You just know those Chinese CA's are forced to share their root certs with the Chinese government.
Microsoft bins unloved Chinese cert shops
Microsoft's decided not to support digital certificates issued by Chinese outfits WoSign and StartCom, but the first-mentioned CA disputes the decision. Google, Apple and Mozilla binned WoSign certs in 2016. Microsoft says it has now “... concluded that the Chinese Certificate Authorities (CAs) WoSign and StartCom have failed …
COMMENTS
-
-
Thursday 10th August 2017 07:31 GMT Anonymous Coward
Re: Why should we care what you say?
The trouble is we don't know which is the good half. We certainly know that the western half is rather corrupt. We know that the US are snooping the western half. We can be pretty sure the lack of trust in Chinese cert shops was seeded by the US Gov. with all the large US companies complying with banning them. We know that China created a firewall, and there's evidence both ways for what traffic they want to stop going where.
Maybe I'm paranoid, but the older I get the more I feel like our news is mostly propoganda. Certainly learning about world currency and finance has demonstrated a lack of truth around various wars and now I feel sorry for the victims of the west.
-
Friday 11th August 2017 14:35 GMT Steve the Cynic
Re: Why should we care what you say?
"Maybe I'm paranoid, but the older I get the more I feel like our news is mostly propoganda."
**Everybody's** news is mostly propaganda. I previously worked as a developer in the London office of a large US-based financial information service with its own news organisation. As a result, I had access to news wire feeds from the entire world. For amusement value, I ticked boxes to see headlines for a bunch of English-language feeds from countries scattered around the world.
Boy, that was an eye-opener!
Stories describing the same event looked completely different depending on where they came from. The most extreme differences were for news about events in the Middle East, comparing feeds from Europe, the US, Australia, India, Israel, and Iran, especially Iran. Wow. It was sometimes like they were talking about completely different things.
-
-
-
Thursday 10th August 2017 11:57 GMT Ben Tasker
> WoSign has labelled Microsoft's post “misleading”. In a post we've shoved through online translation engines, the company says its replaced its root certificate in November and that its recent certificates present no risk to users
They said the same about the Firefox/Chrome de-trust.
When I was looking at it last, I didn't find a conclusive answer on the truth of it, although they have submitted a new audit to try and get re-included in both Firefox and Chromium. But, crucially, the Chromium bug says they don't expect the audit to complete until October, so that's after the certs will have been distrusted.
So my conclusion for anyone relying on WoSign was basically - ignore what they're saying, there's a greater than acceptable chance they're wrong and the certs won't be trusted.
-
Thursday 10th August 2017 14:38 GMT hellwig
Based on Trust
If you work in an industry based on trust, you can't really just say "whoops, let me try again". You lost that trust, it's over.
It doesn't help when you're a Chinese company and no one can tell if your "mistakes" were deliberate actions taken on behalf of the government or not.
-
Friday 11th August 2017 11:32 GMT Anonymous Coward
Re: Based on Trust
Have you ever asked yourself how you know that Chinese companies are untrustworthy, or why you think their government is intervening?
Have you ever asked yourself also why you don't see the US government interfering with US companies as a similar issue? "The land of the free" is a marketing campagne, and a rather well executed one, but it's actually one of the most corrupt political systems in the world.
-