Accountapprovers, antispam, confirm, emeritus
4,925
edits
Changes
Fix links
[https://groups.google.com/d/msg/mozilla.dev.security.policy/k9PBmyLCi8I/gksYkOTLCwAJ List of crt.sh links to certificates involved] - total 72. Richard Wang [https://groups.google.com/d/msg/mozilla.dev.security.policy/yZaJh0KxFUc/6RYlFFQiDAAJ said]: "We checked our system, the certificates issued related using higher level port website control validation is totally 72 certificates. To be clear, those certificates are validated by website control validation method that using other port except 80 and 443."
2016-09-04: [https://www.wosign.com/report/wosign_issues_report_09042016wosign_incidents_report_09042016.pdf Official issue report].
===Further Comments===
[https://groups.google.com/d/msg/mozilla.dev.security.policy/k9PBmyLCi8I/gksYkOTLCwAJ List of crt.sh links to certificates involved] - total 33.
2016-09-04: [https://www.wosign.com/report/wosign_issues_report_09042016wosign_incidents_report_09042016.pdf Official issue report]. The report explains the two bugs, N1 and N2. WoSign classifies the misissuances as 21 N1 and 12 N2. However, they have misclassified at least one - line 2 of Figure 14 - so the actual split may be different.
====Bug N1====
===WoSign Response===
2016-09-04: [https://www.wosign.com/report/wosign_issues_report_09042016wosign_incidents_report_09042016.pdf Official issue report].
===Further Comments===
