Well, based on the previous deception of WoSign before, during and after 
Mozilla's investigation, I'm not remotely surprised to see this. 


On Friday, December 16, 2016 at 10:18:27 AM UTC-8, tde...@gmail.com wrote:
> It seams that wosign has registered the domains letsencrypt.cn and 
> letsencrypt.com.cn in 2014 after the public announce of Let's Encrypt :
> 
> whois letsencrypt.cn
> Domain Name: letsencrypt.cn
> ROID: 20141120s10001s72911711-cn
> Domain Status: clientTransferProhibited
> Registrant ID: k35-n2041486_00
> Registrant: 深圳市沃通电子商务服务有限公司
> Registrant Contact Email: d...@wosign.com
> Sponsoring Registrar: 厦门三五互联科技股份有限公司
> Name Server: ns3.dns-diy.com
> Name Server: ns4.dns-diy.com
> Registration Time: 2014-11-20 09:57:27
> Expiration Time: 2017-11-20 09:57:27
> DNSSEC: unsigned
> 
> whois letsencrypt.com.cn
> Domain Name: letsencrypt.com.cn
> ROID: 20141120s10011s84227837-cn
> Domain Status: clientTransferProhibited
> Registrant ID: k35-n2041486_00
> Registrant: 深圳市沃通电子商务服务有限公司
> Registrant Contact Email: d...@wosign.com
> Sponsoring Registrar: 厦门三五互联科技股份有限公司
> Name Server: ns3.dns-diy.com
> Name Server: ns4.dns-diy.com
> Registration Time: 2014-11-20 09:57:28
> Expiration Time: 2017-11-20 09:57:28
> 
> Let's Encrypt was announced publicly on November 18, 2014 ( 
> http://www.crn.com/news/cloud/300074840/lets-encrypt-a-free-and-automated-certificate-authority-comes-out-of-stealth-mode.htm
>  ). That domain appear to be registered two days after.
> 
> Certificate authorities are about trust. I don't feel comfortable about a CA 
> registering a domain matching the name of another CA. What is the position of 
> Mozilla about that?
> Maybe Let's Encrypt or wosign have more information about these domains?
> 
> https://community.letsencrypt.org/t/letsencrypt-cn-and-letsencrypt-com-cn-was-registered-by-wosign/23786
> 
> Other relevant thread: Comodo Legal Phishing attack against ISRG?
> https://groups.google.com/d/msg/mozilla.dev.security.policy/n-8kcrSuhjg/WKj-PAI2BgAJ

_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to