WoSign has so far announced nothing about those incidents or immediate distrust (Apple and Mozilla) to its end users. On the contrary, WoSign had a press release dated Oct 8th (https://www.wosign.com/news/netcraft-ssl-oct.htm) titled "WoSign SSL certs reaches almost 50% market share in China". In the press release, it stated that "WoSign's achievement today is due to company founder and CEO Richard Wang leads all staff to be dedicated". WoSign is depicted as this positive, strong growing company. Nothing about its distrust in the immediate future is mentioned.
In Oct 7th, in the incident report in English, WoSign admitted multiple intentional mistakes and deceptions (https://www.google.com/url?q=https%3A%2F%2Fwww.wosign.com%2Freport%2FWoSign_Incident_Report_Update_07102016.pdf&sa=D&sntz=1&usg=AFQjCNGRzAxwYrEEiA_SN5gfcsftSst0nA) and that the CEO Richard Wang to be relieved of its duties. I'm calling WoSign out on this two-faced behavior towards Chinese end users and foreign security researchers. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
