Please read the report carefully that it is NOT the validation system is 



> On Sep 16, 2016, at 21:31, Han Yuwei <> wrote:
> 在 2016年9月16日星期五 UTC+8下午6:07:56,Richard Wang写道:
>> Hi Gerv,
>> This is the final report: 
>> Please let me if you have any questions about the report, thanks.
>> Best Regards,
>> Richard Wang
>> CEO
>> WoSign CA Limited
> About mis-issued and, is the whitelist a acceptable 
> solution? I thought it is a serve problem that possible hijacks on CA's 
> validation host to the server. Lots of vulnerablity could be used by hackers 
> such as DNS poisoning and TCP hijacks. This time the alicdn noticed this 
> problem because it is a big company. If this happened to a relatively small 
> company can we notice this in time? I am very doubt about that. Anything we 
> can do to prevent this from happening?
> _______________________________________________
> dev-security-policy mailing list

Attachment: smime.p7s
Description: S/MIME cryptographic signature

dev-security-policy mailing list

Reply via email to