On Saturday, December 10, 2016 at 8:29:29 PM UTC-8, Richard Wang wrote: > Our promise is close the free SSL application in our own website: > buy.wosign.com. > > And now we closed it in our PKI side. > > > Best Regards, > > Richard > > > On 9 Dec 2016, at 04:17, Gervase Markham <g...@mozilla.org> wrote: > > > >> On 05/12/16 13:41, Richard Wang wrote: > >> We checked our system, this order is from one of the reseller. We > >> have many resellers that used the API, we noticed all resellers to > >> close the free SSL, but they need some time to update the system. > > > > More than two months? > > > > Has this reseller given a timeline by which they expect to have ceased > > to use the API? > > > >> The > >> most important thing is this certificate is issued by proper way that > >> this subscriber finished the domain validation, so this is not a > >> mis-issuance, not "deceiving". > > > > This is narrowly true, from a Mozilla perspective. Mozilla has not > > required that WoSign stop issuing certificates. We have just said that > > we no longer trust them. Of course, I don't know what commitments WoSign > > has made to other root stores. And indeed, no-one has suggested that > > this certificate is mis-issued from a domain validation perspective. > > > > There is an issue relating to the difference between WoSign's public > > statement on their website that they have ceased free SSL issuance, and > > the reality that they have not. We expect CAs who make public statements > > about their actions to abide by those statements. > > > > Gerv Sorry. You just said there is no deadline? Which is it?
----- Sorry, we don't have deadline. And no plan to close it in PKI side, we keep the right to active it at any time, and we can issue this free SSL certificate for subscribers at any time if customers need it. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
