It is unfair that somebody attacked me in the WoSign sanction discussion, but
no body say any word for this! Why? Due to Ryan is famous person and I am
nobody?
Best Regards,
Richard Wang
On Sep 27, 2018, at 18:24, James Burton mailto:j...@0.me.uk>>
wrote:
Richard,
Your conduct is t
,是因为你代表谷歌浏览器,而谷歌浏览器严重影响Mozilla对所有CA有生杀大权。如果你离开谷歌,你将什么也不是,没有人会理会你的存在,也没有人会在意你说的话。所以下次不要在发言之前就声明不代表谷歌,废话哦!
你的短视把全球互联网安全带到了沟里,认为有SSL证书(https)就安全,许多假冒银行网站、假冒PayPal 网站都有Lets
Encrypt证书,谷歌浏览器显示为安全,完全误导了全球互联网用户,导致许多用户上当受骗和财产损失。已加密并不等于安全,安全不仅意味着需要加密,而且还需要告知用户此网站的真实身份,一个假冒银行网站加密有任何意义吗?没有并且更糟糕。
tiate WoSign issues email in M.D.S.P in Aug 24, 2016 -- Issue 0
(a.k.a. Issue L: Any Port (Jan - Apr 2015), Mozilla wrote:
"This problem was reported to Google, and thence to WoSign and resolved.
Mozilla only became aware of it recently.”
The FACT is Google Ryan Sleevi sent email to Richard Wang a
you for still remembering WoSign.
Best Regards,
Richard Wang
Original message
From: Ryan Sleevi via dev-security-policy
Received: 2018-09-26 14:48:28
To: Jeremy Rowley
Cc: mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: Google Trust Services Root Inclusion Request
from NSS
On Sunday, August 27, 2017 at 10:59:48 PM UTC-7, Richard Wang wrote:
> We released replacement notice in Chinese in our website:
> https://www.wosign.com/news/announcement-about-Microsoft-Action-20170809.htm
> https://www.wosign.com/news/announcement-about-Google-Action-201
We released replacement notice in Chinese in our website:
https://www.wosign.com/news/announcement-about-Microsoft-Action-20170809.htm
https://www.wosign.com/news/announcement-about-Google-Action-20170710.htm
https://www.wosign.com/news/announcement_about_Mozilla_Action_20161024.htm
And we have
Notice to WoSign customers:
This announcement is for WoSign old roots:
1) CN=CA 沃通根证书, O=WoSign CA Limited, C=CN
2) CN=Certification Authority of WoSign, O=WoSign CA Limited, C=CN
3) CN=Certification Authority of WoSign G2, O=WoSign CA Limited, C=CN
4) CN=CA WoSign ECC Root, O=WoSign CA Limited,
For adding Richard Wang back to StartCom UK director is for the completion
separation, this is a temporally adding as director for signing bank document
to change the bank signer person from Richard Wang to New CEO Inigo. It will be
removed soon once the bank signer change is done.
Mr. Jon Luk
Hi Peter,
Thanks for your guesses.
Buy no those issues in our system.
Best Regards,
Richard
-Original Message-
From: Peter Bowen [mailto:pzbo...@gmail.com]
Sent: Friday, July 14, 2017 8:55 AM
To: Richard Wang <rich...@wosign.com>
Cc: r...@sleevi.com; Jonathan Rudenberg
in #1 cannot pass #4. That's why working
with an auditor to do a readiness assessment in conjunction with or before the
security assessment can help ensure you can meet the BRs, and then ensure you
can meet them securely.
On Thu, Jul 13, 2017 at 11:04 AM, Richard Wang
<rich...@wosign.
y trusted CA.
On Wed, Jul 12, 2017 at 10:24 PM, Richard Wang
<rich...@wosign.com<mailto:rich...@wosign.com>> wrote:
Hi Ryan,
We got confirmation from Cure 53 that new system passed the full security
audit. Please contact Cure 53 directly to verify this, thanks.
We don't start the BR
;>
wrote:
On Tue, Jul 11, 2017 at 8:18 PM, Richard Wang
<rich...@wosign.com<mailto:rich...@wosign.com>> wrote:
Hi all,
Your reported BR issues is from StartCom, not WoSign, we don't use the new
system to issue any certificate now since the new root is not generated.
