Monday, October 31, 2016

Google and Mozilla announced distrust of WoSign and StartCom

Google stated that 
Beginning with Chrome 56, certificates issued by WoSign and StartCom after October 21, 2016 00:00:00 UTC will not be trusted.
Mozilla stated that
If you receive a certificate from one of these two CAs after October 21, 2016, your certificate will not validate in Mozilla products such as Firefox 51 and later.
Apple already distrusted WoSign but has so far took no action for StartCom.

Microsoft has made no announcement regarding WoSign or StartCom. I called for Microsoft to distrust WoSign and StartCom to follow the same steps taken by other root stores to protect its users.

No comments:

Post a Comment