On Monday, September 19, 2016, Richard Wang <rich...@wosign.com> wrote:

> Thanks for your pointing out one of the very important evidence for the
> transaction is NOT completed till yesterday that we released the news after
> it is finished at the first phase. We just finished the UK company
> investment.
> For Qihoo 360, I don't know anything and I don’t have the right to do any
> comment. Sorry.

Considering that StartCom is hosted by Qihoo 360
that you're the sole director of StartCom, it's hard for me to believe that
you "don't know anything" about Qihoo 360.

> Best Regards,
> Richard
> -----Original Message-----
> From: Peter Bowen [mailto:pzbo...@gmail.com <javascript:;>]
> Sent: Tuesday, September 20, 2016 10:18 AM
> To: Richard Wang <rich...@wosign.com <javascript:;>>
> Cc: Nick Lamb <tialara...@gmail.com <javascript:;>>;
> mozilla-dev-security-pol...@lists.mozilla.org <javascript:;>
> Subject: Re: Incidents involving the CA WoSign
> Richard,
> As someone pointed out on Twitter this morning, it seems that the PSC
> notification for Startcom UK was filed recently:
> https://s3-eu-west-1.amazonaws.com/document-api-images-prod/docs/
> UdxHYAlFj6U9DNs6VBJdnIDv4IQAWd4YKYomMERO_2o/application-pdf
>  Were you unaware of this filing?
> Additionally, companies that register to trade on the New York Stock
> Exchange have to file reports with the US Security and Exchange
> Commission.  Qihoo 360 filed a report that included a list of their
> variable interest entities and Qihoo's percent of economic interest in each
> (https://www.sec.gov/Archives/edgar/data/1508913/
> 000114420413022823/v341745_20f.htm
> page F-10).  It also describes all the ways in which Qihoo 360 controls
> these entities, including assuring that Qihoo has decision making authority
> over the entities.
> I agree that Mozilla does not require reporting that multiple Root CAs are
> Affiliates.  Perhaps it should.  However, as you know, the CA/Browser Forum
> does require such.  So I don't think it would be a stretch for Mozilla to
> do so.  It is something that should probably be added to the 2.3 policy
> discussion.
> Thanks,
> Peter
> On Mon, Sep 19, 2016 at 6:51 PM, Richard Wang <rich...@wosign.com
> <javascript:;>> wrote:
> > Thanks for your detail info.
> > No worry about this, all companies must be complied with local law.
> >
> > But I really don't care who is my company's shareholder's shareholder's
> shareholder, you need to find out this by yourself if you care.
> >
> > If you think Mozilla must require this, please add to the Mozilla policy
> that require all CA disclose its nine generation including all subordinate
> companies and all parent companies.
> >
> >
> > Best Regards,
> >
> > Richard
> >
> > -----Original Message-----
> > From: dev-security-policy
> > [mailto:dev-security-policy-bounces+richard <javascript:;>
> =wosign.com@lists.mozilla.o
> > rg] On Behalf Of Nick Lamb
> > Sent: Tuesday, September 20, 2016 9:06 AM
> > To: mozilla-dev-security-pol...@lists.mozilla.org <javascript:;>
> > Subject: Re: Incidents involving the CA WoSign
> >
> > On Tuesday, 20 September 2016 01:25:59 UTC+1, Richard Wang  wrote:
> >> This case is WoSign problem, you found out all related subordinate
> companies and all related parent companies that up to nine generations! I
> think this is NOT the best practice in the modern law-respect society.
> >
> > It seems the governments of the European Union countries (including the
> UK where one of the mentioned companies is located) disagree with you about
> whether this is best practice.
> >
> > Identifying individual human persons behind a company is a key plank of
> their anti-money laundering and anti-tax evasion policies. To identify
> these human persons it is necessary to look through any number (even more
> than nine) of layers of corporate ownership. In the UK the legal term is
> Persons with Significant Control and PSC registration is mandatory since
> this summer, a company registered in the UK is obliged to figure out if
> there are such Persons and if so list them in its routine filings. Failing
> to properly investigate, or concealing the truth about control of the
> company is punishable by forfeiture, ie the state would seize the company's
> assets.

dev-security-policy mailing list

Reply via email to