PLEASE DO N
olicy <dev-security-policy@lists.mozilla.org> wrote:
>>>
>>>> On Monday, 10 July 2017 08:55:38 UTC+2, Richard Wang wrote:
>>>>
>>>> Please note this email topic is just for releasing the news that WoSign
>> new system passed the security au
, 2017 at 9:00:04 AM UTC+3, Richard Wang wrote:
> " 5. Provide auditor[3] attestation that a full security audit of the CA’s
> issuing infrastructure has been successfully completed. "
> " [3] The auditor must be an external company, and approved by Mozilla. "
What
it very well -- PASS the full security audit.
And Richard Wang leading the RD team have done a good job for the new system
development and passed the security audit.
Best Regards,
Richard
-Original Message-
From: dev-security-policy
[mailto:dev-security-policy-bounces+richard=wosign..
The important thing is by the board of directors, the Company Legal
Representative is changed to Mr. Shi Xiaohong, VP of 360.
The daily operation thing is by COO.
Best Regards,
Richard
From: Eric Mill [mailto:e...@konklone.com]
Sent: Monday, July 10, 2017 10:12 AM
To: Richard Wang
of the document, what is Richard Wang current
official responsibility of Mr. Wang at WoSign?
According to the incident report, release on October 2016 [1], Mr. Wang was
suppose to be relieved of his duties as CEO, this is mentioned in 3 separate
paragraphs (P.17,P.25,P.26).
Links:
1. https
From: Ryan Sleevi [mailto:r...@sleevi.com]
Sent: Thursday, April 27, 2017 8:38 PM
To: Richard Wang <rich...@wosign.com>
Cc: Steve Medin <steve_me...@symantec.com>;
mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: Symantec Conclusions and Next Steps
Hi Richard,
On
I like to share the experience we suffered from distrust, it is disastrous for
CA and its customers to replace the certificate that exceed your imagination
that we are still working for this since October 2016 that nearly six months
now.
Due to the quantity of Symantec customers is more than
Qihoo 360 CSO Mr. Tan updated this in the recent CAB Forum meeting in USA : CEO
of WoSign is NA, Richard Wang is the COO.
Best Regards,
Richard
-Original Message-
From: dev-security-policy
[mailto:dev-security-policy-bounces+richard=wosign@lists.mozilla.org] On
Behalf Of urijah
To be transparent, WoSign are NOT "acquiring the HARICA root" that we NEVER
contact HARICA, and we don't think our brand is "tarnishing", we are working
hard to try to regain the trust and confidence in this community.
Best Regards,
Richard
-Original Message-
From:
-
From: Peter Bowen [mailto:pzbo...@gmail.com]
Sent: Friday, March 10, 2017 2:16 PM
To: Richard Wang <rich...@wosign.com>
Cc: Ryan Sleevi <r...@sleevi.com>; Gervase Markham <g...@mozilla.org>;
mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: Google Trust Services roots
O
Clear, thanks.
Best Regards,
Richard
> On 9 Mar 2017, at 22:05, Gervase Markham via dev-security-policy
> <dev-security-policy@lists.mozilla.org> wrote:
>
>> On 09/03/17 12:38, Richard Wang wrote:
>> As my understanding, if WoSign buy an trusted EV enabled ro
ase Markham <g...@mozilla.org> wrote:
>
>> On 09/03/17 02:15, Richard Wang wrote:
>> So the policy can make clear that the root key transfer can't
>> transfer the EV OID, the receiver must use its own EV policy OID for
>> its EV SSL, the receiver can't use the trans
...@gmail.com]
Sent: Thursday, March 9, 2017 1:11 PM
To: Richard Wang <rich...@wosign.com>
Cc: Ryan Sleevi <r...@sleevi.com>; Gervase Markham <g...@mozilla.org>;
mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: Google Trust Services roots
Richard,
I'm afraid a few things are con
, not by Symantec.
Best Regards,
Richard
From: Ryan Sleevi [mailto:r...@sleevi.com]
Sent: Thursday, March 9, 2017 12:21 PM
To: Gervase Markham <g...@mozilla.org>; Richard Wang <rich...@wosign.com>; Ryan
Sleevi <r...@sleevi.com>; mozilla-dev-security-pol...@lists.mozilla.org
S
this EV OID for its own EV SSL, Google must use its own EV OID
for its EV SSL.
So, no EV OID transfer issue for root key transfer.
