As I explained, we use same script using API, different parameter point to different API post URL for different CA, no any PKI hosting related.
Regards, Richard > On 29 Aug 2016, at 16:25, Gervase Markham <g...@mozilla.org> wrote: > >> On 24/08/16 17:44, Peter Bowen wrote: >> I think you are missing the most likely option: CA hosting. My >> understanding is that it is not uncommon that one CA operator >> contracts with another CA operator to run a CA on behalf of the first >> operator. I don't think it has been clear what disclosure of this >> practice is required. Given that I believe this is widespread, I >> assumed that all of the issuing CAs in this case were operated by the >> same entity. > > If StartCom are hosting WoSign's infra (seems less likely), then it's > still a pretty severe mistake to accidentally issue a certificate from > one of your customer's roots rather than your own, although one might > say the mistake in this case would be StartCom's. > > If WoSign are hosting StartCom's infra, it still leaves open the > question of why StartCom are deploying code that WoSign are no longer > using, and haven't for six months, and why WoSign permitted the StartCom > UI to issue WoSign certificates at all. > > Gerv > >
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy