On 05/12/16 13:41, Richard Wang wrote:
> We checked our system, this order is from one of the reseller. We
> have many resellers that used the API, we noticed all resellers to
> close the free SSL, but they need some time to update the system.
More than two months?
Has this reseller given a timeline by which they expect to have ceased
to use the API?
> The
> most important thing is this certificate is issued by proper way that
> this subscriber finished the domain validation, so this is not a
> mis-issuance, not "deceiving".
This is narrowly true, from a Mozilla perspective. Mozilla has not
required that WoSign stop issuing certificates. We have just said that
we no longer trust them. Of course, I don't know what commitments WoSign
has made to other root stores. And indeed, no-one has suggested that
this certificate is mis-issued from a domain validation perspective.
There is an issue relating to the difference between WoSign's public
statement on their website that they have ceased free SSL issuance, and
the reality that they have not. We expect CAs who make public statements
about their actions to abide by those statements.
Gerv