Best Regards,
Richard
From: Ryan Sleevi [mailto:r...@sleevi.com]
Sent: Thursday, March 9, 2017 11:14 AM
To: Gervase Markham <g...@mozilla.org>;
As I understand, the EV SSL have two policy OID, one is the CABF EV OID,
another one is the CA's EV OID, so the root key transfer doesn't have the EV
OID transfer case, CA can't transfer its own EV OID to other CA exception the
CA is full acquired.
So the policy can make clear that the root
Sorry, I posted an old news that I just saw it.
Please ignore it.
Best Regards,
Richard
> On 6 Mar 2017, at 21:45, Richard Wang via dev-security-policy
> <dev-security-policy@lists.mozilla.org> wrote:
>
> Pwn2Own 2016: Chinese Researcher Hacks Google Chrome within
Pwn2Own 2016: Chinese Researcher Hacks Google Chrome within 11 minutes
http://www.prnewswire.com/news-releases/pwn2own-2016-chinese-researcher-hacks-google-chrome-within-11-minutes-300237705.html
Best Regards,
Richard
___
dev-security-policy mailing
Palmer via dev-security-policy
Sent: Friday, February 24, 2017 10:35 AM
To: dev-security-policy@lists.mozilla.org
Subject: Re: Let's Encrypt appears to issue a certificate for a domain that
doesn't exist
On Fri, Feb 24, 2017 at 01:12:38AM +, Richard Wang via
dev-security-policy wrote:
> I
] On
Behalf Of Gervase Markham via dev-security-policy
Sent: Friday, February 24, 2017 2:13 AM
To: mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: Let's Encrypt appears to issue a certificate for a domain that
doesn't exist
On 22/02/17 17:08, Richard Wang wrote:
> I think "apple-
nt: Thursday, February 23, 2017 11:53 AM
To: Richard Wang <rich...@wosign.com>
Cc: r...@sleevi.com; mozilla-dev-security-pol...@lists.mozilla.org; Tony
Zhaocheng Tan <t...@tonytan.io>; Gervase Markham <g...@mozilla.org>
Subject: Re: Let's Encrypt appears to issue a certificate for a d
that such requests are properly verified under these Requirements.”
Please clarify this request, thanks.
Best Regards,
Richard
From: Ryan Sleevi [mailto:r...@sleevi.com]
Sent: Thursday, February 23, 2017 11:21 AM
To: Richard Wang <rich...@wosign.com>
Cc: Gervase Markham <g...@mo
I think "apple-id-2.com" is a high risk domain that must be blocked to issue DV
SSL to those domains.
Here is the list of some high risk domains related to Microsoft and Google that
Let's Encrypt issued DV SSL certificates to those domains:
https://crt.sh/?id=77034583 for
Check the SSL Labs test:
https://www.ssllabs.com/ssltest/analyze.html?d=hmrcset.trustis.com, rate F that
even enabled SSL v2.
Best Regards,
Richard
On 16 Feb 2017, at 19:04, Nick Lamb via dev-security-policy
I think Mozilla should have a very clear policy for:
(1) If a company that not a public trusted CA acquired a trusted root key,
what the company must do?
(2) If a company is a public trusted CA that acquired a trusted root key, what
the company must do?
(3) If a company is a public trusted CA,
I can't see this sentence
" I highlight this because we (the community) see the occasional remark like
this; most commonly, it's directed at organizations in particular countries, on
the basis that we shouldn't trust "them" because they're in one of "those
countries". However, the Mozilla
The nest.com certificate subject is:
CN = www.nest.com
O = Google Inc
L = Mountain View
S = California
C = US
This means this website owned by Google Inc. Right?
Best Regards,
Richard
-Original Message-
From: dev-security-policy
In this case, no any CA named as letsencrypt similar name, and no any CA want
to impersonate, most CA program require the root CA have a unique friendly
name in the CA program.
Best Regards,
Richard
-Original Message-
From: dev-security-policy
interaction about it and we're happy to hear that
Richard would like to help us out by transferring the domains.
Thanks Richard, I'll be in touch.
On Sunday, December 18, 2016 at 7:45:16 PM UTC-6, Richard Wang wrote:
> I wish everyone can talk about this case friendly and equally.
>
> I
I wish everyone can talk about this case friendly and equally.
It is very common that everyone can register any domain based on the first come
and first service rule.
