On Tue, Sep 20, 2016 at 12:23 AM, 谭晓生 <tanxiaosh...@360.cn> wrote:
> I’m Xiaosheng Tan, the Chief Security Officer of Qihoo 360, on the inquiry of 
> the disclosure of Wosign deal, we are not obligated to disclose it under the 
> SEC regulation

I apologize if I implied that you were.  I am sure that WoSign is too
small of an interest to require disclosure.

> Even Richard is the CEO of Wosign, he is not authorized to do any comments to 
> Qihoo 360 legally, thanks for the understanding.

While you are here, I hope you can answer a couple of questions.

1) Are the first three shareholders listed in the attached file the
same companies as the "Qihoo 360 Software (Beijing) Co., Ltd.",
"Beijing Qifutong
Technology Co., Ltd.", and "Beijing Yuan Tu Technology Co., Ltd."
entities listed in Qihoo 360 SEC reports as VIEs or subsidiaries of
VIEs?

2) Does Qihoo 360, a Qihoo 360 subsidiary, a Qihoo 360 VIE, or a Qihoo
360 VIE subsidiary, or a combination of those own or control a
majority of shares in WoSign?

Thanks,
Peter


>
> Thanks,
> Xiaosheng
>
> Xiaosheng Tan, Chief Security Officer
> Qihoo 360
> E-Mail: tanxiaosh...@360.cn
> Web: www.360.cn <http://www.360.cn/>
> Address: Bldg 2, 6 Haoyuan, Jiuxianqiao Rd, Chaoyang Dist, Beijing, China 
> 100015
>
>
> 在 16/9/20 下午2:05,“dev-security-policy 代表 
> Percy”<dev-security-policy-bounces+tanxiaosheng=360...@lists.mozilla.org 代表 
> percyal...@gmail.com> 写入:
>
>     On Monday, September 19, 2016, Richard Wang <rich...@wosign.com> wrote:
>
>     > Thanks for your pointing out one of the very important evidence for the
>     > transaction is NOT completed till yesterday that we released the news 
> after
>     > it is finished at the first phase. We just finished the UK company
>     > investment.
>     >
>     > For Qihoo 360, I don't know anything and I don’t have the right to do 
> any
>     > comment. Sorry.
>
>     Considering that StartCom is hosted by Qihoo 360
>     
> https://pierrekim.github.io/blog/2016-02-16-why-i-stopped-using-startssl-because-of-qihoo-360.html
>     and
>     that you're the sole director of StartCom, it's hard for me to believe 
> that
>     you "don't know anything" about Qihoo 360.
>
>     >
>     > Best Regards,
>     >
>     > Richard
>     >
>     > -----Original Message-----
>     > From: Peter Bowen [mailto:pzbo...@gmail.com <javascript:;>]
>     > Sent: Tuesday, September 20, 2016 10:18 AM
>     > To: Richard Wang <rich...@wosign.com <javascript:;>>
>     > Cc: Nick Lamb <tialara...@gmail.com <javascript:;>>;
>     > mozilla-dev-security-pol...@lists.mozilla.org <javascript:;>
>     > Subject: Re: Incidents involving the CA WoSign
>     >
>     > Richard,
>     >
>     > As someone pointed out on Twitter this morning, it seems that the PSC
>     > notification for Startcom UK was filed recently:
>     > https://s3-eu-west-1.amazonaws.com/document-api-images-prod/docs/
>     > UdxHYAlFj6U9DNs6VBJdnIDv4IQAWd4YKYomMERO_2o/application-pdf
>     >  Were you unaware of this filing?
>     >
>     > Additionally, companies that register to trade on the New York Stock
>     > Exchange have to file reports with the US Security and Exchange
>     > Commission.  Qihoo 360 filed a report that included a list of their
>     > variable interest entities and Qihoo's percent of economic interest in 
> each
>     > (https://www.sec.gov/Archives/edgar/data/1508913/
>     > 000114420413022823/v341745_20f.htm
>     > page F-10).  It also describes all the ways in which Qihoo 360 controls
>     > these entities, including assuring that Qihoo has decision making 
> authority
>     > over the entities.
>     >
>     > I agree that Mozilla does not require reporting that multiple Root CAs 
> are
>     > Affiliates.  Perhaps it should.  However, as you know, the CA/Browser 
> Forum
>     > does require such.  So I don't think it would be a stretch for Mozilla 
> to
>     > do so.  It is something that should probably be added to the 2.3 policy
>     > discussion.
>     >
>     > Thanks,
>     > Peter
>     >
>     >
>     > On Mon, Sep 19, 2016 at 6:51 PM, Richard Wang <rich...@wosign.com
>     > <javascript:;>> wrote:
>     > > Thanks for your detail info.
>     > > No worry about this, all companies must be complied with local law.
>     > >
>     > > But I really don't care who is my company's shareholder's 
> shareholder's
>     > shareholder, you need to find out this by yourself if you care.
>     > >
>     > > If you think Mozilla must require this, please add to the Mozilla 
> policy
>     > that require all CA disclose its nine generation including all 
> subordinate
>     > companies and all parent companies.
>     > >
>     > >
>     > > Best Regards,
>     > >
>     > > Richard
>     > >
>     > > -----Original Message-----
>     > > From: dev-security-policy
>     > > [mailto:dev-security-policy-bounces+richard <javascript:;>
>     > =wosign.com@lists.mozilla.o
>     > > rg] On Behalf Of Nick Lamb
>     > > Sent: Tuesday, September 20, 2016 9:06 AM
>     > > To: mozilla-dev-security-pol...@lists.mozilla.org <javascript:;>
>     > > Subject: Re: Incidents involving the CA WoSign
>     > >
>     > > On Tuesday, 20 September 2016 01:25:59 UTC+1, Richard Wang  wrote:
>     > >> This case is WoSign problem, you found out all related subordinate
>     > companies and all related parent companies that up to nine generations! 
> I
>     > think this is NOT the best practice in the modern law-respect society.
>     > >
>     > > It seems the governments of the European Union countries (including 
> the
>     > UK where one of the mentioned companies is located) disagree with you 
> about
>     > whether this is best practice.
>     > >
>     > > Identifying individual human persons behind a company is a key plank 
> of
>     > their anti-money laundering and anti-tax evasion policies. To identify
>     > these human persons it is necessary to look through any number (even 
> more
>     > than nine) of layers of corporate ownership. In the UK the legal term is
>     > Persons with Significant Control and PSC registration is mandatory since
>     > this summer, a company registered in the UK is obliged to figure out if
>     > there are such Persons and if so list them in its routine filings. 
> Failing
>     > to properly investigate, or concealing the truth about control of the
>     > company is punishable by forfeiture, ie the state would seize the 
> company's
>     > assets.
>     >
>
>
>     --
>     _______________________________________________
>     dev-security-policy mailing list
>     dev-security-policy@lists.mozilla.org
>     https://lists.mozilla.org/listinfo/dev-security-policy
>
>
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to