Please remember this sentence: Every re-distribution the wrong information will heavy his penalty (including site cache or mirror site).
You are harming him! Best Regards, Richard -----Original Message----- From: dev-security-policy [mailto:dev-security-policy-bounces+richard=wosign....@lists.mozilla.org] On Behalf Of Percy Sent: Friday, September 2, 2016 2:23 PM To: mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: Incidents involving the CA WoSign On Thursday, September 1, 2016 at 11:01:08 PM UTC-7, Richard Wang wrote: > OK I try to say some that I wish I don't violate my company confidential > policy. > > 1. Eddy told me that this guy is the former employee of StartCom, he violates > the signed NDA that he must shutdown the site within the limit time. Every > re-distribution the wrong information will heavy his penalty (including site > cache or mirror site). I am sure every company don't like its former > employee to expose company's confidential information. > NDA only applies for information that's privileged. The content here https://archive.is/8bSp6 can be obtained all from public sources, hence exempted from NDA. In case WoSign tries to send take down request to Achieve.is, I mirrored the content on pastebin too http://pastebin.com/hiKxmGMH Good luck taking that down. > 2. WoSign invested in 5 companies worldwide including in North America, > Europe and Asia (China), but my company is a private company that no any > liability to expose everything that we don't like to expose. And Mozilla also > don't have the policy that every CA must expose its shareholder and director. > Sure, your company is a private company. But the public doesn't have an obligation to trust you either. > 3. Please don't bind WoSign incident problem with StartCom, it is two > independent company that one registered in China and one located in Israel. > StartCom and WoSign have maintained a business relationship for many years > since 2011 when WoSign startup CA business. And WoSign root is cross signed > by StartCom root due to the problem that root inclusion took long time. > Two independent companies that share the same infrastructure, director and user trust according to https://archive.is/8bSp6 , doesn't look very independent to me. > > Best Regards, > > Richard > > -----Original Message----- > From: dev-security-policy > [mailto:dev-security-policy-bounces+richard=wosign.com@lists.mozilla.o > rg] On Behalf Of Peter Gutmann > Sent: Friday, September 2, 2016 11:59 AM > To: Vincent Lynch <vtly...@gmail.com>; > mozilla-dev-security-pol...@lists.mozilla.org > Subject: RE: Incidents involving the CA WoSign > > Vincent Lynch <vtly...@gmail.com> writes: > > >I think Eddy Nigg (founder of StartCom) and/or Richard Wang (of > >WoSign) should make a statement about this. > > +1. I'd already asked for something like this earlier and got silence > +as a > response, which isn't inspiring confidence. > > Peter. > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy