As China's largest certificate authority "WoSign" has been tampering with certificate issuance date, Firefox will block the policy
ByEljay
China's largest certificate authority "WoSign" issued a fake certificateProblem, a web browser - Firefox has strengthened its policy of blocking WoSign certificates.
WoSign and StartCom - Google Docs
https://docs.google.com/document/d/1C6BlmbeQfn4a9zydVi2UvjBGv6szuSB4sMYUcVrR8vQ/
Firefox ready to block certificate authority that threatened Web security | Ars Technica
http://arstechnica.com/security/2016/09/firefox-ready-to-block-certificate-authority-that-threatened-web-security/
Mozilla wants woeful WoSign certs off the list • The Register
http://www.theregister.co.uk/2016/09/27/mozilla_wants_woeful_wosign_certs_off_the_list/
According to the pointed out, it is clear that WoSign has been in a state where you can issue a certificate of base domain even if there is only subdomain administrative right of a certain domain.
Also, as well as WoSign, it is regarded as a matter of silently acquiring Israel's StartCom CA, known as a CA (Certification Authority) that issues certificates for free, and not revealing changes in ownership. A news release has been announced that StartCom remains independent of WoSign, but Mozilla's survey shows that StartCom is in the state of using WoSign's infrastructure.
Welcome to StartCom
https://www.startcom.org/
In addition, MozillaIt should not be issued after 2016I was issuing the guidelineSHA-1We have tampered with issuing a certificate using camouflage on the date over the last nine months. this isCA Browser ForumWoSign denies, but in Australia's "Tyro.com" site we have found a certificate that falsified the issue date by WoSign / StartCom. In addition, it is said that 62 certificates which tamper with the issue timing were found in the same way.
Related Posts:
in Security, Posted by logc_nt