[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ale] Oct News: StartCom, WoSign distrusted by Mozilla, Google, Apple
All of my certs are self signed from my own CA. If you don't trust them,
you don't need to be there anyway.
On Jan 30, 2017 4:14 PM, "Jeremy T. Bouse" <jeremy.bouse at undergrid.net>
wrote:
> On 1/30/2017 4:04 PM, Lightner, Jeffrey wrote:
>
> +1
> We started using Digicert instead of Verisign a few years back and other
> than the need to install new root certificates on some of our stuff that
> didn?t know about Digicert early on we haven?t had any issues.
>
>
>
> *From:* ale-bounces at ale.org [mailto:ale-bounces at ale.org
> <ale-bounces at ale.org>] *On Behalf Of *James Sumners
> *Sent:* Monday, January 30, 2017 3:41 PM
> *To:* Atlanta Linux Enthusiasts
> *Subject:* Re: [ale] Oct News: StartCom, WoSign distrusted by Mozilla,
> Google, Apple
>
>
>
> We use DigiCert at work and haven't ever had any issues. I actually really
> like their support and information they have in their help section.
>
>
>
> Personally, I use letsencrypt.org. The official client is awful, but this
> one is great -- https://github.com/hlandau/acme
>
>
>
> On Mon, Jan 30, 2017 at 3:08 PM, Brian W. Neu <ale at advancedopen.com>
> wrote:
>
> Randomly logged into my StartCom account today to see all kinds of red
> text about free verifications and expirations and workarounds.
>
> Through a little reading, it's clear that the Mozilla Foundation and
> Google have both announced that they are distrusting the StartCom and
> WoSign CA's due to deceptive practices unbecoming of a certificate
> authority. The short story is that WoSign, a Chinese company claiming 70%
> of the certificate market in China, was allowing for the backdating of new
> SHA1 signings to avoid some kind of sunset imposed by Microsoft and
> others. WoSign also acquired StartCom in 2015, and purposely hid this from
> the public, even denied it to the Mozilla Foundation until irrefutable
> evidence surfaced.
>
> Looks like StartCom is trying to mitigate damage by spinning off as a
> separate entity, but what a disaster! Any alternative CA's led by
> non-shady businessmen? Comodo?
>
> https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-
> startcom-certificates/
>
> https://en.wikipedia.org/wiki/StartCom
>
> https://www.thesslstore.com/blog/wosign-startcom-separated/
>
> https://security.googleblog.com/2016/10/distrusting-
> wosign-and-startcom.html
>
> Yeah, I'd probably use DigiCert over Verisign if I had $299 for each
> multi-SAN certificate I needed vs the $120/year I pay to StartCom for
> unlimited multi-SAN certificates and I only need to pay that every 2-3
> years honestly if I don't need to issue any new certificates between
> expirations.
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20170130/92a112d3/attachment.html>
- References:
- [ale] Oct News: StartCom, WoSign distrusted by Mozilla, Google, Apple
- From: ale at advancedopen.com (Brian W. Neu)
- [ale] Oct News: StartCom, WoSign distrusted by Mozilla, Google, Apple
- From: james.sumners at gmail.com (James Sumners)
- [ale] Oct News: StartCom, WoSign distrusted by Mozilla, Google, Apple
- From: JLightner at dsservices.com (Lightner, Jeffrey)
- [ale] Oct News: StartCom, WoSign distrusted by Mozilla, Google, Apple
- From: jeremy.bouse at undergrid.net (Jeremy T. Bouse)
- Prev by Date:
[ale] Oct News: StartCom, WoSign distrusted by Mozilla, Google, Apple
- Next by Date:
[ale] Oct News: StartCom, WoSign distrusted by Mozilla, Google, Apple
- Previous by thread:
[ale] Oct News: StartCom, WoSign distrusted by Mozilla, Google, Apple
- Next by thread:
[ale] Oct News: StartCom, WoSign distrusted by Mozilla, Google, Apple
- Index(es):