WoSign has so far announced nothing about those incidents or immediate distrust
(Apple and Mozilla) to its end users. On the contrary, WoSign had a press
release dated Oct 8th (https://www.wosign.com/news/netcraft-ssl-oct.htm) titled
"WoSign SSL certs reaches almost 50% market share in China". In the press
release, it stated that "WoSign's achievement today is due to company founder
and CEO Richard Wang leads all staff to be dedicated". WoSign is depicted as
this positive, strong growing company. Nothing about its distrust in the
immediate future is mentioned.
In Oct 7th, in the incident report in English, WoSign admitted multiple
intentional mistakes and deceptions
and that the CEO Richard Wang to be relieved of its duties.
I'm calling WoSign out on this two-faced behavior towards Chinese end users and
foreign security researchers.
dev-security-policy mailing list