> and they'll probably very rarely have to use English.

The CA/Browser Forum Baseline Requirements and the mailing list discussions all happen in English. The major root programs all use English as their language of communication, to the best of my knowledge. The SSL/TLS and X.509 specifications are in English. The major browsers and TLS stacks have technical documentation, code comments, and code review in English. mozilla.dev.security.policy is in English. The international language of scientific research (including cryptographic research) is in English. The CVE program is in English. All of these are reasons not only to have people who are fluent in technical English, but to make hiring such people a priority.

In particular, the inability to communicate precise, subtle technical concepts was very relevant to some of the problems here, like "You may not issue SHA-1 certs after this date" meaning the actual, calendar date of issuance and not the recorded validity period in the certificate. (There was also an element of malice, but it could have gotten sorted faster if communication were easier.) Even if all the others were in some other language, the CA/Browser Forum alone would be enough to make anyone who wants to be a CA (or an HTTPS client implementor) must make fluency in technical English a priority.

It is, of course, highly unfortunate that people from non-Anglophone countries are at a disadvantage here. In an ideal world we wouldn't have that disadvantage. But there doesn't seem to be a way around picking a language to be the scientific lingua franca.

tarancato isn't making any money from these comments, so it seems reasonable that they are not using some form of proofreader.

I am not bothered by their English or using a proof reader. I just think it's hypocritical to throw stones at people for not having good English when they don't operate in an English speaking market when yours isn't perfect either.

Also do you honestly think that was written by the business team, do you think the business team would have been able to properly edit a technical document in another language?

He's not throwing stones at people, he's throwing them at the company, WoSign. FWIW, I agree. They should have gotten (i.e. paid) someone to write a coherent document for this important communication.

> FWIW, I agree. They should have gotten (i.e. paid) someone to write a coherent document for this important communication.

Seriously you'll be hard press to find a paid translator that can translate technical documents.

Also the document is actually reasonable coherent. Picking on the language level of the document over the technical content of the document seems kind petty.

The CA Browser Forum puts out a lot of documents in english - often full of both technical terms and complex multi-layered clauses and subclauses.

You'd hope they'd have a good technical translator already on their payroll.

I'm capable of reading and writing a number of languages, but I'm not proficient at it. This also means that I probably have the writing level of a lower grade school child in those languages, and if I was to try and speak, I'd sound like I was mentally disabled since my vocabulary and general knowledge of the language is lacking.

Japanese is one. I've many times read comments written in Japanese in the Ruby language source code and understood their meaning, but there is absolutely zero ability for me to visit that country and be able to interact with anyone.

The author of this incident report is leagues more capable than I am in writing a report in a foreign language. They didn't insult my mother, or my dog, or call me names by accident. I don't see the justification in insulting their English.

WoSign owns Israel-based CA StartCom (from the shady event where WoSign bought Startcom, didn't disclose it, and started issuing invalid certificates through StartCom). Both operate in multiple English language markets.

I don't speak English natively, and any corrections are welcome. On the other hand I don't run a multi-million business based on writing comments on Hacker News so currently hiring a PR person to proofread these comments is not within the boundaries of my budget.

WoSign runs a business that is basically based on trust, and Nigerian scammers have sent me PDFs that looked far more convincing and trustable than that one WoSign posted.