I'm a bit torn by that techdirt article.
I'm a huge fan of techdirt
, but I've also written glowingly
Using StartCom is a decidedly unpleasant experience -- the website is a throwback to the worst days of the web, and the entire process is frustrating and confusing.
Nevertheless, the price and service are remarkable compared to the alternatives I've found. The ssl certificate industry as a whole feels like it's designed to leach money out of you like a vampire -- and like a club where only the rich can afford to be secure.
StartCom always struck me as a little independent outfit run by one guy who was doing much of it on his own with a small margin. If so, i think it's unfair to attack them as being corporate bigwigs profiting off the backs of tragedy -- and instead view it as a situation where they may simply not have the profit margin to provide so much help for free.
I really don't see a fundamental problem with charging people a "reasonable" amount to handle certificate revocation. Just my 2 cents.
When these big giant corporations are ripping people off hand over fist and rolling in money, they can afford to be generous in situations like this and benefit from the public relations coup. But if you turn to a small independent low-profit-margin ssl certificate service, i think it's unreasonable to expect them to be able to eat such costs.