MozillaWiki

CA/WoSign Issues: Difference between revisions

Page Discussion

CA/WoSign Issues (view source)

Revision as of 09:52, 9 September 2016

475 bytes added ,  9 September 2016
Expand incident R
(Update to clarify that reporter did not report to WoSign)
(Expand incident R)
Line 199: Line 199:
==Issue R: Purchase of StartCom (Nov 2015)==
==Issue R: Purchase of StartCom (Nov 2015)==


WoSign purchased the CA "StartCom" and did not disclose the transaction as a change of ownership, which may violate section 5 of the [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/maintenance/ Mozilla CA Certificate Maintenance Policy]. More details to be provided.
WoSign purchased the CA "StartCom" and did not disclose the transaction as a change of ownership, which we believe violates section 5 of the [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/maintenance/ Mozilla CA Certificate Maintenance Policy]. Furthermore, when this clause was brought to their attention, they denied that any changes fell under it, and they attempted to suppress further information about the ownership transfer when it was brought to the community's attention.
 
Full details can be found in [https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/0pqpLJ_lCJQ the post in mozilla.dev.security.policy].
 
===WoSign Response===
 
We have not yet had an official response from WoSign or StartCom about this issue.


==Issue S: Backdated SHA-1 Certs (January 2016)==
==Issue S: Backdated SHA-1 Certs (January 2016)==
Gerv
Account confirmers, Anti-spam team, Confirmed users, Bureaucrats and Sysops emeriti
4,925

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/1147266"