We know Let's Encrypt is released after the public announcement, but two day
later, its .cn domain is still not registered, I
You are right, you have done the test same as my test, this don't mean you own
our intermediate CA root key.
For CSR, yes, our system doesn't validate the CSR self-signature. We think it
is better to validate it, so we will update our system to validate it soon.
For this test certificate
or disable it
at one channel but not another channel, which ultimately has the same security
if WoSign is doing the validation.
On Sunday, December 11, 2016 at 12:27:46 AM UTC-8, Richard Wang wrote:
> As I said, we have the right to keep it or close it at any time.
>
>
> Bes
As I said, we have the right to keep it or close it at any time.
Best Regards,
Richard
> On 11 Dec 2016, at 12:47, Percy <percyal...@gmail.com> wrote:
>
>> On Saturday, December 10, 2016 at 8:29:29 PM UTC-8, Richard Wang wrote:
>> Our promise is close the free SS
Our promise is close the free SSL application in our own website:
buy.wosign.com.
And now we closed it in our PKI side.
Best Regards,
Richard
> On 9 Dec 2016, at 04:17, Gervase Markham <g...@mozilla.org> wrote:
>
>> On 05/12/16 13:41, Richard Wang wrote:
>> We checke
As I said before, you finished the domain validation.
This is DV SSL that no need to do the manual validation.
Best Regards,
Richard
> On 10 Dec 2016, at 09:33, "zbw...@gmail.com" wrote:
>
> 在 2016年12月6日星期二 UTC+8上午6:50:04,Percy写道:
>> lslqtz,
>> How did you obtain this
s will be issued, via wosign, resellers, no any other
> method?
>
>> On Monday, December 5, 2016 at 3:43:35 PM UTC-8, Richard Wang wrote:
>> We checked our system, this order is from one of the reseller. We have many
>> resellers that used the API, we noticed all reselle
We checked our system, this order is from one of the reseller. We have many
resellers that used the API, we noticed all resellers to close the free SSL,
but they need some time to update the system.
The most important thing is this certificate is issued by proper way that this
subscriber
This is a common way for all CAs that issued many intermediate CAs for its
resellers.
Best Regards,
Richard
-Original Message-
From: dev-security-policy
[mailto:dev-security-policy-bounces+richard=wosign@lists.mozilla.org] On
Behalf Of Ryan Sleevi
Sent: Wednesday, November 23,
Hi all,
This is the OEM certificate from Certum, Certum own and control everything with
its own validation, you can check the test site: https://ovpretest.wosign.com
that its CPS/CRL/OCSP/OID all belong to Certum.
I don't think WoSign can't be a reseller of other CA.
Thanks.
Best Regards,
I said many times that I am the Acting CEO of Wo sign now till the new CEO
arrives.
Even I am not the CEO instead of an employee, I think I can response the email
about WoSign that just tell everyone the fact, not representing the company
making any new decision.
Please check my previous
WoSign stopped to issue free SSL certificate from those two intermediate CAs
since Sept 29.
Best Regards,
Richard
> On 13 Nov 2016, at 17:07, Percy wrote:
>
> I just found out that Apple doesn't limit "CA 沃通免费SSL证书 G2" intermediate CA
> even though Apple limited
: Monday, October 24, 2016 12:05 PM
To: Richard Wang <rich...@wosign.com>
Cc: Kathleen Wilson <kwil...@mozilla.com>;
mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: Remediation Plan for WoSign and StartCom
Hi Richard,
A few questions -
1) Your post says "Ther
Hi Kathleen,
WoSign released the news today since I just came back from USA CABF meeting.
http://www.wosign.com/news/announcement_about_Mozilla_Action_20161024.htm (in
Chinese)
https://www.wosign.com/english/News/announcement_about_Mozilla_Action_20161024.htm
(in English)
Best Regards,
Hi Gerv,
This is the updated incident report:
https://www.wosign.com/report/WoSign_Incident_Report_Update_07102016.pdf .
Thanks.
Regards,
Richard
-Original Message-
From: dev-security-policy
[mailto:dev-security-policy-bounces+richard=wosign@lists.mozilla.org] On
Behalf Of
I think I know the reason; this may be helpful for your investigation.
This is a code bug from CA issuing system that the engineer mis-understand the
free additional domain added rule. System treat the "www" as a subdomain, most
case it is, but in this case, it is top domain.
Subscriber
This is the recent incident from GlobalSign.
