Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

A similar name may be enough to fool everyday users, but I don't think they're going to trick Mozilla and Google into trusting then.


Why would that matter? They can set up a similar service and use the wosign ca and Mozilla/google wouldn't know anything is amiss


They are already distrusted: https://news.ycombinator.com/item?id=12787029


Previous discussion: https://news.ycombinator.com/item?id=12582534

tl;dr - WoSign/StartCom are no longer trusted as a CA (at least by Firefox)


However, previously issued certs are still trusted. For instance, Firefox doesn't complain about this site's WoSign cert: https://www.checkmyping.com/


Existing certs are still trusted.

Mozilla stated that they will not distrust certs issued with notBefore till December, so theoretically this cert is good for as long as it's still valid, only after that they need to worry.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: