As China's largest certificate authority "WoSign" has been tampering with certificate issuance date, Firefox will block the policy


China's largest certificate authority "WoSign" issued a fake certificateProblem, a web browser - Firefox has strengthened its policy of blocking WoSign certificates.

WoSign and StartCom - Google Docs

Firefox ready to block certificate authority that threatened Web security | Ars Technica

Mozilla wants woeful WoSign certs off the list • The Register

According to the pointed out, it is clear that WoSign has been in a state where you can issue a certificate of base domain even if there is only subdomain administrative right of a certain domain.

Also, as well as WoSign, it is regarded as a matter of silently acquiring Israel's StartCom CA, known as a CA (Certification Authority) that issues certificates for free, and not revealing changes in ownership. A news release has been announced that StartCom remains independent of WoSign, but Mozilla's survey shows that StartCom is in the state of using WoSign's infrastructure.

Welcome to StartCom

In addition, MozillaIt should not be issued after 2016I was issuing the guidelineSHA-1We have tampered with issuing a certificate using camouflage on the date over the last nine months. this isCA Browser ForumWoSign denies, but in Australia's "" site we have found a certificate that falsified the issue date by WoSign / StartCom. In addition, it is said that 62 certificates which tamper with the issue timing were found in the same way.

in Security, Posted by logc_nt