On Fri, 30 Sep 2016 15:17:49 +0200 Jakob Bohm <jb-mozi...@wisemo.com> wrote:
> The Feisty Duck "Bulletproof TLS Newsletter" sent out yesterday seems > to slightly misreport the WoSign/StartCom situation, as it claims the > distrust has already been "finally decided", rather than just > proposed. Hi, I'm sorry for that... We have updated the online version of the newsletter to better reflect the situation: https://www.feistyduck.com/bulletproof-tls-newsletter/issue_20_mozilla_and_wosign_comodo_sb_and_tc_certificates.html Here's the relevant changed chapter: ---------------------------- Mozilla now proposes that new certificates from WoSign and StartCOM should no longer be trusted in their browser. They could reapply for browser inclusion in a year under certain conditions. Existing certificates would still be trusted. This would theoretically allow WoSign to create backdated certificates, however Mozilla announced that if they saw any evidence of this they would immediately distrust all Wosign/StartCOM certificates. -- Hanno Böck https://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
pgpMGrjRolhgu.pgp
Description: OpenPGP digital signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy