Hi Mike, Very thanks for your comments. What you mentioned is NOT a problem; it is our technical advantage conversely. :-)
We are using cross signing technology. Our root is cross signed by Startcom CA, Comodo UTN root CA and WoSign 1999 root CA to guarantee our end user's certificates compatible with all device and all systems. How to verify it is cross signing? If the cross signed cert public key is same as our root public key, it is cross signing. It means our root CA1 public key is same as the following 3 cross signing certificate. You can learn more about cross signing in the Internet. Richard On Friday, April 18, 2014 10:57:53 PM UTC+8, Michael Miller wrote: > I checked customers on official site of Wosign > > https://www.wosign.com/ > > > > It seems wosign have 3 different certificate using same Key-pair(Have same > > public key) > > > > that is : > > 1,Certification Authority of WoSign as a subCA under Wosign 1999 > > example customer Url: > > https://person.guilinbank.com.cn/ > > > > 2,Certification Authority of WoSign as a subCA under StartCom Certification > > Authority > > example customer Url: > > https://login.dangdang.com/ > > > > 3,Certification Authority of WoSign as a Root CA > > The Root CA that have webtrust seal and used to apply for this certificate > > program > > https://bugzilla.mozilla.org/show_bug.cgi?id=851435 > > > > Well, Since they all have same key pair , I assume they are all related (as > > one system) and should be mentioned here. > > > > According to Items #8, 9, and 10 of Mozilla's CA Certificate Inclusion > > Policy , intermediate certificates must either be technically constrained > > or be audited and publicly disclosed. > > https://wiki.mozilla.org/CA:CertificatePolicyV2.1#Technical_Constraints_or_Auditing.2FDisclosure_of_Intermediate_Certificates > > > > Can anyone from Wosign explain this situation? > > > > Mike On Friday, April 18, 2014 10:57:53 PM UTC+8, Michael Miller wrote: > I checked customers on official site of Wosign > > https://www.wosign.com/ > > > > It seems wosign have 3 different certificate using same Key-pair(Have same > > public key) > > > > that is : > > 1,Certification Authority of WoSign as a subCA under Wosign 1999 > > example customer Url: > > https://person.guilinbank.com.cn/ > > > > 2,Certification Authority of WoSign as a subCA under StartCom Certification > > Authority > > example customer Url: > > https://login.dangdang.com/ > > > > 3,Certification Authority of WoSign as a Root CA > > The Root CA that have webtrust seal and used to apply for this certificate > > program > > https://bugzilla.mozilla.org/show_bug.cgi?id=851435 > > > > Well, Since they all have same key pair , I assume they are all related (as > > one system) and should be mentioned here. > > > > According to Items #8, 9, and 10 of Mozilla's CA Certificate Inclusion > > Policy , intermediate certificates must either be technically constrained > > or be audited and publicly disclosed. > > https://wiki.mozilla.org/CA:CertificatePolicyV2.1#Technical_Constraints_or_Auditing.2FDisclosure_of_Intermediate_Certificates > > > > Can anyone from Wosign explain this situation? > > > > Mike _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
