On Thursday, September 1, 2016 at 11:01:08 PM UTC-7, Richard Wang wrote:
> OK I try to say some that I wish I don't violate my company confidential
> policy.
>
> 1. Eddy told me that this guy is the former employee of StartCom, he violates
> the signed NDA that he must shutdown the site within the limit time. Every
> re-distribution the wrong information will heavy his penalty (including site
> cache or mirror site). I am sure every company don't like its former
> employee to expose company's confidential information.
>
NDA only applies for information that's privileged. The content here
https://archive.is/8bSp6 can be obtained all from public sources, hence
exempted from NDA.
In case WoSign tries to send take down request to Achieve.is, I mirrored the
content on pastebin too http://pastebin.com/hiKxmGMH Good luck taking that
down.
> 2. WoSign invested in 5 companies worldwide including in North America,
> Europe and Asia (China), but my company is a private company that no any
> liability to expose everything that we don't like to expose. And Mozilla also
> don't have the policy that every CA must expose its shareholder and director.
>
Sure, your company is a private company. But the public doesn't have an
obligation to trust you either.
> 3. Please don't bind WoSign incident problem with StartCom, it is two
> independent company that one registered in China and one located in Israel.
> StartCom and WoSign have maintained a business relationship for many years
> since 2011 when WoSign startup CA business. And WoSign root is cross signed
> by StartCom root due to the problem that root inclusion took long time.
>
Two independent companies that share the same infrastructure, director and user
trust according to https://archive.is/8bSp6 , doesn't look very independent to
me.
>
> Best Regards,
>
> Richard
>
> -----Original Message-----
> From: dev-security-policy
> [mailto:dev-security-policy-bounces+richard=wosign....@lists.mozilla.org] On
> Behalf Of Peter Gutmann
> Sent: Friday, September 2, 2016 11:59 AM
> To: Vincent Lynch <vtly...@gmail.com>;
> mozilla-dev-security-pol...@lists.mozilla.org
> Subject: RE: Incidents involving the CA WoSign
>
> Vincent Lynch <vtly...@gmail.com> writes:
>
> >I think Eddy Nigg (founder of StartCom) and/or Richard Wang (of WoSign)
> >should make a statement about this.
>
> +1. I'd already asked for something like this earlier and got silence
> +as a
> response, which isn't inspiring confidence.
>
> Peter.
> _______________________________________________
> dev-security-policy mailing list
> dev-security-policy@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-security-policy
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy