https://bugs.kde.org/show_bug.cgi?id=369148
Bug ID: 369148
Summary: CA StartCom should not be trusted please use Let's
Encrypt
Product: bugs.kde.org
Version: unspecified
Platform: Other
URL: https://bugs.kde.org
OS: other
Status: UNCONFIRMED
Severity: wishlist
Priority: NOR
Component: product/component changes
Assignee: sysad...@kde.org
Reporter: logan...@gmail.com
CC: cgiboude...@gmx.com
Recently it is exposed that WoSign, a Chinese Certificate Authority (CA),
secretly purchased StartCom, the CA currently signing all certificates of
KDE.org. The related news and comments are linked here:
https://news.ycombinator.com/item?id=12411870
Both WoSign and StartCom have been reported on their loose verification and
issuing practices, often violating their own ToS and basic CA requirements.
They are not worth trusting. I have chosen to disable their root certificates
in all my browsers, and I advise everyone seeing this to do the same. It is for
the better to transition from it and to Let's Encrypt, an open, free and
automated CA. The documentation of Let's Encrypt is linked here:
https://letsencrypt.org/docs/
I have no affiliation with WoSign, StartCom, or Let's Encrypt.
Reproducible: Always
Steps to Reproduce:
1. Access the url provided
2. View the certificate of server
Actual Results:
Issuer field of the certificate is:
CN = StartCom Class 2 Primary Intermediate Server CA
OU = Secure Digital Certificate Signing
O = StartCom Ltd.
C = IL
Expected Results:
Issuer field of the certificate should be:
CN = Let's Encrypt Authority X3
O = Let's Encrypt
C = US
--
You are receiving this mail because:
You are watching all bug changes.
