Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

997440

Cancelled
Original poster
Oct 11, 2015
938
664
Vendors have already chosen to not trust new certs issued by WoSign and its affiliate StartCom. Beginning sometime in 2017, most will not trust those two CA's preexisting certs, as well.

Google, Apple and Mozilla will not recognize SSL/TLS certificates from WoSign and its affiliate StartCom in 2017. Here's a look at the implications.

A foundational element of the Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificate system is that browser vendors need to trust the certificate authorities that issue certificates. For China-based CA WoSign, that trust has been lost and, as a result, hundreds of thousands of sites could have trouble in 2017 as Google, Microsoft and Mozilla will not recognize certificates issued by WoSign or its affiliate StartCom. [...]

The revocation of trust in WoSign has been debated since at least August 2016, when it was revealed that WoSign issued an SSL/TLS certificate for GitHub without its authorization. Mozilla conducted an extensive investigation of WoSign documenting at least 14 different security issues.

"The investigation concluded that WoSign knowingly and intentionally mis-issued certificates in order to circumvent browser restrictions and CA requirements," Andrew Whalley from the Google Chrome Security team wrote in a blog post.[...]

The impact of the removal of trust of WoSign and StartCom is non-trivial. Security vendor RiskIQ estimates that approximately 762,649 websites use SSL/TLS certificates issued by either WoSign or StartCom.[...]
http://www.eweek.com/security/why-browser-vendors-chose-to-distrust-2-certificate-authorities.html
 

Michaelgtrusa

macrumors 604
Oct 13, 2008
7,900
1,821
Both those china based names were created by American companies that sold us out.
[doublepost=1478187866][/doublepost]Both those china based names were created by American companies that sold us out.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.