1 comment

[ 2.3 ms ] story [ 9.1 ms ] thread
I'm glad that post explicitly called them out on the deception:

> The representatives of WoSign and StartCom denied and continued to deny both of these allegations until sufficient data was collected to demonstrate that both allegations were correct. The levels of deception demonstrated by representatives of the combined company have led to Mozilla’s decision to distrust future certificates chaining up to the currently-included WoSign and StartCom root certificates.

Contrast this to WoSign's announcement:

> WoSign also made a careful investigation of these issues and issued a report on these issues, some problems have been clarified, and all problems are found in the first time and fixed. WoSign actively cooperate with the investigation and communication to guarantee the issued SSL certificate will not be affected in any way.

(https://www.wosign.com/english/News/announcement_about_Mozil...)