On Thu, Aug 25, 2016 at 04:03:04AM +0000, Richard Wang wrote: > For transparency, WoSign announced full transparency for all SSL > certificate from July 5th that post all issued SSL certificate to Google > log server, browsers can distrust WoSign issued SSL certificate after that > day if no SCT embedded data in the certificate.
That would be slightly more reassuring if there wasn't a history of certs being issued with seemingly misleading notBefore values... Separately, do you have any thoughts on the reports that WoSign's BR auditor did not note any of the misissuances? Also, what changes, exactly, has WoSign implemented to its policies and procedures to ensure that all trust programs in which WoSign is a participant are notified of future incidents, in line with each program's requirements? - Matt -- "The user-friendly computer is a red herring. The user-friendliness of a book just makes it easier to turn pages. There's nothing user-friendly about learning to read." -- Alan Kay _______________________________________________ dev-security-policy mailing list email@example.com https://lists.mozilla.org/listinfo/dev-security-policy