Information most urgent to our customers and end-users:

Update: 2024-01-26

Epilogue

More than a decode ago, TrustCor entered the Public Certificate Authority ("CA") business with a vision to provide the highest level of security in our products and services, harbouring privacy, and eager to fill the void in a market oversaturated by mega-companies, monopolies, and state-owned enterprises. TrustCor's CA was built to meet the highest industry standards. We developed our own modern software security systems for managing and operating all aspects of the CA, and followed best practices that were verified annually by reputable auditors identified and accredited by the AICPA/WebTrust.

Along the way we struggled through the considerable work, rigorous vetting and exorbitant costs to build a public CA with core values that the community could trust and rely upon to do things correctly. It took over 6 years of extensive annual 3rd-party audits, inclusion rules, and independent browser processes to receive "global acceptance". Our hard work eventually paid off and we began to provide true value to the community, all while staying true to our founding principles and maintaining an unmatched and unblemished track record of security and integrity. We're proud of the software, systems and brand we built, but even more so, we're grateful for our customers and the community of supporters that helped make it grow and stood by us even through our most difficult times. Thank you to those who believed in us, despite the false claims made against us.

We're concerned that real innovations in security and community were hindered by the unfortunate outcome of events resulting from the false claims made against us. We entered this business to make a positive difference in the community interest, to contribute more options for the general public instead of less — and yet our years of hard work and dedication to internet security succumbed to an echo chamber of online posts from a small group of individuals promoting their own joint business endeavor. We're disappointed in the CA Community's inability to regulate itself and question the system of controls that ultimately hold no value for determining trust inclusion.

Unfortunately, the good guys don't always win, and this is where TrustCor's journey took another turn. Many challenges in the public CA community remain unsolved, and we failed to stand up against the corporate moguls determining our fate. For this, we're deeply sorry. We considered every option before making the difficult decision to terminate our public CA service, and we are disappointed more could not be done. A respected, but ultimately impotent standards body/community has failed to positively influence the industry's largest companies who ignore its findings unless they agree. The industry itself has become a race to the bottom in prices towards free - which has its own predictable outcome. We don't like where this is headed, and it ultimately results in less choice and less security for everyone.

Many of you are already aware that certificate issuance by TrustCor ceased in 2022, but in keeping true to our word, we stuck around to help with the transition and remained fully-supported with customer service, certificate status services, world-wide trust and proper technical behaviour for certificates issued before November 1, 2022 through the extent of their certificate life-cycle. Therefore, this news will not be service impacting to any of our prior customers. For those customers who still rely on our software to manage their own CA operations, we will continue to support you for the foreseeable future through our service contracts. Thank you again for your continued support, we could not have weathered the storm and continued operations without your help.

In the digital world, convenience can come with a price, and this outcome is one of the many pitfalls of our online ecosystem where falsehood diffuses significantly faster and more broadly than the truth, and in many cases by an order of magnitude. The civic implications of disinformation amplifying online have caused us great damage and will continue to cause considerable damage across many sectors, dismantling trustworthy systems of controls for as long as we allow this to go on. We hope that this can serve as a lesson for the next innovators, may you learn from our experience and do better to protect yourselves and stakeholders from these types of events in the future.

To our partners, peers, vendors, customers and community: thank you for your time and attention. It has been a privilege to work alongside you and serve you, and we look forward to meeting again.

Respectfully and Resiliently,

Team TrustCor

Update: 2022-12-02

Commercial Certificates (wholesale and retail)

  • All our resellers have been notified we will not offer new or renewed server certificates commercially at this time
  • Notwithstanding the foregoing, certificates issued before November 1, 2022 are and will remain fully-supported with customer service, world-wide trust and proper behaviour
  • Due to Microsoft's (unprecedented and unsubstantiated) unwillingness to provide equal treatment as the Mozilla community to bridge the 29-day issuance gap from Nov 1 to Nov 29, TrustCor will remunerate our wholesale customers financially to cover their re-issuance of competitive replacement certificates for their end-users during this period; we realize how ridiculous and unnecessary this seems for these thousands of end-users; we requested Microsoft's help in writing to correct this by shifting the date 29 days to adopt the same dates as the larger community, and we are disappointed more could not be done

MsgSafe Secure Communications Services (freemium and premium)

  • All OpenPGP-based (RFC4880) capabilities will continue fully-supported
  • Enterprise/forwarding email addresses protected with user-provided S/MIME public keys will continue to be fully-supported
  • Provisioning of S/MIME certificates for each customer identity will no longer be offered or supported

Some of these changes will take place immediately, others will go into effect as soon as practicable during maintenance windows. Please check back to this page as further updates unfold. Additional background on the genesis of these changes will be posted separately.