On Monday, September 19, 2016, Richard Wang <rich...@wosign.com> wrote:
> Thanks for your pointing out one of the very important evidence for the
> transaction is NOT completed till yesterday that we released the news after
> it is finished at the first phase. We just finished the UK company
> For Qihoo 360, I don't know anything and I don’t have the right to do any
> comment. Sorry.
Considering that StartCom is hosted by Qihoo 360
that you're the sole director of StartCom, it's hard for me to believe that
you "don't know anything" about Qihoo 360.
> Best Regards,
> -----Original Message-----
> Sent: Tuesday, September 20, 2016 10:18 AM
> Subject: Re: Incidents involving the CA WoSign
> As someone pointed out on Twitter this morning, it seems that the PSC
> notification for Startcom UK was filed recently:
> Were you unaware of this filing?
> Additionally, companies that register to trade on the New York Stock
> Exchange have to file reports with the US Security and Exchange
> Commission. Qihoo 360 filed a report that included a list of their
> variable interest entities and Qihoo's percent of economic interest in each
> page F-10). It also describes all the ways in which Qihoo 360 controls
> these entities, including assuring that Qihoo has decision making authority
> over the entities.
> I agree that Mozilla does not require reporting that multiple Root CAs are
> Affiliates. Perhaps it should. However, as you know, the CA/Browser Forum
> does require such. So I don't think it would be a stretch for Mozilla to
> do so. It is something that should probably be added to the 2.3 policy
> On Mon, Sep 19, 2016 at 6:51 PM, Richard Wang <rich...@wosign.com
> > Thanks for your detail info.
> > No worry about this, all companies must be complied with local law.
> > But I really don't care who is my company's shareholder's shareholder's
> shareholder, you need to find out this by yourself if you care.
> > If you think Mozilla must require this, please add to the Mozilla policy
> that require all CA disclose its nine generation including all subordinate
> companies and all parent companies.
> > Best Regards,
> > Richard
> > -----Original Message-----
> > From: dev-security-policy
> > rg] On Behalf Of Nick Lamb
> > Sent: Tuesday, September 20, 2016 9:06 AM
> > Subject: Re: Incidents involving the CA WoSign
> > On Tuesday, 20 September 2016 01:25:59 UTC+1, Richard Wang wrote:
> >> This case is WoSign problem, you found out all related subordinate
> companies and all related parent companies that up to nine generations! I
> think this is NOT the best practice in the modern law-respect society.
> > It seems the governments of the European Union countries (including the
> UK where one of the mentioned companies is located) disagree with you about
> whether this is best practice.
> > Identifying individual human persons behind a company is a key plank of
> their anti-money laundering and anti-tax evasion policies. To identify
> these human persons it is necessary to look through any number (even more
> than nine) of layers of corporate ownership. In the UK the legal term is
> Persons with Significant Control and PSC registration is mandatory since
> this summer, a company registered in the UK is obliged to figure out if
> there are such Persons and if so list them in its routine filings. Failing
> to properly investigate, or concealing the truth about control of the
> company is punishable by forfeiture, ie the state would seize the company's
dev-security-policy mailing list