On Monday, September 19, 2016 at 5:25:59 PM UTC-7, Richard Wang wrote: > Your behavior let me think of a Chinese word "株连九族", means "to implicate the > nine generations of a family", this is an extreme penalty in feudal times in > China that if a man committed a crime, the whole clan that up to nine > generation was implicated, all must be killed together.
Richard, As it has been pointed out, StartCom has an obligation to disclose if ownership was changed, at least with respect to root program agreements. I would like to request that you answer the questions Peter poses, by pointing to any public documentation beyond statements by yourself, WoSign, or StartCom, that can provide a different picture than what Peter has reported. Without having clear, factual, and accurate documentation that StartCom is not wholly owned and operated by WoSign - which all evidence presented points clearly to that fact - then it's clear that any action taken, if any, must also apply to StartCom, as it represents the same set of organizational CAs and the same fundamental issues regarding trust. Unfortunately, it's unclear if you're intentionally misleading the community, or if you're tragically uninformed, but the documents in https://s3-eu-west-1.amazonaws.com/document-api-images-prod/docs/UdxHYAlFj6U9DNs6VBJdnIDv4IQAWd4YKYomMERO_2o/application-pdf fully support the conclusion that StartCom is wholly owned by WoSign, which itself is majority owned by Qihoo 360. While the latter is, perhaps, not relevant to the general topic of root program agreements, it is relevant in two important matters: 1) It supports the claim that Qihoo 360, WoSign, and StartCom may have acted improperly with respect to their membership in the CA/Browser Forum. This is a matter for the CA/Browser Forum to sort out. 2) It supports the claim that, by listing Qihoo 360 officers as Persons with Significant Control, that StartCom (UK), which wholly owns StartCom (IL), is itself wholly owned by StartCom (HK), which itself is wholly owned by WoSign (CN), which itself is majority owned by direct and indirect parties of Qihoo 360. That is, there's no evidence to suggest that these offers independently invested in any portion of StartCom or WoSign, and that their only legal reasoning for being noted as PSCs is due to their relationship to the 'parent' organization of Qihoo 360. Further relevant to this discussion is the date upon which these parties are listed as PSCs. The filing date - 14/9/2016 - does not itself have bearing on your claim that it was recently completed. 1) We can note that the date of confirmation was 24/8/2016 - which supports the claim that this was preexisting at the point this discussion began. Further, this is already part of the legally required annual confirmation statement. https://beta.companieshouse.gov.uk/company/09744347 shows this very clearly - that such reports happen on an annual basis and when they're due by, and when they're processed by. 2) The Persons with Significant Control are noted as becoming registerable on 06/04/2016. While one might naively believe this to have been in April (which would have obligated a StartCom disclosure at least that far back), if you examine the guidance in https://www.gov.uk/government/publications/guidance-to-the-people-with-significant-control-requirements-for-companies-and-limited-liability-partnerships - in particular, the summary guidance - page 4 makes it unambiguously clear that for existing companies, the PSCs' shall be noted as becoming registerable on 06/04/2016. To make it abundantly clear: All evidence points uncategorically and unquestionably to StartCom having been acquired by WoSign, and both parties failing to disclose this transition for over a year, despite repeated private and public requests for clarification and disclosure. Further, the statements by WoSign as characterizing this as an equity investment seem to be intentionally phrased in such a way to mislead the public and this community, which significantly undermines trust. I'm sure you're quite exhausted from this discussion, but it must be stated yet again: The goal is to ensure that any conclusions drawn have the full facts and evidence to support them. There is a preponderance of evidence suggesting that you have actively mislead this community, and this is the last opportunity to provide any form of evidence - not just statements - that support your claim. As this discussion has been ongoing - and you've been aware of it since February - it seems entirely reasonable to request that you reply within the next 48 hours. Barring that, at least some of us must conclude that you're actively attempting to evade root program requirements, actively misleading the community, and acting in a way counter to the public trust, and with all of the consequences that entails. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