Please notice WoSign incident is occurred in 2015 for free DV SSL, not OV or
EV.
Best Regards,
Richard
Begin forwarded message:
From: Doug Beattie
>
Date: September 21, 2016 at
First, I must make declaration that I don't know "Showfom", and I don't know if
he/she is a WoSign customer.
As I said in my final statement that I wish all Mozilla trusted CA can post
their issued certificate to CT log server for full transparency, I am sure not
WoSign mis-issued certificate
First, I must make declaration that I don't know "Showfom", and I don't know if
he/she is a WoSign customer.
As I said in my final statement that I wish all Mozilla trusted CA can post
their issued certificate to CT log server for full trenchancy, I am sure not
WoSign mis-issued certificate,
Hi Gerv,
Please check this news (Feb 25th 2015) in OSCCA website:
http://www.oscca.gov.cn/News/201312/News_1254.htm that all China licensed CA
finished the PKI/CA system upgrade that all licensed CA MUST be able to issue
SM2 certificate to subscribers.
As I said in last year CABF face to face
of the two released reports.
Please let me if you have any questions about this statement, thanks.
Best Regards,
Richard Wang
CEO
WoSign CA Limited
-Original Message-
From: dev-security-policy
[mailto:dev-security-policy-bounces+richard=wosign@lists.mozilla.org] On
Behalf Of Richard
Thanks for your hard work. I wish you can finish check for all other CA's
report ASAP.
For WoSign, the report covered all 4 roots, not 3 roots.
For StartCom, Eddy can say something about it, StartCom is 1000% independent
for everything at 2015.
Best Regards,
Richard
-Original
OpenSSL OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
http://security.360.cn/cve/CVE-2016-6304/index.html?from=timeline=0
Best Regards,
Richard
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
Sorry, the random apart time is from 20 minutes to 60 minutes, not to 40
minutes.
Best Regards,
Richard
-Original Message-
From: dev-security-policy
[mailto:dev-security-policy-bounces+richard=wosign@lists.mozilla.org] On
Behalf Of Richard Wang
Sent: Thursday, September 22, 2016
server that need to resign after
the internet connection is ok.
For normal case, it is OK, good.
Thanks.
Best Regards,
Richard
-Original Message-
From: Peter Bowen [mailto:pzbo...@gmail.com]
Sent: Thursday, September 22, 2016 12:32 PM
To: Richard Wang <rich...@wosign.com>
Cc: G
> Are you saying out of over 40,000 orders over the last year, only six
> "stopped to move forward" for a period of a week or more and these happen to
> all have been ordered on Sunday, December 20, 2015 (China time)?
You mean we issued 40,000 certificates at Dec 20, 2015?
Here is the last two
day) is Dec. 20th for a free DV SSL
certificate that take so long time.
I wish I said this clearly, thanks.
Best Regards,
Richard
-Original Message-
From: Peter Bowen [mailto:pzbo...@gmail.com]
Sent: Thursday, September 22, 2016 11:38 AM
To: Richard Wang <rich...@wosign.com&
But you can use OCSP Stapling in your web
server.
We don’t worry about most China online banking system and many ecommerce
website using the foreign CA certificate, what do you worry about? As I said,
we used Akamai CDN service that all hits will go to Akamai Edge servers first.
Best Regar
-09-21 16:26, Richard Wang wrote:
R: You can place order there and don't do the domain validation, 4 months
later, you finished the domain control validation, then issue the certificate.
Please try it by yourself here: https://buy.wosign.com/free/
So the date in the certificate is from when the orde
...@lists.mozilla.org
Subject: Re: Incidents involving the CA WoSign
Hi Richard,
Thanks for the additional information.
On 21/09/16 11:11, Richard Wang wrote:
> Some SHA-1 certificate is free SSL certificate that no any reason for
> us to help them get the SHA-1 certificate if we are inten
See below inline, thanks.
Best Regards,
Richard
-Original Message-
From: Gervase Markham [mailto:g...@mozilla.org]
Sent: Tuesday, September 20, 2016 7:37 PM
To: Richard Wang <rich...@wosign.com<mailto:rich...@wosign.com>>
Subject: Re: Incidents involving the CA
See below inline, thanks.
