[cabfpub] Please help to improve the Internet security in China

Richard Wang richard at wosign.com
Wed Oct 22 06:59:04 MST 2014


Rich,

 

I like Hanrui said “that's why we applied to join the forum”. 

I like to introduce more China browsers and more CA join the CAB Forum to
let them have the chance to learn more about the international standard, to
learn more from other browsers and from other CAs, this will help to make
good browsers and issue better certificate to improve the security of
Internet in China. China Internet user is No. 1 in the world, China Internet
more secure means the World Internet more secure.  

But we should give them time to learn and to improve, I suggest CAB Forum
members never say “move for their immediate expulsion from this Forum”,
this don’t solve the problem. And this don’t have any help for Internet
security.

I remember Ben and Dean said before like this: CAB Forum welcome many
related companies to join, this will enlarge CABF influence, and will help
to improve Internet security. I think this is very good idea for world
Internet security.

 

Thanks for all of your help, help others is helping ourselves since we are
in one world, one Internet.

 

 

Best Regards,

 

Richard

 

From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Rich Smith
Sent: Wednesday, October 22, 2014 9:17 PM
To: '高寒蕊'; public at cabforum.org
Cc: '石晓虹'
Subject: Re: [cabfpub] China MITMing icloud.com

 

Dear 360 Browser staff,

Thank you for this response.  As noted by others, I think your product needs
some further work to be considered truly secure against these kinds of
attacks, however I am glad to know that the original article's allegations
seem to be unfounded.  I think I can safely speak for all Forum members in
saying that we look forward to working with you to further enhance the
SSL/TLS certificate usage and security within the Chinese market.

 

Kind regards,

Rich Smith

Validation Manager

Comodo

 

 

From: 高寒蕊 [mailto:gaohanrui at 360.cn] 
Sent: Tuesday, October 21, 2014 11:20 PM
To: richard.smith at comodo.com; public at cabforum.org
Cc: 王天平; 贾正强; 石晓虹
Subject: 答复: [cabfpub] China MITMing icloud.com

 

This article is not the truth.

360 browser can identify the fake certification and alert the users in both
address-bar and the infobar (the yellow tip right on top of the page).
Attached you can find the screenshot.

 



 

 

We also made the announcement to our users in major it websites(CNET
<http://www.cnetnews.com.cn/2014/1021/3036881.shtml> , ChinaByte
<http://soft.chinabyte.com/32/13115032.shtml> , etc.) and Sina Weibo
<http://weibo.com/1709486153/BsAXnxSbS?mod=weibotime&type=comment#_rnd141394
6061334>  (aka, the Chinese twitter). 

 

Any other questions?

 

Thanks,

360 Browser

 

 

发件人: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] 代
表 Rich Smith
发送时间: 2014年10月21日 22:41
收件人: public at cabforum.org
主题: [cabfpub] China MITMing icloud.com

 

https://en.greatfire.org/blog/2014/oct/china-collecting-apple-icloud-data-at
tack-coincides-launch-new-iphone

 

The above article states that within China's great firewall, www.icloud.com
is connecting with a self signed certificate.  The article also states that
the Qihoo 360 Browser passes the user right through with no warning or other
indication that the connection is unsafe.

 

I have no way to independently verify that accusation, BUT given that we
just approved the 360 Browser's CA/B membership application, I think this
needs to be investigated.

 

If the accusation is found to be accurate, barring a VERY good explanation
from the 360 Browser team, I would move for their immediate expulsion from
this Forum.

 

-- 

Regards,

Rich Smith

Validation Manager

Comodo

http://www.comodo.com <http://www.comodo.com/> 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20141022/dd9c5974/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 11972 bytes
Desc: not available
Url : https://cabforum.org/pipermail/public/attachments/20141022/dd9c5974/attachment-0001.jpe 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5349 bytes
Desc: not available
Url : https://cabforum.org/pipermail/public/attachments/20141022/dd9c5974/attachment-0001.bin 


More information about the Public mailing list