In most Chinese institutions, most checks and verifications are just formality. Contracting to the case of CNNIC CA, I'm not advocating for an outright removal of WoSign (even though I revoked the CA personally). But the incorrect notBefore date suggests that a mandatory inclusion of CT of all certs ever issued is needed. Of course, WoSign needs to address other issues raised by Matt and Ryan in addition to the CT requirement. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
- Re: Incidents involving the C... Andrew Ayer
- Re: Incidents involving the CA WoSign Percy
- Re: Incidents involving the CA WoSign Ryan Sleevi
- Re: Incidents involving the CA WoSign Kurt Roeckx
- Re: Incidents involving the CA WoSign Erwann Abalea
- Re: Incidents involving the CA WoSign Ryan Sleevi
- Re: Incidents involving the CA WoSign Vincent Lynch
- Re: Incidents involving the CA WoSign percyalpha
- RE: Incidents involving the CA WoSign Richard Wang
- Re: Incidents involving the CA WoSign xcrailfans
- Re: Incidents involving the CA WoSign percyalpha
- Re: Incidents involving the CA WoSign 233sec Team
- Re: Incidents involving the CA WoSign Jonathan Rudenberg
- Re: Incidents involving the CA WoSign Richard Wang
- Re: Incidents involving the CA WoSign 233sec Team
- Re: Incidents involving the CA WoSign Gervase Markham
- Re: Incidents involving the CA WoSign 蓝小灰
- Re: Incidents involving the CA WoSign Gervase Markham
- Re: Incidents involving the CA WoSign Percy
- Re: Incidents involving the CA WoSign Gervase Markham
