SSL certs are an utter commodity, and generally the CA system is a broken system, but we'd be a lot better off with free "real" SSL certs everywhere rather than a bunch of self signed stuff. The loss here is the large number of applications with self-signed certs on the Internet, as well as the general hassle involved in purchasing and renewing certs for everyone who does.
The cost of having a well-run base CA is small number of millions to set up and maybe $1-2mm/yr. It would do a lot more good than many other charities. The marginal costs to do mail-from auth S/MIME and domain-verify certs would be limited.
I used to think StartCom was a good solution for this, but after recent staff departures, and their shortsighted-at-best policy here, I can't recommend them.
With commercial CAs, people use wildcard certs in a lot of places where they should be using distinct other certs. It's maybe not an issue for https for main company websites ($49/yr isn't too big a deal), but I want people to use real certs for START TLS email, client certs, etc. I also want one CA to be really popular, or at least one simple cert-issuance protocol to be popular, so "automatically generate a cert and CSR and get the cert loaded" becomes an automatic part of software setup.
I'm kind of surprised Google hasn't done this, in exchange for people proving ownership of a Google+ account or something. FB, Twitter, etc. could all easily bury the costs of a genuinely free CA.
Because StartSSL issues them for free, I actually did exactly that -- used a separate certificate for each of my secure services (IMAP, SMTP, HTTPS, etc.), on each of my domains. I believe I currently have roughly 25-30 certificates issued by them. My thinking was that, despite the extra configuration complexity, if a particular key were compromised, at least I wouldn't have to replace all my certificates!
So now, ironically, I'm faced with having to replace all my certificates, not to mention paying StartSSL $25 per certificate if I want to do the right thing again and have all the existing ones revoked, as well.
Instead, I'm tempted to "pay up" for a wildcard certificate for each of my domains from a provider whose revenue stream comes from minting certs, not revoking them. Configuring my services sure would be easier with 5 certificates rather than 25. Also, I've never leaked a key by any error of my own, and I'm beginning to think that's less likely than someone finding another hole in OpenSSL (or a CA) which requires wholesale certificate replacement again.
I'd like to see Mozilla and Google to team up on a reasonable replacement. Even Microsoft might join up given its recent shifts in attitude. TLS supports non-X.509 stuff just fine.
The CNNIC root is still trusted by most browsers/OSes.
So bad news: it's hard. good news: people are trying.
More bad news: They're failing pretty hard. CACert have been around for a long time, and still haven't managed to get themselves audited.
And for good measure, on the subject of certs and trust, the thread after:
"another cert failure" (2011)
If you want free, push for killing CAs :)
Maybe someone like CloudFlare could cover the "Free CA" project.
'per year' pricing is one of the most insidious aspects of the current CA system.
Certificates don't rot.
They claim that annual renewal is necessay to protect us from a rogue but unrevoked certificate; however any malicious activities would be quite profitable well within a year.
So why not set renewal to be monthly, just to be extra-safe? Weekly? Perhaps I should suggest that to them. The resulting outcry from users might be the only way we can disrupt the CA situation.
I've used several CAs and StartCom is the one I dislike the least. I wish Amazon would become a registrar and CA. Then AWS would really be one-stop shopping.
My wallet is unhappy, and I do feel like charging for revocations is a bit odd, since revocations usually happen for security reasons and this deincentivizes good security. OTOH, they do run a business and I've created work for them at no charge previously, so I'm not mad.
Section 2, dot 2.
CAs must revoke Certificates that they have issued upon the occurrence of any of the following events:
the CA obtains reasonable evidence that the subscriber’s private key (corresponding to the public key in the certificate) has been compromised or is suspected of compromise (e.g. Debian weak keys), or that the certificate has otherwise been misused;
Really? Then why does he quote the following policy:
Never share private keys with any third party and use adequate
protection and best security practices to secure private keys in
order prevent losses and compromises thereof.
StartCom's been doing this for a long time. This is what makes them dangerous. It does not make them any more dangerous now than before.
Even if StartCom made an exception in this case, it should not change anything. Because even without hearbleed, certs still get compromised and StartCom's standard practice is to motivate owners to keep using known compromised certs.
Why does anybody trust a CA with this policy? Why is StartCom included in browsers and OSes? Why isn't anybody removing StartCom and CAs with similar policies from trusted CAs?
This claims that CRLs and OCSP would then be expensive / lots of downloads....