There's some good questions there, actually. OEM SSL, does that mean another CA would be doing the validation and issuing using their own infrastructure and team, which you would be reselling via a constrained intermediate? I don't think it'd be a good idea at present to be gaining effectively a new CA certificate that is cross-signed, only to be using the existing infrastructure that is currently meant to be undergoing remediation. That'd probably be put under the same restrictions too if that's the case. Samuel Pinder
On Mon, Oct 24, 2016 at 6:43 AM, Richard Wang <[email protected]> wrote: > For Q1: This is a OEM SSL from other trusted CA; > For Q2: We stopped the free SSL certificate after Apple announcement, it is > announced in our free SSL website; > For Q3: I am the Acting CEO now till the new CEO arrives. > > > Best Regards, > > Richard > > From: Eric Mill [mailto:[email protected]] > Sent: Monday, October 24, 2016 12:05 PM > To: Richard Wang <[email protected]> > Cc: Kathleen Wilson <[email protected]>; > [email protected] > Subject: Re: Remediation Plan for WoSign and StartCom > > Hi Richard, > > A few questions - > > 1) Your post says "There will be new SSL certificates issued by a new WoSign > intermediate CA which is signed by the one of global trusted root CA, it > supports all the browsers (including Firefox). This will be done within one > months." > > How will this WoSign intermediate CA be different from the 4 affected roots? > Will it use the same WoSign issuance infrastructure used by the 4 roots that > Mozilla has decided to distrust? > > 2) Your announcement to customers only discusses Mozilla's action. Are you > planning to inform customers of how Apple's decision to distrust WoSign's > roots will affect WoSign operations? > > 3) A previous Qihoo 360 document said that you are being removed as WoSign > CEO. Are you still authorized by Qihoo 360 to make announcements like this? > > -- Eric > > On Sun, Oct 23, 2016 at 10:46 PM, Richard Wang > <[email protected]<mailto:[email protected]>> wrote: > Hi Kathleen, > > WoSign released the news today since I just came back from USA CABF meeting. > > http://www.wosign.com/news/announcement_about_Mozilla_Action_20161024.htm (in > Chinese) > > https://www.wosign.com/english/News/announcement_about_Mozilla_Action_20161024.htm > (in English) > > > > Best Regards, > > Richard > > -----Original Message----- > From: dev-security-policy > [mailto:dev-security-policy-bounces+richard<mailto:dev-security-policy-bounces%2Brichard>[email protected]<mailto:[email protected]>] > On Behalf Of Kathleen Wilson > Sent: Friday, October 21, 2016 10:43 AM > To: > [email protected]<mailto:[email protected]> > Subject: Re: Remediation Plan for WoSign and StartCom > > On Thursday, October 20, 2016 at 6:59:08 PM UTC-7, Percy wrote: >> Kathleen, >> As most users affected by this decision are Chinese, will you be able to >> make the blog post available in Chinese on the security blog as well? You >> can ask the Chinese firefox community or me to translate. >> >> As I stated earlier, there are almost no news of the distrust of >> WoSign/StartCom on the Chinese Internet and WoSign/StartCom has not posted >> anything related to this. I believe it's paramount to prepare Chinese >> website owners for the phasing out of the affected roots. > > Noted. I will look into how to get it translated into Chinese and how to make > that version available as well. > > Thanks, > Kathleen > > _______________________________________________ > dev-security-policy mailing list > [email protected]<mailto:[email protected]> > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ > dev-security-policy mailing list > [email protected]<mailto:[email protected]> > https://lists.mozilla.org/listinfo/dev-security-policy > > > > -- > konklone.com<https://konklone.com> | @konklone<https://twitter.com/konklone> > _______________________________________________ > dev-security-policy mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
