回复：Fond Farewell to Gerv Markham

So sad to hear that. Respect him. Best, Xiaosheng Tan 原始邮件 主题：Fond Farewell to Gerv Markham 发件人：Kathleen Wilson via dev-security-policy 收件人：mozilla-dev-security-pol...@lists.mozilla.org 抄送： Dear Fellow Mozillians, It is with deep sorrow that we share the news that our friend

Termination of the certificates business of Startcom

Dear all, This is the Chairman of StartCom's board, Xiaosheng Tan. StartCom has experienced a very difficult time in our re-inclusion process. Due to some comments and decisions made by the Mozilla community, which are followed by some other browsers, StartCom’s board made a difficult but

Re: Guang Dong Certificate Authority (GDCA) root inclusion request

Agree with Gerv & Tony, More patience should be given if they want to improve. And I don’t think “I posted on the solidot (Chinese Slashdot) about this. The majority comments want the application rejected. “is enough to be the reason to reject the request. For many Chinese companies, they do

Re: StartCom & Qihoo Incidents

E>) On Sat, Oct 29, 2016 at 11:36 PM, 谭晓生 <tanxiaosh...@360.cn<mailto:tanxiaosh...@360.cn>> wrote: Is there anybody thought about why it happens in China? Why the local browser did not block the self-issued certificates? Thanks， Xiaosheng Tan 在 2016/10/30 下午1:17，“Percy”<p

Re: StartCom & Qihoo Incidents

Is there anybody thought about why it happens in China? Why the local browser did not block the self-issued certificates? Thanks， Xiaosheng Tan 在 2016/10/30 下午1:17，“Percy” 写入: On Saturday, October 29, 2016 at 5:54:10 PM UTC-7, Matt Palmer wrote: > On Sat, Oct

Re: StartCom remediation plan

Dear Gerv, We’ll rewrite all the code with different programing language or buy 3rd party components (for example: PKI), Wosign team using .Net, but my team never use .Net, they are good at C/C++ and PHP, Python. Thanks， Xiaosheng Tan 在 2016/10/14 下午11:01，“dev-security-policy 代表 Gervase

Re: StartCom & Qihoo Incidents

widely exposed in public. Moreover, the chinese name(谭晓生) of Mr. Tan Xiaosheng was mentioned in the official paper. I do NOT trust the person who developed malware, and I also do NOT trust the CA involved in censorship. ___ dev-security-

Re: StartCom & Qihoo Incidents

October 13, 2016 at 10:58:34 AM UTC+8, 谭晓生 wrote: > Yuwei, > I don’t know who you are, but I can tell you and the community, Qihoo 360 never been involved in * Fire Wall project, if you did some investigation to the message that accused Qihoo 360 joined the project “Search En

Re: StartCom & Qihoo Incidents

There could be multiple books to tell the story of Qihoo 360 and Mr.Hongyi Zhou, Qihoo 360 fighted with Baidu, Alibaba & Tencent, the three largest internet companies of China in the past 10 years, there were a lot of law suits there, win and lose together, the ecosystem of China internet is a

Re: StartCom & Qihoo Incidents

iva...@gmail.com> 写入: Would this be enough? http://www.cac.gov.cn/2016-09/19/c_1119583763.htm On Thursday, October 13, 2016 at 10:58:34 AM UTC+8, 谭晓生 wrote: > Yuwei, > I don’t know who you are, but I can tell you and the community, Qihoo 360 never been involved i

Re: StartCom & Qihoo Incidents

Yuwei, I don’t know who you are, but I can tell you and the community, Qihoo 360 never been involved in * Fire Wall project, if you did some investigation to the message that accused Qihoo 360 joined the project “Search Engine Content Security Management System”, you should know the

Re: WoSign: updated report and discussion

tion. Thanks， Xiaosheng Tan 在 2016/10/11 上午12:10，“Gervase Markham”<g...@mozilla.org> 写入: On 10/10/16 16:47, 谭晓生 wrote: > Yes, the certificate issuance process is performed by each of these > five components, except, TSA is used for code issuance and PDF > is

Re: WoSign: updated report and discussion

Hi Xiaosheng. On 09/10/16 14:54, 谭晓生 wrote: > There are 5 components of StartCom’s business supporting software: It might be useful if you were to explain what function in the certificate issuance process is performed by each of these five components. > 3. P

Re: WoSign: updated report and discussion

I also said that the official website, ordering system, certificate management system are different and independent, which is the major cause of the bugs from technical perspective, that’s why Wosign suffered the incidents of bugs but StartCom haven’t. The validation team, customer care team

Re: WoSign and StartCom: next steps

So far 360 is just an investor of Wosign, but we think we need to do something because of what happened. I’d like to have suggestions from Gev to see if Richard Wang to join the meeting is a better proposal. Thanks， Xiaosheng Tan 在 16/9/30 上午10:03，“dev-security-policy 代表 Peter

Re: Incidents involving the CA WoSign

la.org 主题： Re: Incidents involving the CA WoSign On 2016-09-20 17:31, 谭晓生 wrote: > Dear Gerv and all, > > Qihoo 360 is a company valued at USD$9.99B as it finished the privatization > on July 15th 2016, we have invested in more than 200 companies across the > world, Wosign is

Re: Incidents involving the CA WoSign

While you are here, I hope you can answer a couple of questions. 1) Are the first three shareholders listed in the attached file the same companies as the "Qihoo 360 Software (Beijing) Co., Ltd.", "Beijing Qifutong Technology Co., Ltd.", and "Beijing Yuan Tu Technology

Re: Incidents involving the CA WoSign

e the ones listed here: http://wiki.mozilla.org/CA:Policy_Participants as doing so. On 20/09/16 08:23, 谭晓生 wrote: > I’m Xiaosheng Tan, the Chief Security Officer of Qihoo 360, on the > inquiry of the disclosure of Wosign deal, we are not obligated to > disclose it