[cabfpub] Draft Zurich F2F Meeting agenda

Richard Wang richard at wosign.com
Wed Apr 8 00:51:27 UTC 2015

WoSign just finish a test for all browser’s warning in SSL problem, especially for China brand browsers. 


We found a maybe-problem for browsers (IE/Chrome/Safari/Opera) that:

(1)   Test scenarios: install a untrusted root to Windows Trusted root, and the untrusted root issued SSL for a bank site, and set the local host to this site fraud IP;

(2)   Result:  when we use IE/ Chrome/Safari/Opera visit this fraud site that the fraud SSL certificate, the browsers no warning, only Firefox, 360 Browser, UC Browser have the redirect security warning.

(3)   Suggestion: I think all browser should NOT trust all manual installed root and should detect the local host file modification, and give warning. 


Anyone think this problem need to discuss in next F2F meeting?



Best Regards,




From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Rick Andrews
Sent: Wednesday, April 8, 2015 6:06 AM
To: Dean Coclin; public at cabforum.org
Subject: Re: [cabfpub] Draft Zurich F2F Meeting agenda


I’d like to have a slot to follow up on a request I made in Cupertino.


Several browser vendors said they’re going to downgrade security indicators if RC4 is used to load any part of the page (as they already do for things like mixed content). I expressed the view that it’s getting very difficult to help customers troubleshoot why they’re not seeing the green bar, or why they’re seeing a warning icon. I asked the browsers vendors if they could develop a way (even if it’s just in their developer or web consoles) to convey a message like “UI Indicator changed to w (or EV Treatment disabled) for page x because y was detected while loading z”.


It would be great if the browser vendors in attendance (in person or remotely) could do a short demo of how to do this in their browser. And if a browser vendor can’t attend the meeting, it would be great to get some guidance in written form.




From:  <mailto:public-bounces at cabforum.org> public-bounces at cabforum.org [ <mailto:public-bounces at cabforum.org> mailto:public-bounces at cabforum.org] On Behalf Of Dean Coclin
Sent: Tuesday, April 07, 2015 1:10 PM
To:  <mailto:public at cabforum.org> public at cabforum.org
Subject: [cabfpub] Draft Zurich F2F Meeting agenda


Attached. There are still a few open slots so please get back to me with any items you would like added.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150408/bd85e354/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5112 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150408/bd85e354/attachment-0001.p7s>

More information about the Public mailing list