
Distrusting New WoSign and StartCom Certificates - Osmose
https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/
======
edmorley
I'm glad that post explicitly called them out on the deception:

> The representatives of WoSign and StartCom denied and continued to deny both
> of these allegations until sufficient data was collected to demonstrate that
> both allegations were correct. The levels of deception demonstrated by
> representatives of the combined company have led to Mozilla’s decision to
> distrust future certificates chaining up to the currently-included WoSign
> and StartCom root certificates.

Contrast this to WoSign's announcement:

> WoSign also made a careful investigation of these issues and issued a report
> on these issues, some problems have been clarified, and all problems are
> found in the first time and fixed. WoSign actively cooperate with the
> investigation and communication to guarantee the issued SSL certificate will
> not be affected in any way.

([https://www.wosign.com/english/News/announcement_about_Mozil...](https://www.wosign.com/english/News/announcement_about_Mozilla_Action_20161024.htm))

