Thanks for your pointing out one of the very important evidence for the 
transaction is NOT completed till yesterday that we released the news after it 
is finished at the first phase. We just finished the UK company investment.

For Qihoo 360, I don't know anything and I don’t have the right to do any 
comment. Sorry.

Best Regards,

Richard

-----Original Message-----
From: Peter Bowen [mailto:pzbo...@gmail.com] 
Sent: Tuesday, September 20, 2016 10:18 AM
To: Richard Wang <rich...@wosign.com>
Cc: Nick Lamb <tialara...@gmail.com>; 
mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: Incidents involving the CA WoSign

Richard,

As someone pointed out on Twitter this morning, it seems that the PSC 
notification for Startcom UK was filed recently:
https://s3-eu-west-1.amazonaws.com/document-api-images-prod/docs/UdxHYAlFj6U9DNs6VBJdnIDv4IQAWd4YKYomMERO_2o/application-pdf
 Were you unaware of this filing?

Additionally, companies that register to trade on the New York Stock Exchange 
have to file reports with the US Security and Exchange Commission.  Qihoo 360 
filed a report that included a list of their variable interest entities and 
Qihoo's percent of economic interest in each 
(https://www.sec.gov/Archives/edgar/data/1508913/000114420413022823/v341745_20f.htm
page F-10).  It also describes all the ways in which Qihoo 360 controls these 
entities, including assuring that Qihoo has decision making authority over the 
entities.

I agree that Mozilla does not require reporting that multiple Root CAs are 
Affiliates.  Perhaps it should.  However, as you know, the CA/Browser Forum 
does require such.  So I don't think it would be a stretch for Mozilla to do 
so.  It is something that should probably be added to the 2.3 policy discussion.

Thanks,
Peter


On Mon, Sep 19, 2016 at 6:51 PM, Richard Wang <rich...@wosign.com> wrote:
> Thanks for your detail info.
> No worry about this, all companies must be complied with local law.
>
> But I really don't care who is my company's shareholder's shareholder's 
> shareholder, you need to find out this by yourself if you care.
>
> If you think Mozilla must require this, please add to the Mozilla policy that 
> require all CA disclose its nine generation including all subordinate 
> companies and all parent companies.
>
>
> Best Regards,
>
> Richard
>
> -----Original Message-----
> From: dev-security-policy 
> [mailto:dev-security-policy-bounces+richard=wosign.com@lists.mozilla.o
> rg] On Behalf Of Nick Lamb
> Sent: Tuesday, September 20, 2016 9:06 AM
> To: mozilla-dev-security-pol...@lists.mozilla.org
> Subject: Re: Incidents involving the CA WoSign
>
> On Tuesday, 20 September 2016 01:25:59 UTC+1, Richard Wang  wrote:
>> This case is WoSign problem, you found out all related subordinate companies 
>> and all related parent companies that up to nine generations! I think this 
>> is NOT the best practice in the modern law-respect society.
>
> It seems the governments of the European Union countries (including the UK 
> where one of the mentioned companies is located) disagree with you about 
> whether this is best practice.
>
> Identifying individual human persons behind a company is a key plank of their 
> anti-money laundering and anti-tax evasion policies. To identify these human 
> persons it is necessary to look through any number (even more than nine) of 
> layers of corporate ownership. In the UK the legal term is Persons with 
> Significant Control and PSC registration is mandatory since this summer, a 
> company registered in the UK is obliged to figure out if there are such 
> Persons and if so list them in its routine filings. Failing to properly 
> investigate, or concealing the truth about control of the company is 
> punishable by forfeiture, ie the state would seize the company's assets.
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to