[cpach]

Well, this is not like the first time the TLS stack has a disastrous vulnerability. I think that giving out free certificates and charging for revocations is bad business since it sets bad incentives. Better then to charge upfront for issuing the certificates.

[brohee]

Because taking money to issue certificates sets good incentives...

[cpach]

Well, I’d say the most valuable data is generally TLS-protected. E.g. Gmail, Outlook.com, Dropbox, etc. I sure would like to see even better TLS adoption rates than what the web currently has, but I don’t think that we should compromise the trustworthiness of the certificates in order to achieve this goal.

What makes the CA-issued certificates trustworthy is that they are in fact verified to belong to the legitimate owner of the domain. Doing the verification and maintaining the CA’s infrastructure is not free so I don’t think it’s very surprising that the vendors charge for their service.

[brohee]

"What makes the CA-issued certificates trustworthy is that they are in fact verified" ahahaha good one.

You should read about the history of Certstar, the Comodo RA. Why take money, expand ressources to verify the informations and issue the certificate when you can shortcut the verifications...

No matter how you look at it, the CA system is full of perverse incentives...