Very often, marketing material and the language used for for that is a good indicator on whether a particular service knows their stuff, or if they appear to peddle fluff... :)
How CAs respond to issues on these mailing lists and in bugzilla is also pretty telling.
In this particular case, there's been concerns raised for several days. An extra vigilant web site operator who sees these discussions might perhaps come to the conclusion that it would be wise to evaluate switching CAs today, perhaps.
Very often, marketing material and the language used for for that is a good indicator on whether a particular service knows their stuff, or if they appear to peddle fluff... :)
We're all doomed then! Asides from LetsEncrypt, most CA web pages are full of marketing fluff :)
I've just been reading through the mailing list discussion, and from that I agree with you completely, WoSign looks pretty incompetent in their responses. If I had a WoSign certificate, I'd definitely be looking around to get an alternative now. However, that's a bit late for 'people power' to force CAs to act better.
How CAs respond to issues on these mailing lists and in bugzilla is also pretty telling.
In this particular case, there's been concerns raised for several days. An extra vigilant web site operator who sees these discussions might perhaps come to the conclusion that it would be wise to evaluate switching CAs today, perhaps.