On Thu, Aug 25, 2016 at 04:03:04AM +0000, Richard Wang wrote:
> For transparency, WoSign announced full transparency for all SSL
> certificate from July 5th that post all issued SSL certificate to Google
> log server, browsers can distrust WoSign issued SSL certificate after that
> day if no SCT embedded data in the certificate.

That would be slightly more reassuring if there wasn't a history of certs
being issued with seemingly misleading notBefore values...

Separately, do you have any thoughts on the reports that WoSign's BR auditor
did not note any of the misissuances?  Also, what changes, exactly, has
WoSign implemented to its policies and procedures to ensure that all trust
programs in which WoSign is a participant are notified of future incidents,
in line with each program's requirements?

- Matt

"The user-friendly computer is a red herring. The user-friendliness of a
book just makes it easier to turn pages. There's nothing user-friendly about
learning to read."
                -- Alan Kay

dev-security-policy mailing list

Reply via email to