I checked our system that this is a standard order in our system that passes the website control validation. We issued more than 300K certificates for worldwide customers including many famous company. For Aliyun, it's our reseller partner, see this news: https://www.wosign.com/english/News/aliyun-wosign.html
Regards, Richard > On 27 Aug 2016, at 04:22, Jonathan Rudenberg <[email protected]> wrote: > > Here’s the crt.sh link for this certificate: https://crt.sh/?id=29884704 > > Can you provide more details about where this certificate came from? Did you > issue it using one of the vulnerabilities discussed in this thread? > >> On Aug 26, 2016, at 01:12, 233sec Team <[email protected]> wrote: >> >> Wosign's Issue mechanism is high risking for large enterprise. >> This is one prove: >> >> https://gist.github.com/xiaohuilam/8589f2dfaac435bae4bf8dfe0984f69e >> >> Alicdn.com is the cdn asset domain name of Taobao/tmall who belong to >> alibaba, which are Chinese biggest online shopping websites. >> With the fake cert's middle man attack, password stealing, information >> leaking... >> _______________________________________________ >> dev-security-policy mailing list >> [email protected] >> https://lists.mozilla.org/listinfo/dev-security-policy > > _______________________________________________ > dev-security-policy mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security-policy
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
