1. All certs are revoked in time, please check our CRL;
2. WoSign logged all SSL cert since July 5th;
3. I know you are Chinese with good English, welcome to join WoSign, we need
good talent like you.
Regards,
Richard
> On 31 Aug 2016, at 01:33, Percy wrote:
>
> We classified this 33 misissuance certificate into two types: one type is we
> think this misissuance certificate is obviously not from the domain owner, we
> revoked this type certificates instantly after we know the misissuance
>
> Your statement is contradicted by the fact that the other two mis-issued
> Github certs are not revoked 14 months after the original breach and you
> being aware of such breach.
>
>
>
> we will post all issued SSL certificate in 2015 to CT log server soon.
> -
> Multiple users from the original thread have identified mis-issued
> certificate in the CT log (aggregated here
> http://www.percya.com/2016/08/chinese-ca-wosign-faces-revocation.html ) I
> don't see how posting to CT log helps. Because WoSign didn't even deal with
> mis-issued certs even after posting such certs to CT logs. Besides, WoSign
> has issued back-dated certs, due to bug or not. Hence at least all CT should
> be required for ALL WoSign issued cert.
>
>
> Third, due to the English language limit, we know we can't understand all
> related international standard that it may have some bugs in the system in
> the past and maybe in the future
> --
> This is absurd. Are you saying THE largest CA in China, WoSign cannot afford
> to hire a few developers fluent in English to help understand the
> international standards and in turn inform their peers? I understand that
> WoSign has to affirm they understand and will comply with BR to be included
> in the program. Are you saying that WoSign didn't even understand BR to begin
> with due to BR written in English?
> ___
> dev-security-policy mailing list
> dev-security-policy@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-security-policy
smime.p7s
Description: S/MIME cryptographic signature
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy