On 09/10/16 23:43, Percy wrote: > Tan said, for StartCom and WoSign’s infrastructure, the PKI servers > were/are shared, the CRL/OCSP, TSA code were cloned and the StartCom > and WoSign shared the software development team. > > Also some management team are shared I assume since Richard Wang > approved Tyro's backdated cert from StartCom. > > As we saw most problems discovered are either due to software > development(issue F,H,L,N,V) or management (issue S,P,R). And those > team were shared between WoSign and StartCom at the time of the > incidents.
That's not so for issues F, H, L, N or P. These all happened before the date when WoSign took legal ownership of StartCom (Nov 1st 2015) and before the technical changes to use some WoSign code (Dec 18-22 2015). R relates to the purchase; S and V were afterwards. Gerv _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
