I checked our system that this is a standard order in our system that passes
the website control validation.
We issued more than 300K certificates for worldwide customers including many
famous company.
For Aliyun, it's our reseller partner, see this news:
https://www.wosign.com/english/News/aliy
We've added two columns to the Revoked Intermediate CA Certificates
reports that are available here:
https://wiki.mozilla.org/CA:RevokedSubCAcerts
The reports are:
https://mozillacaprogram.secure.force.com/CA/PublicIntermediateCertsRevoked
and
https://mozillacaprogram.secure.force.com/CA/PublicI
Here’s the crt.sh link for this certificate: https://crt.sh/?id=29884704
Can you provide more details about where this certificate came from? Did you
issue it using one of the vulnerabilities discussed in this thread?
> On Aug 26, 2016, at 01:12, 233sec Team wrote:
>
> Wosign's Issue mechanism
Wosign's Issue mechanism is high risking for large enterprise.
This is one prove:
https://gist.github.com/xiaohuilam/8589f2dfaac435bae4bf8dfe0984f69e
Alicdn.com is the cdn asset domain name of Taobao/tmall who belong to alibaba,
which are Chinese biggest online shopping websites.
With the fake c
This is the standard way in China Internet, if a west company say something to
China company, all will support the west company.
PLEASE don’t move this technical problem to political issue, thanks.
Best Regards,
Richard
-Original Message-
From: dev-security-policy
[mailto:dev-security
In most Chinese institutions, most checks and verifications are just formality.
Contracting to the case of CNNIC CA, I'm not advocating for an outright removal
of WoSign (even though I revoked the CA personally). But the incorrect
notBefore date suggests that a mandatory inclusion of CT of all c
The news about possible sanction against WoSign was reported by Solidot
http://www.solidot.org/story?sid=49448
(the Chinese version of Slashdot). Out of 12 comments in total (at the time of
writing), 8 of them call for revocation of WoSign, the rest talks about the
general bad security practices
7 matches
Mail list logo