And remember, StartCom cross-signs WoSign, so you need to detrust both. Note that StartCom now uses Chinese infrastructure.
If you still trust WoSign's CA, time to nuke it from orbit. Apparently anyone can get a cert for GitHub now.https://twitter.com/pedromelo/status/770151127316885504 …
-
-
-
More details on how WoSign and StartCom are being negligent in their duties as CAs:https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/k9PBmyLCi8I …
- Show replies
New conversation -
-
-
@willstraf@pedromelo that is very disappointing. Afaik they are only one to offer free SAN certificates. -
scratch that. It seems
@letsencrypt offers them now too!
- Show replies
New conversation -
-
-
@schrauger oh, if it was revoked it means pki is definitely not flawed at a fundamental level thenThanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
PKI is not the issue. The CA model is the issue. CT is a good step.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Github has HPKP enabled, so the real damage this particular cert can do is very low, but still :o :x
-
This Tweet is unavailable.
- Show replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.