

I know people don't like them, but before LetsEncrypt, StartSSL were one of
the few providers of basic certs that were free. All I needed for my home
setup was a cert for my Exchange server, and they've been providing me one for
about 5 years now, and I've never had a problem, and every client trusted
it[1]. Granted, their website is a bit weird, but once you work it out, it's
fairly easy to renew a free cert.

Obviously, next renewal I'll be jumping ship to LetsEncrypt (now that the ACME
clients for Windows have matured), so I am left struggling to see what benefit
StartEcrypt has over LetsEncrypt.

\--

[1] Coincidently, BB10 on Blackberrys does not trust the CA chain for
LetsEncrypt certs, and it's unlikely Blackberry will ever fix this.

------
nailer
It also apparently supports Flock, a browser that hasn't existed for 5 years:
[https://en.wikipedia.org/wiki/Flock_(web_browser)](https://en.wikipedia.org/wiki/Flock_\(web_browser\))

~~~
epicaricacy
Finally. Us Flock users are tired of being the second class citizens of the
internet! /s

------
pmx
Are they saying they're doing EV certs for free or is the page just badly
worded?

~~~
thesimon
They are free, you just seem to need a paid account (as before)

------
voycey
./install: 16: ./install: chkconfig: not found

install over, thanks !

Terrific - so Linux 64bit is actually only RedHat flavours - save your time if
on a Debian distro

------
nblr
Binary client. Uhm. Yeah... nope. Wasn't StartSSL (haha. SSL) the CA that also
offered to create the key on your behalf? Sketchy!

