Please read the report carefully that it is NOT the validation system is hijacked.
Regards, Richard > On Sep 16, 2016, at 21:31, Han Yuwei <hanyuwe...@gmail.com> wrote: > > 在 2016年9月16日星期五 UTC+8下午6:07:56，Richard Wang写道： >> Hi Gerv, >> >> This is the final report: >> https://www.wosign.com/report/WoSign_Incident_Final_Report_09162016.pdf >> >> Please let me if you have any questions about the report, thanks. >> >> >> Best Regards, >> >> Richard Wang >> CEO >> WoSign CA Limited >> > > About mis-issued alicdn.com and github.com, is the whitelist a acceptable > solution? I thought it is a serve problem that possible hijacks on CA's > validation host to the server. Lots of vulnerablity could be used by hackers > such as DNS poisoning and TCP hijacks. This time the alicdn noticed this > problem because it is a big company. If this happened to a relatively small > company can we notice this in time? I am very doubt about that. Anything we > can do to prevent this from happening? > _______________________________________________ > dev-security-policy mailing list > email@example.com > https://lists.mozilla.org/listinfo/dev-security-policy
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list firstname.lastname@example.org https://lists.mozilla.org/listinfo/dev-security-policy