My StartSSL-certs  are valid until 4th of october. Luckily I switched to
Let's encrypt yesterday - with DANE, of course. ;-)


Regards,

Renne


Am 28.09.2016 um 00:29 schrieb Viktor Dukhovni:
> WoSign (who seemingly purchased StartCom) seem to have run into
> some compliance issues as reported by Firefox:
>
>    
> http://arstechnica.com/security/2016/09/firefox-ready-to-block-certificate-authority-that-threatened-web-security/
>
> Many SMTP servers are using certs from StartCom.  In my DANE
> adoption survey, out of 2201 certificates used by DANE MX
> hosts 411 are issued by StartCom and 47 by WoSign.  So that's
> just over 20% of observed certificates.  While the rate is
> likely different for the larger SMTP ecosystem (DANE users
> are bleeding edge, not representative at this time), I expect
> that these CAs are still quite popular overall.
>
> If you're using StartCom/WoSign certs, and rely on them being
> verified by MUAs and/or peer MTAs. you may want to make
> contingency plans if Mozilla and perhaps others go through
> with delisting (or disabling) the related root CAs from
> their trusted CA bundles.
>

Reply via email to