On 22/11/17 09:05, Gervase Markham wrote:
> We understand that WoTrus (WoSign changed their name some months ago)
> are working towards a re-application to join the Mozilla Root Program.
> Richard Wang recently asked us to approve a particular auditor as being
> suitable to audit their operations.
While it is to the benefit of everyone that Richard Wang and other employees at WoSign/WoTrus have learned valuable lessons over the past year, it seems to me that far too much damage has been done for Mozilla
+pa4=wotrus@lists.mozilla.org] On Behalf
Of Peter Kurrasch via dev-security-policy
Sent: Tuesday, November 28, 2017 11:50 PM
To: Danny 吴熠; mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: Possible future re-application from WoSign (now WoTrus)
Danny, can you please clarify your
Danny, can you please clarify your role? Are you a WoTrus employee and are you
speaking on behalf of Richard Wang?
Thanks.
Original Message
From: Danny 吴熠 via dev-security-policy
Sent: Monday, November 27, 2017 2:39 AM
Dear Gerv, Kethleen, other community friends,
First, thanks for Gerv
On Mon, Nov 27, 2017 at 3:07 PM, adisor19--- via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
>
> After seeing the forced shutdown of StartCom, I see no reason to allow
> them back in. Richard Wang is back in his role as CEO and everything is
> back to square one except all
On Wednesday, November 22, 2017 at 4:06:26 AM UTC-5, Gervase Markham wrote:
> We understand that WoTrus (WoSign changed their name some months ago)
> are working towards a re-application to join the Mozilla Root Program.
> Richard Wang recently asked us to approve a particular auditor as being
>
Possible future re-application from WoSign (now WoTrus)
We understand that WoTrus (WoSign changed their name some months ago) are
working towards a re-application to join the Mozilla Root Program.
Richard Wang recently asked us to approve a particular auditor as being
suitable to audit their op
compensation for our mistakes, and to serve the Internet
> security to regain public trust.
> We’d love to hear your feedback and we are trying to do better and better,
> thanks.
>
> Best Regards,
>
> WoTrus CA Limited
>
>
>
> -Original Message-
> F
Here it is also a question of a dangerous precedent. Should Mozilla always
forgive all bad CA in the future and take a formal approach to security?
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
y-policy
Sent: Wednesday, November 22, 2017 5:06 PM
To: mozilla-dev-security-pol...@lists.mozilla.org
Subject: Possible future re-application from WoSign (now WoTrus)
We understand that WoTrus (WoSign changed their name some months ago) are
working towards a re-application to join the Mozilla Root
security-policy
Sent: Wednesday, November 22, 2017 5:06 PM
To: mozilla-dev-security-pol...@lists.mozilla.org
Subject: Possible future re-application from WoSign (now WoTrus)
We understand that WoTrus (WoSign changed their name some months ago) are
working towards a re-application to join the Mozi
On Friday, November 24, 2017 at 5:36:20 PM UTC-6, Tom wrote:
> For information, WoSign/WoTrus can already sells WoSign-branded EV
> certificates accepted by major trusts stores, Mozilla's included.
>
> The intermediate certificate "WoSign EV SSL Pro CA" (
> https://crt.sh/?id=146206939 ) is
Nevertheless, WoTrus is (presumably) a commercial operation. Whoever owns that
organization bought or built it with an expectation of at least the possibility
of commercial success (profit). The organization's long term success requires
inclusion in major root programs.
For information,
On Friday, November 24, 2017 at 6:07:44 AM UTC-6, Gervase Markham wrote:
> While I do not want to make this discussion entirely about specific
> people, as Mozilla's investigator of the issues at the time I am
> satisfied that WoSign's actions at the time were taken with full
> knowledge - that
On 2017-11-22 21:10, Rob Stradling via dev-security-policy wrote:
> On 22/11/17 11:45, marcan via dev-security-policy wrote:
>> On 22/11/17 20:41, Tom via dev-security-policy wrote:
Although not listed in the Action plan in #1311824, it is noteworthy
that Richard Wang has apparently not
Hi,
I touched on my thoughts on this matter a bit before.
This is really about trust.
I think several factors must be weighed here:
1. Is "trust" really required of a CA in a soon-to-be
post-mandatory-CT-log world?
If some level of trust is required, then:
2. Can we say that the QiHoo 360
On Wed, Nov 22, 2017 at 11:16 AM, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
>
> Mozilla did not formally require this, but it is true that as far as we
>> can see, Richard Wang is still effectively in charge of WoSign/WoTrus.
>>
>>
> I think assessing and
On 22/11/2017 16:38, Gervase Markham wrote:
On 22/11/17 10:54, Jakob Bohm wrote:
Some notes about previously discussed items:
Mozilla is not suggesting that WoSign has completed all of the steps.
The entire point is that we want to have this pre-discussion before they
make the effort to do
On 22/11/17 11:41, Tom wrote:
> https://www.wosign.com/english/about.htm has been updated with the new
> name, WoTrus, and currently says "Richard Wang, CEO"
Richard stated to me at one point (I can't remember whether in person or
by email) that at the time of speaking, he was no longer CEO, and
FWIW my opinion:
I don't think there should be a lifetime or long term ban for people or
companies that have operated a bad CA in the past.
However I do believe that the way Wosign representatives on this list
acted in the past was often dishonest and highly problematic.
If Wosign continues to
On 22/11/2017 10:05, Gervase Markham wrote:
We understand that WoTrus (WoSign changed their name some months ago)
are working towards a re-application to join the Mozilla Root Program.
Richard Wang recently asked us to approve a particular auditor as being
suitable to audit their operations.
In
We understand that WoTrus (WoSign changed their name some months ago)
are working towards a re-application to join the Mozilla Root Program.
Richard Wang recently asked us to approve a particular auditor as being
suitable to audit their operations.
In the WoSign Action Items bug:
22 matches
Mail list logo