WoSign (who seemingly purchased StartCom) seem to have run into some compliance issues as reported by Firefox:
http://arstechnica.com/security/2016/09/firefox-ready-to-block-certificate-authority-that-threatened-web-security/ Many SMTP servers are using certs from StartCom. In my DANE adoption survey, out of 2201 certificates used by DANE MX hosts 411 are issued by StartCom and 47 by WoSign. So that's just over 20% of observed certificates. While the rate is likely different for the larger SMTP ecosystem (DANE users are bleeding edge, not representative at this time), I expect that these CAs are still quite popular overall. If you're using StartCom/WoSign certs, and rely on them being verified by MUAs and/or peer MTAs. you may want to make contingency plans if Mozilla and perhaps others go through with delisting (or disabling) the related root CAs from their trusted CA bundles. -- Viktor.
