Wow. That is disheartening. Those are issued from their newly cut intermediates issued descending from their G3 root, which I had assumed was the infrastructure that they intend to get audited for inclusion into the various root programs again.
It would seem an issuance like that on that infrastructure was a bad call if I'm correct on that part. Or at a minimum, I really hope they had permission from whoever owns test.cn. I actually was a long time paying customer and fan of StartCom. It really was the cheapest way to pre-validate and do multiple EV issuances. I thought their issuance interface was rather innovative, along with their pricing model. (I'm aware of the controversy on the charging for revocation thing, and I see both sides. Ultimately, I agree that responsible revocation is a matter that should not disincentivized by economic policies of an individual CA.) Matt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy