This is another case that he finished the website control validation. We and Alibaba are investigating why he can do the website control validation.
The is the log, but we can't expose more now since it is related to Alibaba. 2016-06-23 01:34:39: WoSign validation system received domain "alicdn.com" website control request,the url is "http://alicdn.com/alicdn.com.html";, v_random is 2e3baabe989fad9f143517796ed4941c13e7177b, Validation system used Get method, 400 error, then change to use POST method, success. Best Regards, Richard -----Original Message----- From: dev-security-policy [mailto:[email protected]] On Behalf Of Ryan Sleevi Sent: Friday, September 2, 2016 9:49 AM To: [email protected] Subject: Re: Yes, we are improved On Thursday, September 1, 2016 at 6:35:54 PM UTC-7, Richard Wang wrote: > I said " Yes, we are improved", you can see from the timeline that from June > 2015 to July 2016, over one-year period that we don't have any incident, this > means we fixed system bug in time and do more validation and check, we > blocked many illegal order for famous domains. Mere minutes before you posted this message, you acknowledged in https://groups.google.com/d/msg/mozilla.dev.security.policy/Q3zjv95VhXI/p40n2Zv6DAAJ that this certificate was misissued: https://crt.sh/?id=29884704 If we trust your dates are correct with notBefore, then this was issued June 23, 2016. Clearly, this shows an issue, the fullness of which, I'll reply on that thread. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
