New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Startcom Allegedly Purchased by WoSign
A little bit dull and old, but a former Startcom employees appears to have accused WoSign of buying StartSSL, thereby putting it under the control of principals located in the People's Republic of China.
I don't think most people care, and the privacy implications are not extremely significant, but still an interesting read.
His website: https://www.letsphish.org/
Thanked by 1mailcheap
Comments
accused? is China or Startcom employees communist? never heard of free market?
Kind of a moot point when significant government and legal intervention exists in the Chinese market.
Legal intervention or otherwise, Chinese corp are allowed to takeover foreign org and China at this point are opening more doors to locals and foreigners alike, moving towards lesser communist type administration, possibly a democracy later. As you can see, China is busy establishing international brands, Li Ning, Huawei, Xiaomi, etc. and it is no surprise they will buy over established brands/corps to do just that.
(I'm the owner of letsphish.org)
Legal issues...
2 separate corp entities I'm afraid, it isn't an issue. I guess wosign is in it for the technology and running Startcom from the UK isn't a problem. There are tons of companies doing just that.
It is an issue if they are not transparent about it.
Content removed as a courtesy for @iTK98
StartEncrypt automatic issuance service recently deployed by the CA
StartCom. As well as other problems it had, which are outside the scope
of this discussion, changing a simple API parameter in the POST request
on the submission page changed the root certificate to which the
resulting certificate chained up. The value "2" made a certificate
signed by "StartCom Class 1 DV Server CA", "1" selected "WoSign CA Free
SSL Certificate G2" and "0" selected "CA 沃通根证书", another root
certificate owned by WoSign and trusted by Firefox.
(usage start date) of 20th December 2015, and which was signed using the
SHA-1 checksum algorithm.
Baseline Requirements since January 1st, 2016. Browsers, including
Firefox, planned to enforce this[2] by not trusting certs with a
notBefore date after that date, but in the case of Firefox the fix had
to be backed out due to web compatibility issues. However, we are
considering how/when to reintroduce it, and CAs presumably know this.
in Mozilla's list of Problematic Practices[3]. It says "Minor tweaking
for technical compatibility reasons is accepted, but backdating
certificates in order to avoid some deadline or code-enforced
restriction is not."
avoid browser-based restrictions - they say "this date is the day we
stop to use this code"[4]. If that is true, it is not clear to us how
StartCom came to deploy WoSign code that WoSign itself had abandoned.
issuance systems are linked to WoSign's issuance systems in some way.
Nevertheless, it should not have been possible for an application for a
cert from StartCom to produce a cert signed by WoSign.
should have been.
https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/k9PBmyLCi8I
they are very clearly not separate structural entities
Well, um, yes, China is a Communist country. The government of China will tell you that. Is this really news to you?
Or are you just trying to slap some freedom paint on the Chinese flag to cover it up?
This.
Yeah..."later"...perhaps the rest of the planet will be more receptive "later"...
China is as much communist, as the Democratic People's Republic of Korea (often referred to as North Korea) is democratic.
They are technically a democracy, with the exception that Kim runs in the only party there. (and if you don't vote for him, he's still in power, so he can publicly execute you like everyone else)
Chinese person owning a UK front to run an Israeli CA. Seems pretty sweet! The only issue would be if they were to move to China, which they didn't. WoSign was an intermediate CA who issued bad certs; anyone with a spare $20k and valid docs can be an int. CA!
Maybe they incorporated in UK just not to be under the laws of China. Anyhow, from the time Let's Encrypt or CloudFlare SSL started, never had the need of StartSSL anymore.
For those of us needing OV/EV SSL, its still the best bang for buck!
Again: Israel already HAS FULL CONTROL OF STARTCOM.
Our laws allow in a war situation - which is the permanent case since 2006's Lebanon war - that the Shabak (-> DoD/FBI mix) and Mossad (-> CIA essentially) obtain any data required from any local company or locally controller company without a public order (or, in most cases, with none at all).
The Chinese laws are not much worse and if any it lowers cooperation with the US (which Startcom would do but Chinese are unlikely to).
