Termination of the certificates business of Startcom

Skip to first unread message


Nov 17, 2017, 5:26:36 AM11/17/17
to dev-secur...@lists.mozilla.org
Dear all,

This is the Chairman of StartCom's board, Xiaosheng Tan. StartCom has experienced a very difficult time in our re-inclusion process. Due to some comments and decisions made by the Mozilla community, which are followed by some other browsers, StartCom’s board made a difficult but final decision after careful consideration. We will initiate the termination procedure of the StartCom business. The liquidation procedure will begin and follow our CPS and internal procedures. We´ll set January 1st 2018 as the termination date and will stop issuing certificates therefrom. We will maintain our CRL and OCSP service for two more years from January 1st 2018. The three pairs of StartCom key Roots will be eliminated after that time.

On behalf of the StartCom’s board, I would like to thank Mozilla Community, especially Gervase, for their positive influence on StartCom. Thanks for your explicit decision making, so that we could know what to do in the next step and no more detour. We really appreciate that.
Also, Qihoo 360, even as the largest security company in China, is extremely impressed by Cure53’s high efficient work.Thanks for Cure53’s top level security audit, which made us realize that we still have room for improvement.
There is no doubt that Inigo made an excellent work since we decided to let him do the CEO job. His great experience helped StartCom save a lot of time and money. Also, I would like to thank all the StartCom staff for their excellent work during this tough time.

Yes, of course we will still contribute to Community and focus on security research. During the last ten years, the 360 security research teams have discovered hundreds of vulnerabilities in the major software companies and earned many acknowledgments in the world. Qihoo 360 and the PKI community share the same goal, which is making the internet a better place.

Thank you.

Best regards,
Xiaosheng Tan

Xiaosheng Tan Chief Security Officer
Beijing Qihoo Technology Co.,Ltd (Qihoo 360)
Mobile: +86 13911122339, +86 13311122339
Email: tanxia...@360.cn<mailto:tanxia...@360.cn>
Web: www.360.cn<http://www.360.cn/>
Address: Bldg 2, 6 Haoyuan, JiuXianQiao Rd, ChaoYang Dist, Beijing, 100015


Nov 17, 2017, 12:32:25 PM11/17/17
to mozilla-dev-s...@lists.mozilla.org
I worked as Director of Engineering for an investor[1] who helped bootstrap StartCom. StartCom was back then the first successful firm from the Authenticity Institute portfolio. I joined Authenticity because I thought it could really shake up the certification industry.

I quit after 6 months when I learned that the equity based contracts were designed to scam the engineers that I hired. Also I dared to raise concerns over bringing StartCom founder Eddy Nigg back into the company for advise on how to build a sound infrastructure (fit for ETSI & WebTrust certification).

Management there has a thing for "hiring struggling entrepreneurs" and then phishing them for their ideas with promise of equity which is never paid out. There were also a range of other issues such as racist coworkers (which I fired in my first week) and a refusal from the founder to face up to these issues.

One applicant was made promises, then stalled on the contract and when she quit her original job was told on her first day of work that her salary negotiation hasn't even started. I was let go (or I quit with a bang depending who you ask) because I dared to point out they're all crooks.

I personally don't see how trust can every be implemented in systems when it is owned by a company which can be acquired with M&A and the same bad apples who cash out from projects are then investing in similar companies.

[1] https://en.wikipedia.org/wiki/Wes_Kussmaul
Reply all
Reply to author
0 new messages