On Thursday, August 3, 2017 at 3:55:34 PM UTC-7, Kathleen Wilson wrote:
> On Monday, July 10, 2017 at 12:47:31 PM UTC-7, Kathleen Wilson wrote:
> > I also think we should remove the old WoSign root certs from NSS.
> >
> > Reference:
> > https://wiki.mozilla.org/CA/Additional_Trust_Changes#WoSign
> You will fail #4. Because your system, as designed, cannot and does not
> comply with the Baseline Requirements.
Is there a design outline in the security audit as well? No one in the
community can judge either yours or WoSign's statement as this information is
not shared with us. I suggest
On Tuesday, July 11, 2017 at 8:16:50 AM UTC-7, Jonathan Rudenberg wrote:
> > On Jul 11, 2017, at 06:53, okaphone.elektronika--- via dev-security-policy
> > wrote:
> >
> > On Monday, 10 July 2017 08:55:38 UTC+2, Richard Wang wrote:
> >>
> >> Please note
So it seems that Richard Wang still has the final executive decisions regarding
security in daily operations. Basically WoSign simply changed the title of the
position from CEO to COO and bypassed Mozilla's requirement?
On Sunday, July 9, 2017 at 7:26:28 PM UTC-7, Richard Wang wrote:
> The
On Friday, April 28, 2017 at 1:19:01 AM UTC-7, Richard Wang wrote:
> Hi Ryan,
>
>
>
> For your question “Do you believe that, during the discussions about how to
> respond to WoSign's issues, the scope of impact was underestimated?”, the
> answer is YES.
>
>
>
> After Oct 21 2016, WoSign
On Monday, August 7, 2017 at 2:36:10 PM UTC-7, Itzhak Daniel wrote:
> On Monday, August 7, 2017 at 11:03:27 PM UTC+3, Jakob Bohm wrote:
> > 7. At Quihoo: Actually get rid of Richard Wang, not just change his
> >title from CEO to COO.
>
> I didn't map the new hierarchy of the "Spanish"
https://blogs.technet.microsoft.com/mmpc/2017/08/08/microsoft-to-remove-wosign-and-startcom-certificates-in-windows-10/
Microsoft has concluded that the Chinese Certificate Authorities (CAs) WoSign
and StartCom have failed to maintain the standards required by our Trusted Root
Program. Observed
On Monday, May 1, 2017 at 7:49:32 AM UTC-7, Henri Sivonen wrote:
> On Mon, May 1, 2017 at 11:31 AM, Gervase Markham via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
> > On 01/05/17 07:52, Percy wrote:
> >> It seems that StartCom continues to sell untrusted certs. Neither
It seems that StartCom continues to sell untrusted certs. Neither their home
page https://www.startcomca.com/ nor their announcement page
https://www.startcomca.com/index/news mentions that those certs are not
trusted.
___
dev-security-policy mailing
"Conclusion: StartCom's attempt to restart the CA was rushed."
"It was a very hard task in very few time but the people at 360 tried
everything to get it done by that date, end of december 2016, and yes, we
reached the date but with many failures"
May I ask why StartCom choose to rush
On Sunday, August 27, 2017 at 10:59:48 PM UTC-7, Richard Wang wrote:
> We released replacement notice in Chinese in our website:
> https://www.wosign.com/news/announcement-about-Microsoft-Action-20170809.htm
> https://www.wosign.com/news/announcement-about-Google-Action-20170710.htm
>
links to all of WoSign's announcement in case anyone want to verify.
https://www.wosign.com/news/index.htm year 2017
https://www.wosign.com/news/index2016.htm year 2016
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
In fact, can you tell us, when was the first time WoSign started to notify
users about replacing certs?
I've dig through all of WoSign's announcement and the first and in fact the
ONLY announcement regarding replacing certs is dated July 10th, 2017 , titled
Announcement regarding Google's
It's true that the first post has a link to that second post. However, the
related sentence is
To learn more, please visit "Announcement regarding Google's decision on July
7th", with a hyperlink to the second post.
And only the second post mentions anything about replacing certs. I hardly
On Wednesday, August 30, 2017 at 11:15:04 AM UTC-7, Kathleen Wilson wrote:
> Posted:
>
> https://blog.mozilla.org/security/2017/08/30/removing-disabled-wosign-startcom-certificates-firefox-58/
>
> I will look into getting this translated and published in China.
>
> Thanks,
> Kathleen
Thank you
On Friday, August 25, 2017 at 4:42:29 PM UTC-7, Kathleen Wilson wrote:
> On Friday, August 4, 2017 at 12:01:15 AM UTC-7, Percy wrote:
> > I suggest that Mozilla can post an announcement now about the complete
> > removal of WoSign/StartCom to alert website developers. I suspect that a
> >
16 matches
Mail list logo