在 2016年10月30日星期日 UTC+8下午9:15:48,Gervase Markham写道: > On 29/10/16 22:42, Percy wrote: > > However, on the official website > > (https://www.wosign.com/about/Why_WoSign.htm) WoSign stated that "沃通是 > > 中国唯一一家也是全球唯一一家能签发全球信任的采用国产加密算法(SM2) 的SSL证书和代码签名证书的商业CA。" WoSign is > > the only commercial CA in China -- only commercial CA in the world > > that can Sign SM2 SSL certs/code signing cert that is globally > > trusted. > > Well, that statement is either false or very misleading, because in > order for an SM2 certificate to be useful "globally", there needs to be > wide browser support. I don't know exactly which browsers support SM2, > but I know that Firefox, Chrome, Safari, IE and Edge do not. > > > This means that WoSign is not only signing SM2 certs for testing but > > also signing SM2 from the globally trusted roots in production. I > > suspect that there are SM2 certs from trusted root WoSign certs used > > in the wild. > > Can you find one? > > Gerv
SM2 is widely used in Chinese government websites. There is a openssl branch (https://github.com/guanzhi/GmSSL) who implemented SM2/SM3/SM4. And I don't see any other depolyment in HTTPS. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
