Hi Richard, A few questions -
1) Your post says "There will be new SSL certificates issued by a new WoSign intermediate CA which is signed by the one of global trusted root CA, it supports all the browsers (including Firefox). This will be done within one months." How will this WoSign intermediate CA be different from the 4 affected roots? Will it use the same WoSign issuance infrastructure used by the 4 roots that Mozilla has decided to distrust? 2) Your announcement to customers only discusses Mozilla's action. Are you planning to inform customers of how Apple's decision to distrust WoSign's roots will affect WoSign operations? 3) A previous Qihoo 360 document said that you are being removed as WoSign CEO. Are you still authorized by Qihoo 360 to make announcements like this? -- Eric On Sun, Oct 23, 2016 at 10:46 PM, Richard Wang <rich...@wosign.com> wrote: > Hi Kathleen, > > WoSign released the news today since I just came back from USA CABF > meeting. > > http://www.wosign.com/news/announcement_about_Mozilla_Action_20161024.htm > (in Chinese) > > https://www.wosign.com/english/News/announcement_ > about_Mozilla_Action_20161024.htm (in English) > > > > Best Regards, > > Richard > > -----Original Message----- > From: dev-security-policy [mailto:dev-security-policy-bounces+richard= > wosign....@lists.mozilla.org] On Behalf Of Kathleen Wilson > Sent: Friday, October 21, 2016 10:43 AM > To: mozilla-dev-security-pol...@lists.mozilla.org > Subject: Re: Remediation Plan for WoSign and StartCom > > On Thursday, October 20, 2016 at 6:59:08 PM UTC-7, Percy wrote: > > Kathleen, > > As most users affected by this decision are Chinese, will you be able to > make the blog post available in Chinese on the security blog as well? You > can ask the Chinese firefox community or me to translate. > > > > As I stated earlier, there are almost no news of the distrust of > WoSign/StartCom on the Chinese Internet and WoSign/StartCom has not posted > anything related to this. I believe it's paramount to prepare Chinese > website owners for the phasing out of the affected roots. > > Noted. I will look into how to get it translated into Chinese and how to > make that version available as well. > > Thanks, > Kathleen > > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy > -- konklone.com | @konklone <https://twitter.com/konklone> _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy