If you made a promise to close it "due to some security consideration", then you don't have the right to just enable and disable it at will, or disable it at one channel but not another channel, which ultimately has the same security if WoSign is doing the validation.
On Sunday, December 11, 2016 at 12:27:46 AM UTC-8, Richard Wang wrote: > As I said, we have the right to keep it or close it at any time. > > > Best Regards, > > Richard > > > On 11 Dec 2016, at 12:47, Percy <percyal...@gmail.com> wrote: > > > >> On Saturday, December 10, 2016 at 8:29:29 PM UTC-8, Richard Wang wrote: > >> Our promise is close the free SSL application in our own website: > >> buy.wosign.com. > >> > >> And now we closed it in our PKI side. > >> > >> > >> Best Regards, > >> > >> Richard > >> > >>>> On 9 Dec 2016, at 04:17, Gervase Markham <g...@mozilla.org> wrote: > >>>> > >>>> On 05/12/16 13:41, Richard Wang wrote: > >>>> We checked our system, this order is from one of the reseller. We > >>>> have many resellers that used the API, we noticed all resellers to > >>>> close the free SSL, but they need some time to update the system. > >>> > >>> More than two months? > >>> > >>> Has this reseller given a timeline by which they expect to have ceased > >>> to use the API? > >>> > >>>> The > >>>> most important thing is this certificate is issued by proper way that > >>>> this subscriber finished the domain validation, so this is not a > >>>> mis-issuance, not "deceiving". > >>> > >>> This is narrowly true, from a Mozilla perspective. Mozilla has not > >>> required that WoSign stop issuing certificates. We have just said that > >>> we no longer trust them. Of course, I don't know what commitments WoSign > >>> has made to other root stores. And indeed, no-one has suggested that > >>> this certificate is mis-issued from a domain validation perspective. > >>> > >>> There is an issue relating to the difference between WoSign's public > >>> statement on their website that they have ceased free SSL issuance, and > >>> the reality that they have not. We expect CAs who make public statements > >>> about their actions to abide by those statements. > >>> > >>> Gerv > > Sorry. You just said there is no deadline? Which is it? > > > > ----- > > > > Sorry, we don't have deadline. > > And no plan to close it in PKI side, we keep the right to active it at any > > time, and we can issue this free SSL certificate for subscribers at any > > time if customers need it. > > > > _______________________________________________ > > dev-security-policy mailing list > > dev-security-policy@lists.mozilla.org > > https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
