I also said that the official website, ordering system, certificate management system are different and independent, which is the major cause of the bugs from technical perspective, that’s why Wosign suffered the incidents of bugs but StartCom haven’t. The validation team, customer care team and tech support team are also independent, that is important for the quality control for the business, that’s also the important reason that StartCom did well except the 2 backdated certificates that instructed by Richard Wang directly. StartCom as a CA for 17 years, contributed more or less to the industry and community, we do hired an in-proper person to manage the company and it have been fixed, fortunately, the ordering process, CMS process still keep the same with the original one of StartCom, we are changing the software soon, the time table will be released in this week. Please give a chance to StartCom.
Thanks, Xiaosheng Tan 在 2016/10/10 上午6:43,“dev-security-policy 代表 Percy”<dev-security-policy-bounces+tanxiaosheng=360...@lists.mozilla.org 代表 percyal...@gmail.com> 写入: Tan said, for StartCom and WoSign’s infrastructure, the PKI servers were/are shared, the CRL/OCSP, TSA code were cloned and the StartCom and WoSign shared the software development team. Also some management team are shared I assume since Richard Wang approved Tyro's backdated cert from StartCom. As we saw most problems discovered are either due to software development(issue F,H,L,N,V) or management (issue S,P,R). And those team were shared between WoSign and StartCom at the time of the incidents. Consequently, at the time of the incidents, they're the same entity with regards to those issues. So I agree with the opinion that " If their operations are, in the future, functionally separated, then they can be considered for reinclusion separately. However, for the purposes of what to do about them over *past* actions, when they were a single operational entity, their actions should be considered as such. " _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy