Dear all,
This email is the formal reply from WoSign for this 3 incidents.
First, thank you all very much to help WoSign to improve our system security
that helped the global Internet security. And I am very sorry deeply for the
related 33 misissuance certificates subscribers that we like to o
On Monday, August 29, 2016 at 12:08:36 PM UTC-4, mar...@marcan.st wrote:
> On Monday, August 29, 2016 at 5:41:06 PM UTC+9, Gervase Markham wrote:
> > On 29/08/16 05:46, Richard Wang wrote:
> > > For incident 1 - mis-issued certificate with un-validated subdomain,
> > > total 33 certificates. We hav
If I understand correctly, these 105 certificates are all mis-issued using the
incorrect policies of either (0) website control validation with higher port
numbers, or (1) parent domain-name verification by demonstrating control of a
subdomain.
It is unclear why, given the fact that incorrect v
We classified this 33 misissuance certificate into two types: one type is we
think this misissuance certificate is obviously not from the domain owner, we
revoked this type certificates instantly after we know the misissuance
Your statement is contradicted by the fact that the other two mis-
https://crt.sh is down. Maybe someone can check with comodo to see whether they
got DDOSed?
Here are the Google CT for the possibly mis-issued certs mentioned in this
thread. It would be a lot harder to take down the Google CT.
Possible fake cert for Github
https://www.google.com/transparenc
On 30/08/16 18:45, Percy wrote:
https://crt.sh is down. Maybe someone can check with comodo to see whether they
got DDOSed?
Sorry about that. crt.sh is back up now.
It wasn't a DDOS attack.
Every so often something goes awry with the database replication
(between crt.sh's master database a
1. All certs are revoked in time, please check our CRL;
2. WoSign logged all SSL cert since July 5th;
3. I know you are Chinese with good English, welcome to join WoSign, we need
good talent like you.
Regards,
Richard
> On 31 Aug 2016, at 01:33, Percy wrote:
>
> We classified this 33 misiss
On 8/26/16 4:36 PM, Kathleen Wilson wrote:
We've added two columns to the Revoked Intermediate CA Certificates
reports that are available here:
https://wiki.mozilla.org/CA:RevokedSubCAcerts
The reports are:
https://mozillacaprogram.secure.force.com/CA/PublicIntermediateCertsRevoked
and
https://m
On Tuesday, 30 August 2016 16:19:18 UTC+1, dymu...@gmail.com wrote:
> It is interesting that WoSign followed the redirect. I suppose it is assumed
> that with a 301 permanent redirect that the new domain is controlled by the
> same person, but that seems a bit sketchy.
Hmm. I think that if ther
On Wed, Aug 24, 2016 at 6:08 AM, Gervase Markham wrote:
> Dear m.d.s.policy,
>
> Several incidents have come to our attention involving the CA "WoSign".
> Mozilla is considering what action it should take in response to these
> incidents. This email sets out our understanding of the situation.
>
>
Wosign indirectly bought StartSSL, https://www.letsphish.org
On Monday, August 29, 2016 at 11:27:59 AM UTC+3, Gervase Markham wrote:
> If WoSign are hosting StartCom's infra, it still leaves open the
> question of why StartCom are deploying code that WoSign are no longer
> using, and haven't for
In reviewing the Certificate Transparency logs, I noticed the StartCom
has issued multiple certificates with identical serial numbers and
identical issuer names.
https://crt.sh/?serial=14DCA8 (2014-12-07)
https://crt.sh/?serial=04FF5D653668DB (2015-01-05)
https://crt.sh/?serial=052D14BA553ED0 (201
This case is in the BR report:
https://cert.webtrust.org/SealFile?seal=2019&file=pdf
Thanks.
Best Regards,
Richard
-Original Message-
From: Peter Bowen [mailto:pzbo...@gmail.com]
Sent: Wednesday, August 31, 2016 10:45 AM
To: Gervase Markham
Cc: mozilla-dev-security-pol...@lists.mozil
13 matches
Mail list logo
