On 4/8/14, 4:38 PM, Kathleen Wilson wrote:
The first discussion of this request was here:
https://groups.google.com/d/msg/mozilla.dev.security.policy/DYrrxCsD6CA/9y8a5NnshRgJ
The discussion was closed because one of the root certificates under
consideration had been recently created and not audited. WoSign has
determined that they would like to proceed with the previously created
and audited root certificates as follows.
WoSign has applied to include the “Certification Authority of WoSign”
and “CA 沃通根证书” root certificates, turn on all three trust bits for
both root certs, and enable EV treatment for both root certs. The
“Certification Authority of WoSign” root cert is SHA-1, and the “CA 沃通
根证书” root cert is SHA-256.
WoSign is a privately-owned CA in China which issues certificates to the
general public. WoSign started their CA business in 2006 as a SubCA of
Comodo. WoSign setup its own root CA in 2009 and started to issue
certificates in 2011 under this root CA that cross-signed with a
Startcom CA. WoSign has issued thousands of certificates to customers in
China. WoSign SSL certificates are deployed in top 10 eCommerce websites
in China; for bank, telecom, enterprise etc., and most software
developers in China choose WoSign certificate since it supports Chinese.
The request is documented in the following bug:
https://bugzilla.mozilla.org/show_bug.cgi?id=851435
And in the pending certificates list:
http://www.mozilla.org/projects/security/certs/pending/
Summary of Information Gathered and Verified:
https://bugzilla.mozilla.org/attachment.cgi?id=8361431
Thank you to those of you who have reviewed and commented on this request.
Does anyone else of questions or comments on this request?
Kathleen
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