No, they do not. The party line is that the Chinese communism is NOT Lenin or Marx based but an asian adaption that incorporates free market and other western and especially Chinese specialities. By definition this cannot be communism, they know that and everyone else does as well.
At the end of the day there's still one really important thing: StartSSL has always been over complicated junk. Especially with $3 certs and letsencrypt out there.
Yea, and sending your ID to Israel is rather... questionable, you never really know where it ends up (eg. Mossad is known to have used passports made with data of foreigners before).
Finally there is someone knowing something about P.R.China. The most significant communism thing you may find is the expression in P.R.China constitution. Other than that, pls tell what's the difference between a communism China and a capitalism US/UK(or whichever you want)
and pls, not democracy, if you really believe American or any other capitalism countries citizen have more "freedom", then I won't debate on that, you win and congratulations!
The Great Firewall and I can have as many daughters as I want without being forced by law to murder them. No need for debate :P
Communism is fading in the marketplace in China. It is not fading in the control of the population and information. It will eventually get there, I've no doubt, but today that's just not where it's at. It may not be "true" communism but neither is the US "true" democracy, and yet we accept it as valid shorthand for our system of government. Creating variations of popular government types is not at all a new thing.
I do not trust Internet safety to a country that goes to such efforts to ensure a lack of privacy and access to information on its entire population. I only trust my own country so far as knowing that my leaders are incompetent and that government is still not on par with the private sector.
Of course, it's all a fairly useless point when I don't like the certificate authority in the first place. So why I would bother typing this is more of a question of "why haven't you had red bull yet today?"
One of the craziest things I've heard so far.
I thought this is already known by everyone.
i've been suspicious about this for months, only not having concrete proofs.
Many people confuse China by calling it "Communist" when they actually want to say "Authoritarian", since in many aspects Chinese political leadership and social rules are fundamentally similar to how the USSR operated and is a living proof that alternative political systems can in fact work and be competitive, and that's why people don't want China to be regarded the same politically as the EU or US.
Uh, you... what? What law should that be?
Forced abortion is a thing of the past in the PRC and was even then rare and not gender but much more policy related (one child policy), much more people died by malnutration by the great leap forward fail which also killed the birth rate before spiking it again.
Abortion based on gender is federally/central (AFAIK) or provincial (additionally?) illegal, even ultrasound engineers/doctors at this time cannot (might have changed) tell you the gender of your child which is why they use "hints" for it ("cannot tell" = no penis = likely girl).
Aborting girls is a cultural thing mostly as a boy is seen as provider for the family and prestige, the CENTRAL government (where it has full power control) does not like it at all as it also drops the gender rates which the technocrats - 100% correct - see as an issue for the future (and they plan ahead for around 50-100 years as you can see on the long term plans).
No. It is not. As per the definition of real communism (which is impossible to achieve by limits of humans in mostly empathy and conscience but let's not get into that) Marx and extensions/differences in of eg. Lenin or Trotsky and some of the GDR party kadre (they wrote a LOT of books) it simply cannot be and never was.
The PRC never really argued for this point either as we have seen (eh, not me due to age obviously) on the USSR split and their very clear descriptions of their own system and X year plans and their background (sadly i can't read Chinese books and they don't have good translations outside of sometimes Korean, Japanese or Russian - for older also rarely German but GDR style).
I would advise to check your browser certificate store, you might find some surprises, China - Turkey - South Africa - Taiwan among others.
Forced abortion (dubbed 'backstreet abortions') did still occur just under the radar and not officially.
Where? In some town with 2000 people in inner mongolia? Seriously, where do you get that info from? The birth rate is even in the official statistics again going up.
The CN gov further does not give much shit about criticism (plus holds a security council seat snagged from the poor ROC) so if they want to continue abort, which has been done in the past and was even documented and partly praised, they most likely do it openly.
Will China ever regain ROC again?
You can make just about any political system "work" and be "competitive". The relevant question is at what cost are these things accomplished?
Er, China is not regarded as politically the same as the EU or US because they have a different political system . . .
No, but the PRC wants to always have the capability to do so which pressures Taiwan/ROC to play along. The status quo (minus the base building on islands) is favourable for all sides.