Re: Termination of the certificates business of Startcom

[joachim.bauernberger--- via dev-security-policy]

I worked as Director of Engineering for an investor[1] who helped bootstrap 
StartCom. StartCom was back then the first successful firm from the 
Authenticity Institute portfolio. I joined Authenticity because I thought it 
could really shake up the certification industry.

I quit after 6 months when I learned that the equity based contracts were 
designed to scam the engineers that I hired. Also I dared to raise concerns 
over bringing StartCom founder Eddy Nigg back into the company for advise on 
how to build a sound infrastructure (fit for ETSI & WebTrust certification).

Management there has a thing for "hiring struggling entrepreneurs" and then 
phishing them for their ideas with promise of equity which is never paid out. 
There were also a range of other issues such as racist coworkers (which I fired 
in my first week) and a refusal from the founder to face up to these issues.

One applicant was made promises, then stalled on the contract and when she quit 
her original job was told on her first day of work that her salary negotiation 
hasn't even started. I was let go (or I quit with a bang depending who you ask) 
because I dared to point out they're all crooks.

I personally don't see how trust can every be implemented in systems when it is 
owned by a company which can be acquired with M and the same bad apples who 
cash out from projects are then investing in similar companies.

[1] https://en.wikipedia.org/wiki/Wes_Kussmaul


On Friday, November 17, 2017 at 11:26:36 AM UTC+1, 谭晓生 wrote:
> Dear all,
> 
> This is the Chairman of StartCom's board, Xiaosheng Tan. StartCom has 
> experienced a very difficult time in our re-inclusion process. Due to some 
> comments and decisions made by the Mozilla community, which are followed by 
> some other browsers, StartCom’s board made a difficult but final decision 
> after careful consideration. We will initiate the termination procedure of 
> the StartCom business. The liquidation procedure will begin and follow our 
> CPS and internal procedures. We´ll set January 1st 2018 as the termination 
> date and will stop issuing certificates therefrom. We will maintain our CRL 
> and OCSP service for two more years from January 1st 2018. The three pairs of 
> StartCom key Roots will be eliminated after that time.
> 
> On behalf of the StartCom’s board, I would like to thank Mozilla Community, 
> especially Gervase, for their positive influence on StartCom. Thanks for your 
> explicit decision making, so that we could know what to do in the next step 
> and no more detour. We really appreciate that.
> Also, Qihoo 360, even as the largest security company in China, is extremely 
> impressed by Cure53’s high efficient work.Thanks for Cure53’s top level 
> security audit, which made us realize that we still have room for improvement.
> There is no doubt that Inigo made an excellent work since we decided to let 
> him do the CEO job. His great experience helped StartCom save a lot of time 
> and money. Also, I would like to thank all the StartCom staff for their 
> excellent work during this tough time.
> 
> Yes, of course we will still contribute to Community and focus on security 
> research. During the last ten years, the 360 security research teams have 
> discovered hundreds of vulnerabilities in the major software companies and 
> earned many acknowledgments in the world. Qihoo 360 and the PKI community 
> share the same goal, which is making the internet a better place.
> 
> Thank you.
> 
> Best regards,
> Xiaosheng Tan
> 
> 
> 
> --
> Xiaosheng Tan Chief Security Officer
> Beijing Qihoo Technology Co.,Ltd (Qihoo 360)
> Mobile: +86 13911122339, +86 13311122339
> Email: tanxiaosh...@360.cn
> Web: www.360.cn
> Address: Bldg 2, 6 Haoyuan, JiuXianQiao Rd, ChaoYang Dist, Beijing, 100015

___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Termination of the certificates business of Startcom

[谭晓生 via dev-security-policy]

Dear all,

This is the Chairman of StartCom's board, Xiaosheng Tan. StartCom has 
experienced a very difficult time in our re-inclusion process. Due to some 
comments and decisions made by the Mozilla community, which are followed by 
some other browsers, StartCom’s board made a difficult but final decision after 
careful consideration. We will initiate the termination procedure of the 
StartCom business. The liquidation procedure will begin and follow our CPS and 
internal procedures. We´ll set January 1st 2018 as the termination date and 
will stop issuing certificates therefrom. We will maintain our CRL and OCSP 
service for two more years from January 1st 2018. The three pairs of StartCom 
key Roots will be eliminated after that time.

On behalf of the StartCom’s board, I would like to thank Mozilla Community, 
especially Gervase, for their positive influence on StartCom. Thanks for your 
explicit decision making, so that we could know what to do in the next step and 
no more detour. We really appreciate that.
Also, Qihoo 360, even as the largest security company in China, is extremely 
impressed by Cure53’s high efficient work.Thanks for Cure53’s top level 
security audit, which made us realize that we still have room for improvement.
There is no doubt that Inigo made an excellent work since we decided to let him 
do the CEO job. His great experience helped StartCom save a lot of time and 
money. Also, I would like to thank all the StartCom staff for their excellent 
work during this tough time.

Yes, of course we will still contribute to Community and focus on security 
research. During the last ten years, the 360 security research teams have 
discovered hundreds of vulnerabilities in the major software companies and 
earned many acknowledgments in the world. Qihoo 360 and the PKI community share 
the same goal, which is making the internet a better place.

Thank you.

Best regards,
Xiaosheng Tan



--
Xiaosheng Tan Chief Security Officer
Beijing Qihoo Technology Co.,Ltd (Qihoo 360)
Mobile: +86 13911122339, +86 13311122339
Email: tanxiaosh...@360.cn
Web: www.360.cn
Address: Bldg 2, 6 Haoyuan, JiuXianQiao Rd, ChaoYang Dist, Beijing, 100015


___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy