I think we are out of topic. Please send me offlist email if you like.
Best Regards, Richard -----Original Message----- From: dev-security-policy [mailto:[email protected]] On Behalf Of Matt Palmer Sent: Friday, September 2, 2016 2:49 PM To: [email protected] Subject: Re: Incidents involving the CA WoSign On Fri, Sep 02, 2016 at 05:59:19AM +0000, Richard Wang wrote: > 1. Eddy told me that this guy is the former employee of StartCom, he > violates the signed NDA that he must shutdown the site within the > limit time. Every re-distribution the wrong information will heavy > his penalty (including site cache or mirror site). I am sure every > company don't like its former employee to expose company's confidential > information. I don't see anything particularly confidential, and waving around legal threats really does seem like there's something to hide. Why not address the concerns raised by that site, rather than shutting it down, if the accusations are entirely baseless? > 2. WoSign invested in 5 companies worldwide including in North > America, Europe and Asia (China), but my company is a private company > that no any liability to expose everything that we don't like to > expose. And Mozilla also don't have the policy that every CA must > expose its shareholder and director. Mozilla also doesn't have every CA under scrutiny at the moment for a series of fairly egregious breaches of the public trust, either. > 3. Please don't bind WoSign incident problem with StartCom, it is two > independent company that one registered in China and one located in > Israel. Was the distinction between "registered" and "located" deliberate there? - Matt _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
