On 02/09/16 18:00, Andrew Ayer wrote:
> I don't think relying on the notBefore date is a viable option.
> WoSign seems to have such a poor handle on their operations that I
> think it would be inevitable that someone would find a certificate in
> the wild with a notBefore date in the past that had
On Sat, Sep 03, 2016 at 11:45:21AM +0200, Kurt Roeckx wrote:
> On Sat, Sep 03, 2016 at 09:29:45AM +0100, Gervase Markham wrote:
> > On 02/09/16 16:21, Peter Bowen wrote:
> > > It seems then there is a newly exposed bug.
> > >
Andy, are you from the UK office? Can you explain why your office in UK
fails to identify even the most obvious mistakes on the StartCom website as
outlined in
http://www.percya.com/2016/09/startcom-operated-solely-in-china.html ?
E.g
Start to sell, make big money!
Setup your own website, start
You are completely wrong!
StartCom not only have office in Israel and in China, but also have
office in UK, welcome to visit our UK office: T05, Castlemead, Lower
Castle Street, Bristol, BS1 3AG, UK.
And We will setup office in Bilbao, Spain in this month, Inigo Barreia
is the general
Yeah, their entire website is designed and implemented by someone in China. See
my analysis here
http://www.percya.com/2016/09/startcom-operated-solely-in-china.html
On Thursday, August 25, 2016 at 10:11:21 AM UTC-7, rugk wrote:
> Hi,
> I stumbled across this service by StartCom:
>
Trust me, the disclosure was not buried, and the factual details are being
sorted. However, it would be better for the tone and focus of the thread that
we make sure to focus on the factual elements, which, as you note, can be
publicly obtained easily, than to try to imply there's something
Richard,
Can you also please check the following two certificates? It looks
like they were missed when logging all the 2015 certs.
https://www.censys.io/certificates/c04748c89de2bf73d56b601cf61db32953dfeca5ef62e0281d326c4ce9035fe2
Based on the disclosure WoSign/StartCom is trying to bury, WoSign CEO is now
also in control of StartCom. Hence, the actively misleading information spread
by him should be taken into consideration when talking about StartCom as well.
___
On Sat, Sep 03, 2016 at 01:26:51PM -0700, Percy wrote:
> 1.WoSign actively mislead users in marketing emails.
As much as the inaccuracies and misleading statements in WoSign's marketing
materials rub me the wrong way, too, if we were to start pulling the roots
of CAs for lying in their marketing,
On Sat, Sep 03, 2016 at 02:18:44PM -0700, Peter Bowen wrote:
> Can you also please check the following two certificates? It looks
> like they were missed when logging all the 2015 certs.
>
> https://www.censys.io/certificates/c04748c89de2bf73d56b601cf61db32953dfeca5ef62e0281d326c4ce9035fe2
>
Hi Percy,
This does not seem to be a useful or productive contribution to the community
discussion. Whether or not a given CA uses English as a first language, or has
translation issues, should not be part of the calculus of trustworthiness. The
actions, however, are far more relevant and
Sorry, I am busy with incident report that up to 20 pages.
It will be released soon today.
Two reports: one for the incident 0-2, another one is for incident X including
you point out one.
Best Regards,
Richard
-Original Message-
From: Peter Bowen [mailto:pzbo...@gmail.com]
Sent:
Ryan,
I agree completely that we shouldn't imply fundamental guilt by
association. However, WoSign threatened legal actions against Itzhak
Daniel's disclosure compiled purely from public sources. I just want to
make sure the disclosure was not buried after the content was taken down.
Richard, the
Date: Sat, 3 Sep 2016 01:45:48 +0200
From: Patrick Figel
Subject: Re: Sanctions short of distrust
On 03/09/16 01:15, Matt Palmer wrote:
On Fri, Sep 02, 2016 at 03:48:13PM -0700, John Nagle wrote:
On 09/02/2016 01:04 PM, Patrick Figel wrote:
On 02/09/16 21:14, John Nagle
On Sat, Sep 03, 2016 at 10:54:26PM +0200, Kurt Roeckx wrote:
> I see no problem with StartCom or WoSign being owned by the same
> person.
I didn't, either, until they started throwing around legal threats to bury
the fact that there was common ownership, and trying to use threats against
the
It is posted, just Peter not find it that I told him the Log id.
We are also checking system again to double check if we missed some.
Please be patient for our full 20 pages report, thanks,
Regards,
Richard
> On 4 Sep 2016, at 12:12, Matt Palmer wrote:
>
>> On Sat,
On Thu, Sep 1, 2016 at 9:00 AM, Ryan Sleevi wrote:
> On Wed, August 31, 2016 10:09 pm, Richard Wang wrote:
>> Thanks for your so detail instruction.
>> Yes, we are improved. The two case is happened in 2015 and the mis-issued
>> certificate period is only 5 months that we
This is another case that we will include it in our report.
We issued two test cert using SM2 algorithm that used the same serial number as
the RSA cert (same subject) to test if we can setup a gateway that install this
two type cert, it can shake hand automatically using different cert based on
I did an analysis of the new StartCom website and determined that it was
designed and implemented solely in China.
http://www.percya.com/2016/09/startcom-operated-solely-in-china.html I'm
further concerned with the security of "StartResell - Setup your own website,
start to sell your brand
On Sat, Sep 03, 2016 at 09:29:45AM +0100, Gervase Markham wrote:
> On 02/09/16 16:21, Peter Bowen wrote:
> > It seems then there is a newly exposed bug.
> > https://www.censys.io/certificates/e2665bb07940b5bee73145f47c99dcf5781edbe9d78f9cada8f1d702d5e340ad
> > shows a certificate issued by your CA
On 02/09/16 16:21, Peter Bowen wrote:
> It seems then there is a newly exposed bug.
> https://www.censys.io/certificates/e2665bb07940b5bee73145f47c99dcf5781edbe9d78f9cada8f1d702d5e340ad
> shows a certificate issued by your CA that has a notBefore in March
> 2015. It does not appear in the CT log.
21 matches
Mail list logo