Thanks for your detail info.
No worry about this, all companies must be complied with local law.

But I really don't care who is my company's shareholder's shareholder's 
shareholder, you need to find out this by yourself if you care.

If you think Mozilla must require this, please add to the Mozilla policy that 
require all CA disclose its nine generation including all subordinate companies 
and all parent companies.

Best Regards,


-----Original Message-----
From: dev-security-policy 
[] On 
Behalf Of Nick Lamb
Sent: Tuesday, September 20, 2016 9:06 AM
Subject: Re: Incidents involving the CA WoSign

On Tuesday, 20 September 2016 01:25:59 UTC+1, Richard Wang  wrote:
> This case is WoSign problem, you found out all related subordinate companies 
> and all related parent companies that up to nine generations! I think this is 
> NOT the best practice in the modern law-respect society.

It seems the governments of the European Union countries (including the UK 
where one of the mentioned companies is located) disagree with you about 
whether this is best practice.

Identifying individual human persons behind a company is a key plank of their 
anti-money laundering and anti-tax evasion policies. To identify these human 
persons it is necessary to look through any number (even more than nine) of 
layers of corporate ownership. In the UK the legal term is Persons with 
Significant Control and PSC registration is mandatory since this summer, a 
company registered in the UK is obliged to figure out if there are such Persons 
and if so list them in its routine filings. Failing to properly investigate, or 
concealing the truth about control of the company is punishable by forfeiture, 
ie the state would seize the company's assets.
dev-security-policy mailing list
dev-security-policy mailing list

Reply via email to