On Fri, 30 Sep 2016 15:17:49 +0200
Jakob Bohm <jb-mozi...@wisemo.com> wrote:

> The Feisty Duck "Bulletproof TLS Newsletter" sent out yesterday seems
> to slightly misreport the WoSign/StartCom situation, as it claims the
> distrust has already been "finally decided", rather than just
> proposed.

Hi,

I'm sorry for that... We have updated the online version of the
newsletter to better reflect the situation:
https://www.feistyduck.com/bulletproof-tls-newsletter/issue_20_mozilla_and_wosign_comodo_sb_and_tc_certificates.html

Here's the relevant changed chapter:
----------------------------
Mozilla now proposes that new certificates from WoSign and StartCOM
should no longer be trusted in their browser. They could reapply for
browser inclusion in a year under certain conditions. Existing
certificates would still be trusted. This would theoretically allow
WoSign to create backdated certificates, however Mozilla announced that
if they saw any evidence of this they would immediately distrust all
Wosign/StartCOM certificates.

-- 
Hanno Böck
https://hboeck.de/

mail/jabber: ha...@hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

Attachment: pgpMGrjRolhgu.pgp
Description: OpenPGP digital signature

_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to