The affected cert has been logged here: https://crt.sh/?id=34242572
Am 24.09.2016 um 02:33 schrieb Richard Wang: > First, I must make declaration that I don't know "Showfom", and I don't know > if he/she is a WoSign customer. > > As I said in my final statement that I wish all Mozilla trusted CA can post > their issued certificate to CT log server for full transparency, I am sure > not WoSign mis-issued certificate only, maybe some CA have more serious > problems. > > I paste my statement again here: > WoSign believes that the Certificate Transparency is a very good solution for > self-discipline that force employees to attach great importance to product > quality control, and for external oversight mechanism that let the third > party supervise the CA's activity. > WoSign is the first CA that volunteer to post all issued SSL Certificates to > Google CT log server initiatively. Our aim is to let the worldwide users > trust WoSign SSL certificates, and hope to drive the global CAs to be open > and transparent publishing all issued certificates to CT log server, making > worldwide users, browser vendors and related stakeholder to take an overall > supervision, this will benefit the global Internet security. > > > @Showfom: you don't need to say " Sorry for my bad English", your English is > very good! Our native language is Chinese, not English, so no need to say > sorry, I NEVER say this word again. > > > Regards, > > Richard > > -----Original Message----- > From: dev-security-policy > [mailto:[email protected]] On > Behalf Of Showfom > Sent: Saturday, September 24, 2016 2:30 AM > To: [email protected] > Subject: Comodo issued a certificate for an extension > > First, let me introduce myself, I'm a famous investor of ccTLD domains from > China. > > Recently we get an easy-remember domain www.sb, please note the extension is > .sb > > I ordered a Comodo Positive SSL for this domain, the common name which I > submit is www.sb > > Usually they will give us a certificate for www.sb and www.www.sb, but this > time Comodo issues a certificate with DNS name www.sb and sb > > I can't find our certificate in crt.sh but can be viewed here > > https://censys.io/certificates/719c282a51e935051e88bf6115dda0731da21c0e12c08e6bcea36078e83e4966 > > Or you can simply type https://www.sb/ in your browser to view the certificate > > https://www.sb/uploads/images/201609/24/181/n9k4qfbVYj.png > > I also tried to make an nginx conf in my server for https://sb/ you can > change your /etc/hosts or just use curl commmand > > curl -v -H "Host: sb" https://www.sb/ > > You can find 403 Forbidden in title without any SSL certificate error because > I set the return status for https://sb/ to 403 > > Sorry for my bad English > > Best Regards, > @Showfom > _______________________________________________ > dev-security-policy mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ > dev-security-policy mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ > dev-security-policy mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security-policy
signature.asc
Description: OpenPGP digital signature
_______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
