As China's largest certificate authority "WoSign" has been tampering with certificate issuance date, Firefox will block the policy

ByEljay

China's largest certificate authority "WoSign" issued a fake certificateProblem, a web browser - Firefox has strengthened its policy of blocking WoSign certificates.

WoSign and StartCom - Google Docs
https://docs.google.com/document/d/1C6BlmbeQfn4a9zydVi2UvjBGv6szuSB4sMYUcVrR8vQ/


Firefox ready to block certificate authority that threatened Web security | Ars Technica
http://arstechnica.com/security/2016/09/firefox-ready-to-block-certificate-authority-that-threatened-web-security/

Mozilla wants woeful WoSign certs off the list • The Register
http://www.theregister.co.uk/2016/09/27/mozilla_wants_woeful_wosign_certs_off_the_list/

According to the pointed out, it is clear that WoSign has been in a state where you can issue a certificate of base domain even if there is only subdomain administrative right of a certain domain.

Also, as well as WoSign, it is regarded as a matter of silently acquiring Israel's StartCom CA, known as a CA (Certification Authority) that issues certificates for free, and not revealing changes in ownership. A news release has been announced that StartCom remains independent of WoSign, but Mozilla's survey shows that StartCom is in the state of using WoSign's infrastructure.

Welcome to StartCom
https://www.startcom.org/


In addition, MozillaIt should not be issued after 2016I was issuing the guidelineSHA-1We have tampered with issuing a certificate using camouflage on the date over the last nine months. this isCA Browser ForumWoSign denies, but in Australia's "Tyro.com" site we have found a certificate that falsified the issue date by WoSign / StartCom. In addition, it is said that 62 certificates which tamper with the issue timing were found in the same way.