On Monday, August 29, 2016 at 10:26:20 AM UTC-7, Gervase Markham wrote: > On 29/08/16 09:48, 蓝小灰 wrote: > > Of course I have private key of this certificate > > I have asked 蓝小灰 for cryptographic proof of this. > > Gerv
Gerv, I've notified the security team in Alibaba about this possible fake cert and ask them to confirm that they have not applied a cert. It's unlikely that Alibaba will use a free cert from WoSign. As a commercial site, they usually use Verisign or globalSign _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy