[liberationtech] [guardian-dev] An email service that requires GPG/PGP?

Ralph Holz holz at net.in.tum.de
Wed Aug 14 07:17:19 PDT 2013

Hi Tom

> Aside from StartCom (free) most CAs have roughly the same price and
> service.  Since service is equivalent, you're free to choose a CA
> based on your political opinion, and not worry about missing out on
> 'features'. It's basically like voting in an election - elections are
> won by tens or hundreds of thousands of votes, so it seems like one
> vote doesn't matter.  But it can add up.

Not sure if you know this one, but this article paints a somewhat more
complex picture of the HTTPS economics. In particular, companies buy
from the big players because, alas and behold, they're too big to fail
and will never be removed from root stores:

  author = {Asghari, Hadi and van Eeten, Michel J. G. and Arnbak, Axel
M. and van Eijk, Nico A. N. M.},
  year = {2013},
  month = {March},
  title = {Security Economics in the {HTTPS} value chain},
  location = {Washington, D.C., USA},
  booktitle = {Proc. 12th Ann. Workshop on the Economics of Information
Security (WEIS 2013)},


Ralph Holz
I8 - Network Architectures and Services
Technische Universität München
Phone +
PGP: A805 D19C E23E 6BBB E0C4  86DC 520E 0C83 69B0 03EF

More information about the liberationtech mailing list