On 13 Nov 2016, at 10:08, Percy <percyal...@gmail.com> wrote:
> 
> I just found out that Apple doesn't limit "CA 沃通免费SSL证书 G2" intermediate CA 
> even though Apple limited "WoSign CA Free SSL Certificate G2" intermediate 
> CA. An example of site signed by"CA 沃通免费SSL证书 G2" intermediate CA  is 
> https://www.chelenet.com/
> 
> Those two intermediate certs are treated by WoSign the same way and the 
> translation of  "CA 沃通免费SSL证书 G2" is "WoSign CA Free SSL Certificate G2". 
> Users can select whether the end cert is signed by "CA 沃通免费SSL证书 G2" or 
> "WoSign CA Free SSL Certificate G2". All control measures are the same and 
> the only difference is the language for marketing reasons. 
> 
> Hence, because Apple has chose to blocked "WoSign CA Free SSL Certificate 
> G2", it makes sense to apply the same sanction on "CA 沃通免费SSL证书 G2", as 
> they're in all senses the same.

Hi Percy,

I’ve been following Apple’s security updates to determine when the announced 
block becomes active and how it is implemented. Using 10.11.6, with no updates 
available, it appears this block is not yet active for me. There are no errors 
when I try to visit https://inow.ua in Safari (https://crt.sh/?id=43120524 
appears to be the last certificate issued by "WoSign CA Free SSL Certificate 
G2” which is currently still in use). In the file 
/System/Library/Security/Certificates.bundle/Contents/Resources/Allowed.plist I 
only see two CINNIC roots listed.

Could you tell us what OS and version you used to determine that Apple has 
limited "WoSign CA Free SSL Certificate G2”?

Best regards,
Thijs Alkemade
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to