On Wednesday, August 31, 2016 at 8:05:57 PM UTC-7, Richard Wang wrote:
> First, please treat WoSign as a global trusted CA, DON'T stamp as China CA.
> We need a fair treatment as other worldwide CAs that I am sure WoSign is not
> the first CA that have incident and not the serious one;
I would
Fair enough, thank you, Ryan.
This is my last formal statement for this issue that I am tired of this
argument, I need to go to hospital now :-).
First, please treat WoSign as a global trusted CA, DON'T stamp as China CA. We
need a fair treatment as other worldwide CAs that I am sure WoSign is
What about our existing SSL server certs, which are still valid until 31
Dec 2016? Majority of those cert. subscribers are offering government
and public services to residents of Hong Kong. And I believe the impact
to residents of Hong Kong will be huge when the browser suddenly prompt
a warning
On Wed, Aug 31, 2016 at 07:57:02PM +0300, Eddy Nigg wrote:
> On 08/31/2016 03:19 PM, Matt Palmer wrote:
> >That bug appears to pre-date *all* of the certificates listed above.
> >Further, the last communication on that bug (2014-09-22), from Eddy Nigg
> >(of StartCom), said:
> >>It's a hard and
On Wednesday, 31 August 2016 19:32:43 UTC+1, Kathleen Wilson wrote:
> Thanks to all of you who have provided thoughtful and constructive input into
> this discussion.
>
> I have filed https://bugzilla.mozilla.org/show_bug.cgi?id=1299579 to request
> that the "Hongkong Post e-Cert CA 1 - 10"
A recurring theme of m.d.s.policy is that a CA behaves in a way that falls
short, sometimes far short of the reasonable expectations of relying parties
and yet in the end Mozilla doesn't end up distrusting that CA because of the
direct impact on relying parties, the indirect impact on
Thanks to all of you who have provided thoughtful and constructive input into
this discussion.
I have filed https://bugzilla.mozilla.org/show_bug.cgi?id=1299579 to request
that the "Hongkong Post e-Cert CA 1 - 10" intermediate cert be added to OneCRL.
See the bug for further details.
Kathleen
On Wednesday, August 31, 2016 at 10:07:19 AM UTC-7, watso...@gmail.com wrote:
> Dear Richard,
>
> It's clear WoSign has continuing compliance issues with CA/Browser forum
> rules, and has repeatedly failed to correct them. Furthermore there has been
> lots of questions about what it would take
On Tuesday, August 30, 2016 at 8:07:49 PM UTC-7, Richard Wang wrote:
> This case is in the BR report:
> https://cert.webtrust.org/SealFile?seal=2019=pdf
>
> Thanks.
>
> Best Regards,
>
> Richard
>
Dear Richard,
It's clear WoSign has continuing compliance issues with CA/Browser forum rules,
As an admin I want to check the WoSign Issuer Policy provided by their "WoSign
CA Free SSL Certificate G2" certificate.
Issuer Policy is linked to http://www.wosign.com/policy/
This page shows the source code instead of actual policy.
<% Dim strAcceptLanguage
On 24/08/16 14:08, Gervase Markham wrote:
> * The issuance of certificates using SHA-1 has been banned by the
> Baseline Requirements since January 1st, 2016. Browsers, including
> Firefox, planned to enforce this[2] by not trusting certs with a
> notBefore date after that date, but in the case of
Repost to the same subject.
Regards,
Richard
> On 30 Aug 2016, at 15:11, Richard Wang wrote:
>
> Dear all,
>
> This email is the formal reply from WoSign for this 3 incidents.
>
> First, thank you all very much to help WoSign to improve our system security
> that helped
To the policymakers at Mozilla, my name is Samuel Pinder.
I consider myself an computer network analyst and have a degree in Web Systems
Development. I also host a small number of websites on a technical level. I
have used Startcom's services for a number of years. I only recently came
across
On Wed, Aug 31, 2016 at 09:29:20AM +0200, Kurt Roeckx wrote:
> On 2016-08-31 04:56, Peter Bowen wrote:
> >In reviewing the Certificate Transparency logs, I noticed the StartCom
> >has issued multiple certificates with identical serial numbers and
> >identical issuer names.
> >
>
On 29/08/16 22:53, Percy wrote:
> Gerv, I've notified the security team in Alibaba about this possible fake
> cert and ask them to confirm that they have not applied a cert.
> It's unlikely that Alibaba will use a free cert from WoSign. As a commercial
> site, they usually use Verisign or
itk98...@gmail.com writes:
>Wosign indirectly bought StartSSL, https://www.letsphish.org
Has there been any independent investigation into this? We know that CAs are
bought and sold like baseball trading cards, but it's usually done publicly
and freely acknowledged, whereas
On Tuesday, August 30, 2016 at 7:47:43 PM UTC-7, itk9...@gmail.com wrote:
> Wosign indirectly bought StartSSL, https://www.letsphish.org
Ha! It makes so much sense now why StartEncrypt is such a
catastrophe(https://www.google.com/search?q=StartEncrypt). I've revoked all
StarCom certs in my OS.
On 2016-08-31 04:56, Peter Bowen wrote:
In reviewing the Certificate Transparency logs, I noticed the StartCom
has issued multiple certificates with identical serial numbers and
identical issuer names.
https://crt.sh/?serial=14DCA8 (2014-12-07)
https://crt.sh/?serial=04FF5D653668DB (2015-01-05)
On 08/31/2016 05:56 AM, Peter Bowen wrote:
In reviewing the Certificate Transparency logs, I noticed the StartCom
has issued multiple certificates with identical serial numbers and
identical issuer names.
https://crt.sh/?serial=14DCA8 (2014-12-07)
https://crt.sh/?serial=04FF5D653668DB
19 matches
Mail list logo