On Wed, Sep 07, 2016 at 04:15:47PM -0700, Eric Kuhnke wrote:
> Further update on all known suspicious activity from Wosign:
>
> https://wiki.mozilla.org/CA:WoSign_Issues
>
> Seriously, what level of malice and/or incompetence does one have to rise
> to in order to be removed from the Mozilla
> On Sep 1, 2016, at 3:10 AM, Matt Palmer wrote:
>
> How the hell do you get from "the world does not work that way" to "please
> pitch me your consulting services"?
You appear ignorant of what real DR / resiliency can do, as do your local
providers if they said that.
> On Sep 1, 2016, at 3:19 AM, Stephane Bortzmeyer wrote:
>
> On Thu, Sep 01, 2016 at 11:36:57AM +1000,
> Matt Palmer wrote
> a message of 45 lines which said:
>
>> I'd be surprised if most business continuity people could even name
>> their cert
Further update on all known suspicious activity from Wosign:
https://wiki.mozilla.org/CA:WoSign_Issues
Seriously, what level of malice and/or incompetence does one have to rise
to in order to be removed from the Mozilla (and hopefully Microsoft and
Chrome) trusted root CA store? Is this not
On Thu, Sep 01, 2016 at 11:36:57AM +1000,
Matt Palmer wrote
a message of 45 lines which said:
> I'd be surprised if most business continuity people could even name
> their cert provider,
And they're right because it would be a useless information: without
DANE, *any* CA
On Wed, Aug 31, 2016 at 06:49:17PM -0700, Lyndon Nerenberg wrote:
> > On Aug 31, 2016, at 6:36 PM, Matt Palmer wrote:
> >
> > Thanks, Netscape. Great ecosystem you built.
>
> Nobody at that time had a clue how this environment was going to scale,
> let alone what the
On Wed, Aug 31, 2016 at 09:33:18PM -0700, George William Herbert wrote:
> > On Aug 31, 2016, at 6:36 PM, Matt Palmer wrote:
> > there's just wy too many sites using WoSign (and StartCom) for the
> > CAs' roots to just be pulled. Sad, but true.
>
> Not even. Pull away.
> On Aug 31, 2016, at 6:36 PM, Matt Palmer wrote:
>
> there's just wy too many sites using WoSign (and StartCom) for the
> CAs' roots to just be pulled. Sad, but true.
Not even. Pull away.
> I'd be surprised if most business continuity people could even name their
In message , Lyndon Nerenberg
writes:
> > On Aug 31, 2016, at 6:36 PM, Matt Palmer wrote:
> >
> > Thanks, Netscape. Great ecosystem you built.
>
> Nobody at that time had a clue how this environment was going to scale,
> let
> On Aug 31, 2016, at 6:36 PM, Matt Palmer wrote:
>
> Thanks, Netscape. Great ecosystem you built.
Nobody at that time had a clue how this environment was going to scale, let
alone what the wide-ranging security issues would be.
And where were you back then, not saving
"Too big to fail"
Where have we heard that before?
If business risk/continuity people knew not only how much of a single point
of failure a root CA is, but other basic stuff like "Maybe it shouldn't be
possible to login to your domain registrar's control panel with the
password known by Bob
On Wed, Aug 31, 2016 at 10:45:48AM -0800, Royce Williams wrote:
> Hypothetically, it would be an interesting strategy for a CA to
> publicly demonstrate this level of competence:
>
> https://www.schrauger.com/the-story-of-how-wosign-gave-me-an-ssl-certificate-for-github-com
>
> ... while at the
On Tue, Aug 30, 2016 at 9:11 PM, Royce Williams wrote:
> On Tue, Aug 30, 2016 at 8:38 PM, Eric Kuhnke wrote:
>>
>> http://www.percya.com/2016/08/chinese-ca-wosign-faces-revocation.html
>>
>> One of the largest Chinese root certificate authority
We've received several unsolicited certificate approval requests from wosign
sign on high-value domain names we manage. Wosign has never responded to our
requests for information about the requesters. There really isn't anything we
can do other than ignore the requests, but clearly somebody is
mozilla.dev.security thread:
https://groups.google.com/forum/m/#!topic/mozilla.dev.security.policy/k9PBmyLCi8I/discussion
On Aug 30, 2016 10:12 PM, "Royce Williams" wrote:
> On Tue, Aug 30, 2016 at 8:38 PM, Eric Kuhnke
> wrote:
> >
> >
On Tue, Aug 30, 2016 at 8:38 PM, Eric Kuhnke wrote:
>
> http://www.percya.com/2016/08/chinese-ca-wosign-faces-revocation.html
>
> One of the largest Chinese root certificate authority WoSign issued many
> fake certificates due to an vulnerability. WoSign's free certificate
http://www.percya.com/2016/08/chinese-ca-wosign-faces-revocation.html
One of the largest Chinese root certificate authority WoSign issued many
fake certificates due to an vulnerability. WoSign's free certificate
service allowed its users to get a certificate for the base domain if they
were able
17 matches
Mail list logo