I wish everyone can talk about this case friendly and equally. It is very common that everyone can register any domain based on the first come and first service rule.
We know Let's Encrypt is released after the public announcement, but two day later, its .cn domain is still not registered, I think maybe it is caused by the strict registration rule in China, so I registered it for protection that not registered by Cornbug. We don’t use those domains for any WoSign's services that we provide similar service: https://pki.click/index_En.htm (SSL Wizard, StartEncrypt) Now, if Mozilla or Let’s Encrypt contact me officially and request to transfer the two domains to them, no any problem, we can transfer to them for FREE! But please notice that this arrangement is for friendship, not for others ...... Best Regards, Richard -----Original Message----- From: dev-security-policy [mailto:[email protected]] On Behalf Of [email protected] Sent: Saturday, December 17, 2016 1:34 AM To: [email protected] Subject: wosign and letsencrypt.cn / letsencrypt.com.cn It seams that wosign has registered the domains letsencrypt.cn and letsencrypt.com.cn in 2014 after the public announce of Let's Encrypt : whois letsencrypt.cn Domain Name: letsencrypt.cn ROID: 20141120s10001s72911711-cn Domain Status: clientTransferProhibited Registrant ID: k35-n2041486_00 Registrant: 深圳市沃通电子商务服务有限公司 Registrant Contact Email: [email protected] Sponsoring Registrar: 厦门三五互联科技股份有限公司 Name Server: ns3.dns-diy.com Name Server: ns4.dns-diy.com Registration Time: 2014-11-20 09:57:27 Expiration Time: 2017-11-20 09:57:27 DNSSEC: unsigned whois letsencrypt.com.cn Domain Name: letsencrypt.com.cn ROID: 20141120s10011s84227837-cn Domain Status: clientTransferProhibited Registrant ID: k35-n2041486_00 Registrant: 深圳市沃通电子商务服务有限公司 Registrant Contact Email: [email protected] Sponsoring Registrar: 厦门三五互联科技股份有限公司 Name Server: ns3.dns-diy.com Name Server: ns4.dns-diy.com Registration Time: 2014-11-20 09:57:28 Expiration Time: 2017-11-20 09:57:28 Let's Encrypt was announced publicly on November 18, 2014 ( http://www.crn.com/news/cloud/300074840/lets-encrypt-a-free-and-automated-certificate-authority-comes-out-of-stealth-mode.htm ). That domain appear to be registered two days after. Certificate authorities are about trust. I don't feel comfortable about a CA registering a domain matching the name of another CA. What is the position of Mozilla about that? Maybe Let's Encrypt or wosign have more information about these domains? https://community.letsencrypt.org/t/letsencrypt-cn-and-letsencrypt-com-cn-was-registered-by-wosign/23786 Other relevant thread: Comodo Legal Phishing attack against ISRG? https://groups.google.com/d/msg/mozilla.dev.security.policy/n-8kcrSuhjg/WKj-PAI2BgAJ _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
