Please read the report carefully that it is NOT the validation system is 
hijacked.


Regards,

Richard

> On Sep 16, 2016, at 21:31, Han Yuwei <hanyuwe...@gmail.com> wrote:
> 
> 在 2016年9月16日星期五 UTC+8下午6:07:56,Richard Wang写道:
>> Hi Gerv,
>> 
>> This is the final report: 
>> https://www.wosign.com/report/WoSign_Incident_Final_Report_09162016.pdf 
>> 
>> Please let me if you have any questions about the report, thanks.
>> 
>> 
>> Best Regards,
>> 
>> Richard Wang
>> CEO
>> WoSign CA Limited
>> 
> 
> About mis-issued alicdn.com and github.com, is the whitelist a acceptable 
> solution? I thought it is a serve problem that possible hijacks on CA's 
> validation host to the server. Lots of vulnerablity could be used by hackers 
> such as DNS poisoning and TCP hijacks. This time the alicdn noticed this 
> problem because it is a big company. If this happened to a relatively small 
> company can we notice this in time? I am very doubt about that. Anything we 
> can do to prevent this from happening?
> _______________________________________________
> dev-security-policy mailing list
> dev-security-policy@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-security-policy

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to