On Wednesday, September 28, 2016 at 12:16:51 AM UTC-7, Peter Gutmann wrote: > Percy <[email protected]> writes: > >On Tuesday, September 27, 2016 at 2:15:38 AM UTC-7, Gervase Markham wrote: > >> Participants may be interested in this blog post from Tyro: > >> https://tyro.com/blog/merchant-security-is-tyros-priority/ > > > >So this is almost proof that WoSign/StartCom has been intentionally back- > >dating certificates to avoid blocks on SHA-1 issuance in browsers. > > Did anyone keep a copy of that post? Looks like they took it down pretty > quickly, possibly in response to the above. > > Peter.
I'm assuming WoSign/StartCom pressured Tyro to remove the blog post. WoSign/StartCom has previously publicly threatened legal actions over the secret purchase. Are those suppression attempts factored in when making trust decisions? _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
