WoSign totally issued 230K SSL certificates till now for worldwide websites
about 208 countries and regions.
>
> If browser vendors/root stores move to distrust WoSign, all of these certs
> would be invalidated. We know that a number of sites within the Alexa Top 1M
> are (intentionally) usin
Thanks for your so detail instruction.
Yes, we are improved. The two case is happened in 2015 and the mis-issued
certificate period is only 5 months that we fixed 3 big bugs during the 5
months.
For CT, we will improve the posting system.
Regards,
Richard
> On 1 Sep 2016, at 12:44, Ryan Sleevi
On Wednesday, August 31, 2016 at 8:05:57 PM UTC-7, Richard Wang wrote:
> First, please treat WoSign as a global trusted CA, DON'T stamp as China CA.
> We need a fair treatment as other worldwide CAs that I am sure WoSign is not
> the first CA that have incident and not the serious one;
I would h
Fair enough, thank you, Ryan.
This is my last formal statement for this issue that I am tired of this
argument, I need to go to hospital now :-).
First, please treat WoSign as a global trusted CA, DON'T stamp as China CA. We
need a fair treatment as other worldwide CAs that I am sure WoSign is
What about our existing SSL server certs, which are still valid until 31
Dec 2016? Majority of those cert. subscribers are offering government
and public services to residents of Hong Kong. And I believe the impact
to residents of Hong Kong will be huge when the browser suddenly prompt
a warning of
On Wed, Aug 31, 2016 at 07:57:02PM +0300, Eddy Nigg wrote:
> On 08/31/2016 03:19 PM, Matt Palmer wrote:
> >That bug appears to pre-date *all* of the certificates listed above.
> >Further, the last communication on that bug (2014-09-22), from Eddy Nigg
> >(of StartCom), said:
> >>It's a hard and sof
On Wednesday, 31 August 2016 19:32:43 UTC+1, Kathleen Wilson wrote:
> Thanks to all of you who have provided thoughtful and constructive input into
> this discussion.
>
> I have filed https://bugzilla.mozilla.org/show_bug.cgi?id=1299579 to request
> that the "Hongkong Post e-Cert CA 1 - 10" int
A recurring theme of m.d.s.policy is that a CA behaves in a way that falls
short, sometimes far short of the reasonable expectations of relying parties
and yet in the end Mozilla doesn't end up distrusting that CA because of the
direct impact on relying parties, the indirect impact on subscriber
Thanks to all of you who have provided thoughtful and constructive input into
this discussion.
I have filed https://bugzilla.mozilla.org/show_bug.cgi?id=1299579 to request
that the "Hongkong Post e-Cert CA 1 - 10" intermediate cert be added to OneCRL.
See the bug for further details.
Kathleen
On Wednesday, August 31, 2016 at 10:07:19 AM UTC-7, watso...@gmail.com wrote:
> Dear Richard,
>
> It's clear WoSign has continuing compliance issues with CA/Browser forum
> rules, and has repeatedly failed to correct them. Furthermore there has been
> lots of questions about what it would take t
On Tuesday, August 30, 2016 at 1:03:57 AM UTC+2, Percy wrote:
> "Some certificates are revoked after getting report from subscriber, but some
> still valid, if any subscriber think it must be revoked and replaced new one,
> please contact us in the system, thanks"
>
> WoSign seems to lack the ba
On Tuesday, August 30, 2016 at 8:07:49 PM UTC-7, Richard Wang wrote:
> This case is in the BR report:
> https://cert.webtrust.org/SealFile?seal=2019&file=pdf
>
> Thanks.
>
> Best Regards,
>
> Richard
>
Dear Richard,
It's clear WoSign has continuing compliance issues with CA/Browser forum rul
As an admin I want to check the WoSign Issuer Policy provided by their "WoSign
CA Free SSL Certificate G2" certificate.
Issuer Policy is linked to http://www.wosign.com/policy/
This page shows the source code instead of actual policy.
<% Dim strAcceptLanguage
strAcceptLanguage=Request.ServerVar
On 08/31/2016 03:19 PM, Matt Palmer wrote:
That bug appears to pre-date *all* of the certificates listed above.
Further, the last communication on that bug (2014-09-22), from Eddy
Nigg (of StartCom), said:
It's a hard and software related capacity issue of the queue managing the
certificates an
On 24/08/16 14:08, Gervase Markham wrote:
> * The issuance of certificates using SHA-1 has been banned by the
> Baseline Requirements since January 1st, 2016. Browsers, including
> Firefox, planned to enforce this[2] by not trusting certs with a
> notBefore date after that date, but in the case of
Repost to the same subject.
Regards,
Richard
> On 30 Aug 2016, at 15:11, Richard Wang wrote:
>
> Dear all,
>
> This email is the formal reply from WoSign for this 3 incidents.
>
> First, thank you all very much to help WoSign to improve our system security
> that helped the global Internet
To the policymakers at Mozilla, my name is Samuel Pinder.
I consider myself an computer network analyst and have a degree in Web Systems
Development. I also host a small number of websites on a technical level. I
have used Startcom's services for a number of years. I only recently came
across Wo
On Wed, Aug 31, 2016 at 09:29:20AM +0200, Kurt Roeckx wrote:
> On 2016-08-31 04:56, Peter Bowen wrote:
> >In reviewing the Certificate Transparency logs, I noticed the StartCom
> >has issued multiple certificates with identical serial numbers and
> >identical issuer names.
> >
> >https://crt.sh/?se
On 29/08/16 22:53, Percy wrote:
> Gerv, I've notified the security team in Alibaba about this possible fake
> cert and ask them to confirm that they have not applied a cert.
> It's unlikely that Alibaba will use a free cert from WoSign. As a commercial
> site, they usually use Verisign or global
itk98...@gmail.com writes:
>Wosign indirectly bought StartSSL, https://www.letsphish.org
Has there been any independent investigation into this? We know that CAs are
bought and sold like baseball trading cards, but it's usually done publicly
and freely acknowledged, whereas this one seems to ha
On Tuesday, August 30, 2016 at 7:47:43 PM UTC-7, itk9...@gmail.com wrote:
> Wosign indirectly bought StartSSL, https://www.letsphish.org
Ha! It makes so much sense now why StartEncrypt is such a
catastrophe(https://www.google.com/search?q=StartEncrypt). I've revoked all
StarCom certs in my OS.
On 2016-08-31 04:56, Peter Bowen wrote:
In reviewing the Certificate Transparency logs, I noticed the StartCom
has issued multiple certificates with identical serial numbers and
identical issuer names.
https://crt.sh/?serial=14DCA8 (2014-12-07)
https://crt.sh/?serial=04FF5D653668DB (2015-01-05)
On 08/31/2016 05:56 AM, Peter Bowen wrote:
In reviewing the Certificate Transparency logs, I noticed the StartCom
has issued multiple certificates with identical serial numbers and
identical issuer names.
https://crt.sh/?serial=14DCA8 (2014-12-07)
https://crt.sh/?serial=04FF5D653668DB (2015-01-0
23 matches
Mail list logo