On Saturday, October 1, 2016 at 2:02:25 AM UTC-7, certificate-au...@group.apple.com wrote: > Blocking Trust for WoSign CA Free SSL Certificate G2 > > Certificate Authority WoSign experienced multiple control failures in their > certificate issuance processes for the WoSign CA Free SSL Certificate G2 > intermediate CA. Although no WoSign root is in the list of Apple trusted > roots, this intermediate CA used cross-signed certificate relationships with > StartCom and Comodo to establish trust on Apple products. > > In light of these findings, we are taking action to protect users in an > upcoming security update. Apple products will no longer trust the WoSign CA > Free SSL Certificate G2 intermediate CA. > > To avoid disruption to existing WoSign certificate holders and to allow their > transition to trusted roots, Apple products will trust individual existing > certificates issued from this intermediate CA and published to public > Certificate Transparency log servers by 2016-09-19. They will continue to be > trusted until they expire, are revoked, or are untrusted at Apple’s > discretion. > > As the investigation progresses, we will take further action on > WoSign/StartCom trust anchors in Apple products as needed to protect users. > > Regards, > > Apple Root Certificate Program
Richard, As the management reshuffling is part of WoSign/StartCom's response, may I ask under what capacity are you still representing WoSign on this forum? _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy