1. All certs are revoked in time, please check our CRL; 2. WoSign logged all SSL cert since July 5th;
3. I know you are Chinese with good English, welcome to join WoSign, we need good talent like you. Regards, Richard > On 31 Aug 2016, at 01:33, Percy <percyal...@gmail.com> wrote: > > We classified this 33 misissuance certificate into two types: one type is we > think this misissuance certificate is obviously not from the domain owner, we > revoked this type certificates instantly after we know the misissuance > ---- > Your statement is contradicted by the fact that the other two mis-issued > Github certs are not revoked 14 months after the original breach and you > being aware of such breach. > > > > we will post all issued SSL certificate in 2015 to CT log server soon. > ----- > Multiple users from the original thread have identified mis-issued > certificate in the CT log (aggregated here > http://www.percya.com/2016/08/chinese-ca-wosign-faces-revocation.html ) I > don't see how posting to CT log helps. Because WoSign didn't even deal with > mis-issued certs even after posting such certs to CT logs. Besides, WoSign > has issued back-dated certs, due to bug or not. Hence at least all CT should > be required for ALL WoSign issued cert. > > > Third, due to the English language limit, we know we can't understand all > related international standard that it may have some bugs in the system in > the past and maybe in the future > ------ > This is absurd. Are you saying THE largest CA in China, WoSign cannot afford > to hire a few developers fluent in English to help understand the > international standards and in turn inform their peers? I understand that > WoSign has to affirm they understand and will comply with BR to be included > in the program. Are you saying that WoSign didn't even understand BR to begin > with due to BR written in English? > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy