On Wed, Sep 21, 2016 at 9:10 PM, Richard Wang <rich...@wosign.com> wrote:
>> Are you saying out of over 40,000 orders over the last year, only six 
>> "stopped to move forward" for a period of a week or more and these happen to 
>> all have been ordered on Sunday, December 20, 2015 (China time)?
> You mean we issued 40,000 certificates at Dec 20, 2015?

No, there slightly over 40418 certificates issued by CAs under the
WoSign roots which have embedded Signed Certificate Timestamps.  They
were issued over the course of approximately one year; the earliest
notBefore date is 2015-08-20T09:40:48Z and my CT data set was up to
date as of 2015-09-05.

Of these 40418 certificates, 40394 had a delta between notBefore and
the earliest SCT is less than 3 hours. Eighteen certificates have a
delta between 5 hours and 51 hours; all 18 of these have a notBefore
on 2016-07-30 between 05:20 and 07:40 (CST). The remaining 6
certificates have a delta of between 262.3 hours (10.9 days) and 693.7
hours (28.9 days).  All six of these have a notBefore on 2015-12-20

For with it is worth, the largest difference between the earliest
embedded timestamp and the latest is less than 15 minutes in all

> We issued SHA-1 certificate at every day, Dec 20 is not a special day, why 
> you care about this day is Computest get the SHA-1 certificate used this date 
> that we still don't know how he get this, so we closed this API completely, 
> even deleted the API domain resolution.

I'm looking at all WoSign issued certificates, ignoring the hash
algorithm used in the signature.  Two dates have certificates that are
clear outliers when measuring the difference between notBefore and the
timestamps.  I'm wondering what is special about these dates or these

dev-security-policy mailing list

Reply via email to