| It doesn't particularly matter if people trust StartSSL, it matters if browsers trust them (which they do). There are about 100 root CAs, and something like 1000 CAs if you include intermediates (controlled by ~650 different organizations - https://www.eff.org/observatory), and browsers trust ALL of them. All it takes is one to issue a malicious cert, or to get hacked, to do a MITM attack on ANY domain without showing a browser warning. The trustworthyness of a single CA doesn't make a difference, because if any CA isn't trustworthy then an attacker can use them instead the other ones. This is the problem with CAs, and the problem with centralized trust systems in general. There are hundreds of weak points. But also, StartSSL does fairly thorough identity verification. I've had to send them photos of my passport and talk to them on the phone to do identity verification. It's also worth noting that it's the CA that both https://www.eff.org/ and https://pressfreedomfoundation.org/ use. As long as there's a broken CA system, the choice of CA does not matter in the slightest as long as it's trusted by browsers. Users only care if it breaks a website with a scary warning, but if it doesn't, it doesn't matter. There's no need to spend money. StartSSL does charge if you have more than very basic needs, like if you want multiple alt names, or if you want a wildcard. But it's still cheaper than the competition. |
We had endless problems with StartSSL on mobile browsers. They have only recently been added to the latest Windows Mobile 8 repo and you can forget about any phone OS (except iOS) that was released before 2012.
The thing with SSL providers is most people think if it works on Chrome and IE they're set, but for certain businesses they need something that will work on the Wii Browser, an IBM Power System, or an older dumbphone. SmartTV's in particular are pretty annoying to get any CA list because whoever implemented the browser portion on the devices probably just imported some random Java lib from circa 2002.
If you are doing something small and personal, StartCom is just fine. If you're running a business, at some point it may become inevitable that you switch to oldest provider you can reasonably sign up for, in particular one of the Original Three (Thawte, GlobalSign, or Verisign). If you're running a non-profit advocating for privacy and cryptography where a large number of your users may be based in the middle east running on legacy hardware, you may want to take a cursory look to see if your users are getting any cert problems and get a cert from Thawte (the cheapest of the three - though you will need to chain to an intermediary cert if you got with their 123 option).