Best Regards,
Richard
-Original Message-
From: Gervase Markham [mailto:g...@mozilla.org]
Sent: Tuesday, September 20, 2016 7:37 PM
To: Richard Wang <mailto:rich...@wosign.com>
Subject: Re: Incidents involving the CA WoSign
Hi Richard,
On 16/09/16
to do any
comment. Sorry.
Best Regards,
Richard
-Original Message-
From: Peter Bowen [mailto:pzbo...@gmail.com]
Sent: Tuesday, September 20, 2016 10:18 AM
To: Richard Wang <rich...@wosign.com>
Cc: Nick Lamb <tialara...@gmail.com>;
mozilla-dev-security-pol...@lists.mozilla.org
Lamb
Sent: Tuesday, September 20, 2016 9:06 AM
To: mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: Incidents involving the CA WoSign
On Tuesday, 20 September 2016 01:25:59 UTC+1, Richard Wang wrote:
> This case is WoSign problem, you found out all related subordinate companies
> a
r Bowen [mailto:pzbo...@gmail.com]
Sent: Monday, September 19, 2016 10:31 PM
To: Richard Wang <rich...@wosign.com>
Cc: Gervase Markham <g...@mozilla.org>;
mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: Incidents involving the CA WoSign
Richard,
I'm still somewhat confuse
@lists.mozilla.org] On
Behalf Of Richard Wang
Sent: Friday, September 16, 2016 6:05 PM
To: Gervase Markham <g...@mozilla.org>
Cc: mozilla-dev-security-pol...@lists.mozilla.org
Subject: RE: Incidents involving the CA WoSign
Hi Gerv,
This is the final report:
https://www.wosign.com/
Thank you very much for helping us.
For SM2 algorithm, this is out of this thread, I can discuss with you off list.
Regards,
Richard
> On Sep 16, 2016, at 22:32, Vincent Lynch <vtly...@gmail.com> wrote:
>
>> On Friday, September 16, 2016 at 6:07:56 AM UTC-4, Richard Wang
Please read the report carefully that it is NOT the validation system is
hijacked.
Regards,
Richard
> On Sep 16, 2016, at 21:31, Han Yuwei <hanyuwe...@gmail.com> wrote:
>
> 在 2016年9月16日星期五 UTC+8下午6:07:56,Richard Wang写道:
>> Hi Gerv,
>>
>> This is the final r
Hi Gerv,
This is the final report:
https://www.wosign.com/report/WoSign_Incident_Final_Report_09162016.pdf
Please let me if you have any questions about the report, thanks.
Best Regards,
Richard Wang
CEO
WoSign CA Limited
-Original Message-
From: Gervase Markham
Sent: Wednesday
Please don't mix StartCom with WoSign case, StartCom is 100% independent at
2015.
Even now, it still independent in the system, in the validation team and
management team, we share the CRL/OCSP distribution resource only.
Best Regards,
Richard
-Original Message-
From:
Hi all,
We will publish a more comprehensive report in the next several days that will
attempt to cover most / all issues.
Thanks for your patience.
Regards,
Richard
> On 7 Sep 2016, at 18:58, Gervase Markham <g...@mozilla.org> wrote:
>
> Hi Richard,
>
>> On 07/0
“StartCom CA Ltd” in the UK are listed as being
> owned by "StartCom CA Ltd".[2] This seems circular, but our
> understanding is it actually refers to StartCom HK, which has the same
> name. StartCom UK is documented as having two directors. One is Gaohua
> (Richard) Wang, who will
nbingb...@gmail.com> wrote:
>
> 在 2016年9月7日星期三 UTC+8下午6:08:33,Richard Wang写道:
>> Hi Gerv, Kathleen and Richard,
>>
>> This discuss has been lasting two weeks, I think it is time to end it, it
>> doesn’t worth to waste everybody’s precious time.
>> I make my confessio
>> On 2016-09-07 13:00, Gervase Markham wrote:
>> Hi Richard,
>>
>>> On 07/09/16 11:06, Richard Wang wrote:
>>> This discuss has been lasting two weeks, I think it is time to end
>>> it, it doesn’t worth to waste everybody’s precious time.
>>
&g
Got it, thanks.
We will reply to you soon.
By the way, the link you used in the page to our report is not correct.
Regards,
Richard
> On 7 Sep 2016, at 18:58, Gervase Markham <g...@mozilla.org> wrote:
>
> Hi Richard,
>
>> On 07/09/16 11:06, Richard Wang wrote:
>>
once it is about to expire at every three years for OV SSL.
