[ale] Oct News: StartCom, WoSign distrusted by Mozilla, Google, Apple
Jim Kinney
jim.kinney at gmail.com
Mon Jan 30 16:30:19 EST 2017
All of my certs are self signed from my own CA. If you don't trust them,
you don't need to be there anyway.
On Jan 30, 2017 4:14 PM, "Jeremy T. Bouse" <jeremy.bouse at undergrid.net>
wrote:
> On 1/30/2017 4:04 PM, Lightner, Jeffrey wrote:
>
> +1
> We started using Digicert instead of Verisign a few years back and other
> than the need to install new root certificates on some of our stuff that
> didn’t know about Digicert early on we haven’t had any issues.
>
>
>
> *From:* ale-bounces at ale.org [mailto:ale-bounces at ale.org
> <ale-bounces at ale.org>] *On Behalf Of *James Sumners
> *Sent:* Monday, January 30, 2017 3:41 PM
> *To:* Atlanta Linux Enthusiasts
> *Subject:* Re: [ale] Oct News: StartCom, WoSign distrusted by Mozilla,
> Google, Apple
>
>
>
> We use DigiCert at work and haven't ever had any issues. I actually really
> like their support and information they have in their help section.
>
>
>
> Personally, I use letsencrypt.org. The official client is awful, but this
> one is great -- https://github.com/hlandau/acme
>
>
>
> On Mon, Jan 30, 2017 at 3:08 PM, Brian W. Neu <ale at advancedopen.com>
> wrote:
>
> Randomly logged into my StartCom account today to see all kinds of red
> text about free verifications and expirations and workarounds.
>
> Through a little reading, it's clear that the Mozilla Foundation and
> Google have both announced that they are distrusting the StartCom and
> WoSign CA's due to deceptive practices unbecoming of a certificate
> authority. The short story is that WoSign, a Chinese company claiming 70%
> of the certificate market in China, was allowing for the backdating of new
> SHA1 signings to avoid some kind of sunset imposed by Microsoft and
> others. WoSign also acquired StartCom in 2015, and purposely hid this from
> the public, even denied it to the Mozilla Foundation until irrefutable
> evidence surfaced.
>
> Looks like StartCom is trying to mitigate damage by spinning off as a
> separate entity, but what a disaster! Any alternative CA's led by
> non-shady businessmen? Comodo?
>
> https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-
> startcom-certificates/
>
> https://en.wikipedia.org/wiki/StartCom
>
> https://www.thesslstore.com/blog/wosign-startcom-separated/
>
> https://security.googleblog.com/2016/10/distrusting-
> wosign-and-startcom.html
>
> Yeah, I'd probably use DigiCert over Verisign if I had $299 for each
> multi-SAN certificate I needed vs the $120/year I pay to StartCom for
> unlimited multi-SAN certificates and I only need to pay that every 2-3
> years honestly if I don't need to issue any new certificates between
> expirations.
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20170130/92a112d3/attachment.html>
More information about the Ale
mailing list