You are here

No CERT for you!

I applied to get a free site SSL certificate from StartCom for today. After jumping through their stupid hoops, I was informed that "my application would need to be reviewed manually." Later, I got the email from StartCom reproduced below… Thanks for nothing, StartCom. I won't be doing any business with you in the future, and I will encourage others to avoid you also. This is boneheaded in the extreme. I've held actively for well over a decade now, and there is zero possibility of confusion between my site and that of the Pubblico Organizzazione Bilaterale. Not to mention that the typo depends on bizarre use of case in the target URL, meaning that anybody could easily spot it. I guess POB.ORG would be a better example, but meh.

StartCom, you are not the Internet's mommy: the job of a CA is to assert the relationship between a particular URL and its owner. I met your identification requirements, and so that relationship has been established. I hate to admit that I almost paid you a fee for a second-level identification with the goal of getting a better cert out of you.

Oh, and nice that your email comes from rather than; no possibility for confusion there. Oh, and nice English in your letter. If I didn't know better, I'd guess this whole transaction was a phishing attack.

Death to the racket of selling large pseudo-primes for money. I'll sign my cert myself as usual, and save my money for the Star Registry in the future. I don't have time for this. Fob

StartSSL Certification Authority, 23 Feb 2014 12:21

XXXX XXXX (StartCom Ltd.)
2:21 PM (2 hours ago)

to me 
To Barton Massey,

This electronic mail message was created by StartCom's Administration Personnel:

The domain could be easily mistaken with the domain in which case our policy doesn’t allow it to be issued. Sorry for the inconvenience!

Best Regards

StartCom Ltd.
StartSSL™ Certification Authority