Accountapprovers, antispam, confirm, emeritus
4,925
edits
Changes
m
Typo fix
These are the only certs for which cryptographic proof of backdating is available. However, other strong circumstantial evidence suggests that backdating is more prevalent.
Firstly, around 12th May 20162015, WoSign started using a new certificate template for some of their SHA-1 issuances. This has a fixed notAfter date of 2016-12-29T16:00:00Z (i.e. midnight on 29th/30th December, CST). This may have been a (sensible) move to prevent accidentally issuing SHA-1 certs which ran into 2017. We have found 939 SHA-1 certificates with this fixed notAfter date, including the above three.
Certificates issued using this template almost exclusively have notBefore dates on working days in China, suggesting they are issued by explicit WoSign employee action. All of them have notBefores between Monday and Friday, except for 13 on a Saturday and 66 on a Sunday. Of those 66, 4 have notBefores on 2015-09-06, a Sunday which was, unusually, [https://www.thebeijinger.com/blog/2015/05/13/china-announces-special-three-day-september-holiday-mark-70th-anniversary-end-world a working day in China]. The other 62 all have notBefores on 2015-12-20, which was a Sunday, and not a working day in China. This suggests that, for these 62, the notBefore does not reflect the actual issuance date.
