136
edits
Changes
→Issue A: StartCom Cross-signing (2017): old --> new
[UPDATE 9-May in reply to the [[CA/Certinomis_Issues#Certinomis_Response|Certinomis Response]]]
Certinomis asked Mozilla to approve their plan to help Startcom, but when the cross-certificates were discovered, [https://groups.google.com/d/msg/mozilla.dev.security.policy/RJHPWUd93xE/lyAX9Wz_AQAJ Gerv responded] "This seems to be very different to the plan you implemented." By cross-signing Startcom's old new roots, Certinomis assisted Startcom in circumventing the remediation plan, and by proposing one plan then implementing a different one, Certinomis did so without Mozilla's consent.
Startcom misissued a number of certificates ([https://crt.sh/?opt=cablint&id=160150786 example]) under that cross-signing relationship that Certinomis is responsible for as the Mozilla program member.
