I know WoSign make some mistakes in 2015, and I accept any reasonable fair
enough sanction. But WoSign will continue to do our best to provide best
products and best service to worldwide customers, no matter what the sanction
Here is the answer for your questions:
> Do we trust that WoSign will honor requests for certs to be revoked?
Yes, we honor your requests for certs to be revoked for FREE according to our
CPS. We used Akamai CDN for worldwide customer to provide best CRL/OCSP service.
> Do we trust that revocation will take place in a timely matter?
Yes, we will take place your revocation request in a timely matter that exceed
your expectation – within 24 hours (24 x 365 non-stop).
> Do we trust that WoSign will not collect information on hits to any OCSP
> responders they have set up and share that info with...whomever?
Yes, any CA can do this if need. But you can use OCSP Stapling in your web
We don’t worry about most China online banking system and many ecommerce
website using the foreign CA certificate, what do you worry about? As I said,
we used Akamai CDN service that all hits will go to Akamai Edge servers first.
WoSign CA limited
Behalf Of Peter Kurrasch
Sent: Thursday, September 22, 2016 3:06 AM
Subject: Time to distrust (was: Sanctions short of distrust)
Do we trust that WoSign will honor requsts for certs to be revoked? Do we trust
that revocation will take place in a timely matter? Do we trust that WoSign
will not collect information on hits to any OCSP responders they have set up
and share that info with...whomever?
dev-security-policy mailing list