Re: Incidents involving the CA WoSign

2016-08-30 Thread dymutaos
On Monday, August 29, 2016 at 12:08:36 PM UTC-4, mar...@marcan.st wrote: > On Monday, August 29, 2016 at 5:41:06 PM UTC+9, Gervase Markham wrote: > > On 29/08/16 05:46, Richard Wang wrote: > > > For incident 1 - mis-issued certificate with un-validated subdomain, > > > total 33 certificates. We

Re: Incidents involving the CA WoSign

2016-08-30 Thread dionyziz
If I understand correctly, these 105 certificates are all mis-issued using the incorrect policies of either (0) website control validation with higher port numbers, or (1) parent domain-name verification by demonstrating control of a subdomain. It is unclear why, given the fact that incorrect

Re: formal reply RE: Incidents involving the CA WoSign

2016-08-30 Thread Percy
We classified this 33 misissuance certificate into two types: one type is we think this misissuance certificate is obviously not from the domain owner, we revoked this type certificates instantly after we know the misissuance Your statement is contradicted by the fact that the other two

Re: Incidents involving the CA WoSign

2016-08-30 Thread Percy
https://crt.sh is down. Maybe someone can check with comodo to see whether they got DDOSed? Here are the Google CT for the possibly mis-issued certs mentioned in this thread. It would be a lot harder to take down the Google CT. Possible fake cert for Github

Re: Incidents involving the CA WoSign

2016-08-30 Thread Rob Stradling
On 30/08/16 18:45, Percy wrote: https://crt.sh is down. Maybe someone can check with comodo to see whether they got DDOSed? Sorry about that. crt.sh is back up now. It wasn't a DDOS attack. Every so often something goes awry with the database replication (between crt.sh's master database

Reuse of serial numbers by StartCom

2016-08-30 Thread Peter Bowen
In reviewing the Certificate Transparency logs, I noticed the StartCom has issued multiple certificates with identical serial numbers and identical issuer names. https://crt.sh/?serial=14DCA8 (2014-12-07) https://crt.sh/?serial=04FF5D653668DB (2015-01-05) https://crt.sh/?serial=052D14BA553ED0

Re: formal reply RE: Incidents involving the CA WoSign

2016-08-30 Thread Richard Wang
1. All certs are revoked in time, please check our CRL; 2. WoSign logged all SSL cert since July 5th; 3. I know you are Chinese with good English, welcome to join WoSign, we need good talent like you. Regards, Richard > On 31 Aug 2016, at 01:33, Percy wrote: > > We

Re: Added columns to Revoked Intermediate Certs reports

2016-08-30 Thread Kathleen Wilson
On 8/26/16 4:36 PM, Kathleen Wilson wrote: We've added two columns to the Revoked Intermediate CA Certificates reports that are available here: https://wiki.mozilla.org/CA:RevokedSubCAcerts The reports are: https://mozillacaprogram.secure.force.com/CA/PublicIntermediateCertsRevoked and

Re: Incidents involving the CA WoSign

2016-08-30 Thread itk98 . il
Wosign indirectly bought StartSSL, https://www.letsphish.org On Monday, August 29, 2016 at 11:27:59 AM UTC+3, Gervase Markham wrote: > If WoSign are hosting StartCom's infra, it still leaves open the > question of why StartCom are deploying code that WoSign are no longer > using, and haven't

Re: Incidents involving the CA WoSign

2016-08-30 Thread Peter Bowen
On Wed, Aug 24, 2016 at 6:08 AM, Gervase Markham wrote: > Dear m.d.s.policy, > > Several incidents have come to our attention involving the CA "WoSign". > Mozilla is considering what action it should take in response to these > incidents. This email sets out our understanding of

RE: Incidents involving the CA WoSign

2016-08-30 Thread Richard Wang
This case is in the BR report: https://cert.webtrust.org/SealFile?seal=2019=pdf Thanks. Best Regards, Richard -Original Message- From: Peter Bowen [mailto:pzbo...@gmail.com] Sent: Wednesday, August 31, 2016 10:45 AM To: Gervase Markham Cc:

formal reply RE: Incidents involving the CA WoSign

2016-08-30 Thread Richard Wang
Dear all, This email is the formal reply from WoSign for this 3 incidents. First, thank you all very much to help WoSign to improve our system security that helped the global Internet security. And I am very sorry deeply for the related 33 misissuance certificates subscribers that we like to