Monday, October 31, 2016

Google and Mozilla announced distrust of WoSign and StartCom

Google stated that 
Beginning with Chrome 56, certificates issued by WoSign and StartCom after October 21, 2016 00:00:00 UTC will not be trusted.
Mozilla stated that
If you receive a certificate from one of these two CAs after October 21, 2016, your certificate will not validate in Mozilla products such as Firefox 51 and later.
Apple already distrusted WoSign but has so far took no action for StartCom.

Microsoft has made no announcement regarding WoSign or StartCom. I called for Microsoft to distrust WoSign and StartCom to follow the same steps taken by other root stores to protect its users.

1 comment:

  1. Google has verified that two CAs, WoSign and StartCom, have not kept up the exclusive requirements expected of CAs and will at no time in the future be trusted by Google Chrome, as per our Root Certificate Policy. This view is like the current declarations by the root endorsement projects of both Apple and Mozilla. Whatever is left of this post gives foundation to that choice and how we plan to limit interruption while as yet ensuring clients.