On Friday, November 24, 2017 at 5:36:20 PM UTC-6, Tom wrote: > For information, WoSign/WoTrus can already sells WoSign-branded EV > certificates accepted by major trusts stores, Mozilla's included. > > The intermediate certificate "WoSign EV SSL Pro CA" ( > https://crt.sh/?id=146206939 ) is signed by "DigiCert High Assurance EV > Root CA".
I'm completely fine with them being a tightly controlled SubCA of someone else who has come up with contractual and technical controls sufficient for which that sponsoring CA is willing to take any risks of the activity. In this case, I imagine DigiCert is doing all the work and essentially just letting WoTrus sell their services. This is fine, as it doesn't place WoTrus or its management in a trusted position. Clearly, they intend to seek re-inclusion themselves so as to be able to attain all the profit from the sales. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