I wish Mozilla could accept my suggestion, and I am sure WoSign will do it
better after getting this so big lesson.
Thank you.
Best Regards,
Richard Wang
CEO
WoSign CA Limited
-Original Message-
From: dev-security-policy
Thanks for your comment.
For Github case:
1. what happened: issued the certificate that included un-validated domain,
and found out this mistake in the next day review, and revoked this
certificate.
2. why this happened: this is bug as you described, and due to many orders need
to review
uiry email. Some question will be replied in the second report.
Best Regards,
Richard
-Original Message-
From: Kurt Roeckx [mailto:k...@roeckx.be]
Sent: Monday, September 5, 2016 1:34 AM
To: Richard Wang <rich...@wosign.com>
Cc: Gervase Markham <g...@mozilla.org>;
mo
report for
another incident X soon.
Best Regards,
Richard Wang
CEO
WoSign CA Limited
-Original Message-
From: Gervase Markham [mailto:g...@mozilla.org]
Sent: Wednesday, August 24, 2016 9:08 PM
To: mozilla-dev-security-pol...@lists.mozilla.org
Cc: Richard Wang <rich...@wosign.
It is posted, just Peter not find it that I told him the Log id.
We are also checking system again to double check if we missed some.
Please be patient for our full 20 pages report, thanks,
Regards,
Richard
> On 4 Sep 2016, at 12:12, Matt Palmer wrote:
>
>> On Sat,
on
the browser algorithm support.
Regards,
Richard
> On 4 Sep 2016, at 12:49, Peter Bowen <pzbo...@gmail.com> wrote:
>
>> On Thu, Sep 1, 2016 at 9:00 AM, Ryan Sleevi <r...@sleevi.com> wrote:
>>> On Wed, August 31, 2016 10:09 pm, Richard Wang wrote:
>>
: Sunday, September 4, 2016 5:19 AM
To: Richard Wang <rich...@wosign.com>
Cc: Ryan Sleevi <r...@sleevi.com>; mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: Incidents involving the CA WoSign
Richard,
Can you also please check the following two certificates? It looks like they
From the screenshot, we know why Percy hate WoSign so deeply, we know he
represent which CA, everything is clear now.
BTW, as I said that the two related pages in our website are deleted.
Regards,
Richard
> On 3 Sep 2016, at 02:16, Percy wrote:
>
>> On Friday,
We will check this tomorrow.
Now our time is 23:32 at night.
Regards,
Richard
> On 2 Sep 2016, at 23:20, Peter Bowen <pzbo...@gmail.com> wrote:
>
>> On Fri, Sep 2, 2016 at 8:11 AM, Richard Wang <rich...@wosign.com> wrote:
>> Yes, we posted all 2015 issue
Yes, we plan to post to one of the Google log server tommorrow.
Regards,
Richard
> On 2 Sep 2016, at 22:54, Peter Bowen <pzbo...@gmail.com> wrote:
>
>> On Fri, Sep 2, 2016 at 12:37 AM, Richard Wang <rich...@wosign.com> wrote:
>> We finished the CT posting, a
-Original Message-
From: Gervase Markham [mailto:g...@mozilla.org]
Sent: Friday, September 2, 2016 6:07 PM
To: Richard Wang <rich...@wosign.com>;
mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: Incidents involving the CA WoSign
> And, as others have pointed out in th
@lists.mozilla.org] On
Behalf Of Matt Palmer
Sent: Friday, September 2, 2016 4:51 PM
To: dev-security-policy@lists.mozilla.org
Subject: Re: Incidents involving the CA WoSign
On Fri, Sep 02, 2016 at 06:53:23AM +, Richard Wang wrote:
> I think we are out of topic.
On the contrary, the trustworthin
@lists.mozilla.org] On
Behalf Of Percy
Sent: Friday, September 2, 2016 2:23 PM
To: mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: Incidents involving the CA WoSign
On Thursday, September 1, 2016 at 11:01:08 PM UTC-7, Richard Wang wrote:
> OK I try to say some that I wish I do
<vtly...@gmail.com> writes:
>I think Eddy Nigg (founder of StartCom) and/or Richard Wang (of WoSign)
>should make a statement about this.
+1. I'd already asked for something like this earlier and got silence
+as a
response, which isn't inspiring
1 - 100 of 137 matches
Mail list logo