On Monday, October 24, 2016 at 6:09:50 PM UTC-7, Kathleen Wilson wrote:
> The security blog about Distrusting New WoSign and StartCom Certificates has
> been published:
>
> https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/
>
> Chinese translations of
On Monday, October 31, 2016 at 4:40:49 PM UTC-7, Percy wrote:
> Ryan,
> It's great Chrome will distrust WoSign and StartCom. Google's blog post
> stated that "Due to a number of technical limitations and concerns, Google
> Chrome is unable to trust all pre-existing certificates while ensuring our
>
On Monday, October 31, 2016 at 5:07:06 PM UTC-7, nessun...@gmail.com wrote:
> I see that Google's response (and Apple's) is harsher than Mozilla, by
> caterogically distrusts WoSign and StartCom without granting the option, as
> Mozilla does, to resubmit a new CA application after a set period of
I see that Google's response (and Apple's) is harsher than Mozilla, by
caterogically distrusts WoSign and StartCom without granting the option, as
Mozilla does, to resubmit a new CA application after a set period of time
through which they work to correct their flawed procedures.
__
Ryan,
It's great Chrome will distrust WoSign and StartCom. Google's blog post
stated that "Due to a number of technical limitations and concerns, Google
Chrome is unable to trust all pre-existing certificates while ensuring our
users are sufficiently protected from further misissuance.". Could you
On Monday, October 24, 2016 at 6:09:50 PM UTC-7, Kathleen Wilson wrote:
> The security blog about Distrusting New WoSign and StartCom Certificates has
> been published:
>
> https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/
>
> Chinese translations of
Kathleen,
This coverage is very encouraging! Among the sites you included, huanqiu, which
is a newspaper operated by the central government is notable. So far, no
censorship has been observed, contrary to the blanket censorship of the
previous CNNIC case.
___
Kathleen,
This coverage is very encouraging! Among the sites you included, huanqiu, which
is a newspaper operated by the central government is notable. So far, no
censorship has been observed, contrary to the blanket censorship of the
previous CNNIC case.
___
Kathleen,
This coverage is very encouraging! Among the sites you included, huanqiu, which
is a newspaper operated by the central government is notable. So far, no
censorship has been observed, contrary to the blanket censorship of the
previous CNNIC case.
___
Kathleen,
This coverage is very encouraging! Among the sites you included, huanqiu, which
is a newspaper operated by the central government is notable. So far, no
censorship has been observed, contrary to the blanket censorship of the
previous CNNIC case.
___
More links in simplified Chinese:
Weibo: http://weibo.com/1663337394/EeutZ447K?type=comment#_rnd1477447436655
Toutiao: http://www.toutiao.com/i6345313124182131201/
Below is some coverage from China, all coverage contained message pull-through
from Mozilla's blog post and mentioned WoSign's respo
On Tuesday, 25 October 2016 4:30:39 PM UTC Percy wrote:
> StartCom on the other hand, issued no announcement
> (https://startssl.com/News) even under multiple explicit inquires from
> multiple users
> (https://forum.startcomca.com/viewforum.php?f=16&sid=549011a08d3a081898f1e1
> 542d3ecc10).
There
Message-
From: dev-security-policy
[mailto:dev-security-policy-bounces+richard=wosign@lists.mozilla.org] On
Behalf Of Percy
Sent: Wednesday, October 26, 2016 1:02 PM
To: mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: Distrusting New WoSign and StartCom Certificates -- Mozilla
...@lists.mozilla.org
Subject: Re: Distrusting New WoSign and StartCom Certificates -- Mozilla
Security Blog
StartCom on the other hand, issued no announcement
(https://startssl.com/News) even under multiple explicit inquires from
multiple users
(https://forum.startcomca.com/viewforum.php?f=16&
That you have to ask WoSign.
The exact wording is
"将增加一个产品选项,用户可以选购从新的沃通(WoSign)中级根证书下签发的支持所有浏览器(包括火狐浏览器)的SSL证书,在过渡期八折优惠。此中级根证书将由全球信任的其他CA根证书签发,支持所有浏览器和所有新老终端设备。此项产品升级计划一个月内完成并为广大用户提供证书服务;"
My translation: [WoSign] will add a new product selection. Users can choose SSL
certs signed by the new
On 26/10/16 01:27, Percy wrote:
> WoSign will roll out a globally trusted intermediate cert to sign new
> certs with the existing WoSign system that had so many control
> failures.
>
> Does Mozilla and this community accept such a work-around for WoSign?
> If we do, then what's the point of distru
StartCom on the other hand, issued no announcement (https://startssl.com/News)
even under multiple explicit inquires from multiple users
(https://forum.startcomca.com/viewforum.php?f=16&sid=549011a08d3a081898f1e1542d3ecc10).
___
dev-security-policy
WoSign will roll out a globally trusted intermediate cert to sign new certs
with the existing WoSign system that had so many control failures.
Does Mozilla and this community accept such a work-around for WoSign? If we do,
then what's the point of distrust those WoSign root certs? If not, then
WoSign has posted an announcement regarding Mozilla's decision. In the
announcement, WoSign stated
WoSign actively cooperated with the investigation and has always fix all the
issues immediately after the discovery and called Mozilla's decision
"exceptionally severe".
Certs issued by existing
On Monday, October 24, 2016 at 6:09:50 PM UTC-7, Kathleen Wilson wrote:
> The security blog about Distrusting New WoSign and StartCom Certificates has
> been published:
>
> https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/
>
Chinese versions have bee
20 matches
Mail list logo