<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">+1
<br>
We started using Digicert instead of Verisign a few years back and other than the need to install new root certificates on some of our stuff that didn’t know about Digicert early on we haven’t had any issues.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> ale-bounces@ale.org [mailto:ale-bounces@ale.org]
<b>On Behalf Of </b>James Sumners<br>
<b>Sent:</b> Monday, January 30, 2017 3:41 PM<br>
<b>To:</b> Atlanta Linux Enthusiasts<br>
<b>Subject:</b> Re: [ale] Oct News: StartCom, WoSign distrusted by Mozilla, Google, Apple<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">We use DigiCert at work and haven't ever had any issues. I actually really like their support and information they have in their help section.<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Personally, I use <a href="http://letsencrypt.org">letsencrypt.org</a>. The official client is awful, but this one is great -- <a href="https://github.com/hlandau/acme">https://github.com/hlandau/acme</a><o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On Mon, Jan 30, 2017 at 3:08 PM, Brian W. Neu <<a href="mailto:ale@advancedopen.com" target="_blank">ale@advancedopen.com</a>> wrote:<o:p></o:p></p>
<p class="MsoNormal">Randomly logged into my StartCom account today to see all kinds of red text about free verifications and expirations and workarounds.<br>
<br>
Through a little reading, it's clear that the Mozilla Foundation and Google have both announced that they are distrusting the StartCom and WoSign CA's due to deceptive practices unbecoming of a certificate authority. The short story is that WoSign, a Chinese
company claiming 70% of the certificate market in China, was allowing for the backdating of new SHA1 signings to avoid some kind of sunset imposed by Microsoft and others. WoSign also acquired StartCom in 2015, and purposely hid this from the public, even
denied it to the Mozilla Foundation until irrefutable evidence surfaced.<br>
<br>
Looks like StartCom is trying to mitigate damage by spinning off as a separate entity, but what a disaster! Any alternative CA's led by non-shady businessmen? Comodo?<br>
<br>
<a href="https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/" target="_blank">https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/</a>
<br>
<br>
<a href="https://en.wikipedia.org/wiki/StartCom" target="_blank">https://en.wikipedia.org/wiki/StartCom</a><br>
<br>
<a href="https://www.thesslstore.com/blog/wosign-startcom-separated/" target="_blank">https://www.thesslstore.com/blog/wosign-startcom-separated/</a><br>
<br>
<a href="https://security.googleblog.com/2016/10/distrusting-wosign-and-startcom.html" target="_blank">https://security.googleblog.com/2016/10/distrusting-wosign-and-startcom.html</a><br>
<br>
_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org" target="_blank">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><o:p></o:p></p>
</div>
<p class="MsoNormal"><br>
<br clear="all">
<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p class="MsoNormal">-- <o:p></o:p></p>
<div>
<p class="MsoNormal">James Sumners<br>
<a href="http://james.sumners.info/" target="_blank">http://james.sumners.info/</a> (technical profile)<br>
<a href="http://jrfom.com/" target="_blank">http://jrfom.com/</a> (personal site)<br>
<a href="http://haplo.bandcamp.com/" target="_blank">http://haplo.bandcamp.com/</a> (music)<o:p></o:p></p>
</div>
</div>
</div>
</body>
</html>