On Friday, September 16, 2016 at 6:07:56 AM UTC-4, Richard Wang wrote: > Hi Gerv, > > This is the final report: > https://www.wosign.com/report/WoSign_Incident_Final_Report_09162016.pdf > > Please let me if you have any questions about the report, thanks. > > > Best Regards, > > Richard Wang > CEO > WoSign CA Limited > >
Hi Richard, Thank you for you and your team's hard work on the report. As an observer, I found it very informative. I do have a follow up question regarding Issue P. I'm curious as to why this test ever took place with publicly trusted certificates given that the SM2 algorithm is not allowed by the CA/B Forum. Say this test was "successful". Whats next? Since SM2 is not allowed, was WoSign planning on introducing a ballot to the CA/B Forum to approve SM2? Sincerely, Vincent _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy