On 09/10/2016 15:54, 谭晓生 wrote:
Dear All,
This is the information that would be released by Inigo in the coming week, 
Percy asked me to answer the question, so, it is here:


3. PKI – signing service
   Code: Same code with WoSign’s one.
   Server: Shared Server.
   Location: The primary one is hosted in Qihoo 360 head quarter’s data center 
in Beijing since Dec 2015, there is a backup server in Wosign’s office in 
   Business Process: Same

Wait: Does this mean that WoSign has a copy of the StartCOM root
private key at the WoSign office?

Are there any technical obstacles to ensure that Richard Wang or his
underlings have not used that key in ways not logged in the log files
and databases now controlled by the new StartCOM?


Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
dev-security-policy mailing list

Reply via email to