[ale] Oct News: StartCom, WoSign distrusted by Mozilla, Google, Apple

James Sumners james.sumners at gmail.com
Mon Jan 30 15:40:36 EST 2017


We use DigiCert at work and haven't ever had any issues. I actually really
like their support and information they have in their help section.

Personally, I use letsencrypt.org. The official client is awful, but this
one is great -- https://github.com/hlandau/acme

On Mon, Jan 30, 2017 at 3:08 PM, Brian W. Neu <ale at advancedopen.com> wrote:

> Randomly logged into my StartCom account today to see all kinds of red
> text about free verifications and expirations and workarounds.
>
> Through a little reading, it's clear that the Mozilla Foundation and
> Google have both announced that they are distrusting the StartCom and
> WoSign CA's due to deceptive practices unbecoming of a certificate
> authority.  The short story is that WoSign, a Chinese company claiming 70%
> of the certificate market in China, was allowing for the backdating of new
> SHA1 signings to avoid some kind of sunset imposed by Microsoft and
> others.  WoSign also acquired StartCom in 2015, and purposely hid this from
> the public, even denied it to the Mozilla Foundation until irrefutable
> evidence surfaced.
>
> Looks like StartCom is trying to mitigate damage by spinning off as a
> separate entity, but what a disaster!  Any alternative CA's led by
> non-shady businessmen?  Comodo?
>
> https://blog.mozilla.org/security/2016/10/24/distrusting-
> new-wosign-and-startcom-certificates/
>
> https://en.wikipedia.org/wiki/StartCom
>
> https://www.thesslstore.com/blog/wosign-startcom-separated/
>
> https://security.googleblog.com/2016/10/distrusting-wosign-
> and-startcom.html
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>



-- 
James Sumners
http://james.sumners.info/ (technical profile)
http://jrfom.com/ (personal site)
http://haplo.bandcamp.com/ (music)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20170130/4fe4b9c1/attachment.html>


More information about the Ale mailing list