2 comments

[ 2.5 ms ] story [ 14.7 ms ] thread
Relying on CNNIC to not falsify notBefore is exactly the right approach. Give them all the rope they need to hang themselves.
"Google and Mozilla have announced that their browsers will stop trusting all digital certificates issued by the China Internet Network Information Center (CNNIC), China’s main digital certificate authority."

This seems to imply that previously issued certs will be rejected now, but at least Mozilla's statement makes it seem this will only apply to future certs.