People here tend to bash WoSign/StartCom the whole time and make them guilty for nearly everthing, including the Lindbergh Kidnapping. I also do think people are actively searching for anything they can blame, and ignore/tolerate incidents of other CAs.
Am Freitag, 16. Dezember 2016 19:18:27 UTC+1 schrieb tde...@gmail.com: > It seams that wosign has registered the domains letsencrypt.cn and > letsencrypt.com.cn in 2014 after the public announce of Let's Encrypt : > > whois letsencrypt.cn > Domain Name: letsencrypt.cn > ROID: 20141120s10001s72911711-cn > Domain Status: clientTransferProhibited > Registrant ID: k35-n2041486_00 > Registrant: 深圳市沃通电子商务服务有限公司 > Registrant Contact Email: d...@wosign.com > Sponsoring Registrar: 厦门三五互联科技股份有限公司 > Name Server: ns3.dns-diy.com > Name Server: ns4.dns-diy.com > Registration Time: 2014-11-20 09:57:27 > Expiration Time: 2017-11-20 09:57:27 > DNSSEC: unsigned > > whois letsencrypt.com.cn > Domain Name: letsencrypt.com.cn > ROID: 20141120s10011s84227837-cn > Domain Status: clientTransferProhibited > Registrant ID: k35-n2041486_00 > Registrant: 深圳市沃通电子商务服务有限公司 > Registrant Contact Email: d...@wosign.com > Sponsoring Registrar: 厦门三五互联科技股份有限公司 > Name Server: ns3.dns-diy.com > Name Server: ns4.dns-diy.com > Registration Time: 2014-11-20 09:57:28 > Expiration Time: 2017-11-20 09:57:28 > > Let's Encrypt was announced publicly on November 18, 2014 ( > http://www.crn.com/news/cloud/300074840/lets-encrypt-a-free-and-automated-certificate-authority-comes-out-of-stealth-mode.htm > ). That domain appear to be registered two days after. > > Certificate authorities are about trust. I don't feel comfortable about a CA > registering a domain matching the name of another CA. What is the position of > Mozilla about that? > Maybe Let's Encrypt or wosign have more information about these domains? > > https://community.letsencrypt.org/t/letsencrypt-cn-and-letsencrypt-com-cn-was-registered-by-wosign/23786 > > Other relevant thread: Comodo Legal Phishing attack against ISRG? > https://groups.google.com/d/msg/mozilla.dev.security.policy/n-8kcrSuhjg/WKj-PAI2BgAJ _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
