在 2016年9月27日星期二 UTC+8上午4:15:00,Andrew R. Whalley写道: > Hello, > > I have completed a read through of the English translations of the CP > (v1.2) and CPS (v4.1). Before I post my comments I wanted to see if there > were any more recent translations? It looks like the local language > versions are 1.4 and 4.3 respectively. > > Many thanks, > > Andrew > > On Wed, Aug 3, 2016 at 2:45 PM, Kathleen Wilson <[email protected]> wrote: > > > This request from Guangdong Certificate Authority (GDCA) is to include the > > "GDCA TrustAUTH R5 ROOT" certificate, turn on the Websites trust bit, and > > enabled EV treatment. > > > > GDCA is a nationally recognized CA that operates under China’s Electronic > > Signature Law. GDCA’s customers are business corporations registered in > > mainland China, government agencies of China, individuals or mainland China > > citizens, servers of business corporations which have been registered in > > mainland China, and software developers. > > > > The request is documented in the following bug: > > https://bugzilla.mozilla.org/show_bug.cgi?id=1128392 > > > > And in the pending certificates list: > > https://wiki.mozilla.org/CA:PendingCAs > > > > Summary of Information Gathered and Verified: > > https://bugzilla.mozilla.org/attachment.cgi?id=8749437 > > > > Noteworthy points: > > > > * Root Certificate Download URL: > > https://bugzilla.mozilla.org/attachment.cgi?id=8748933 > > https://www.gdca.com.cn/cert/GDCA_TrustAUTH_R5_ROOT.der > > > > * The primary documents are provided in Chinese. > > > > CA Document Repository: https://www.gdca.com.cn/ > > customer_service/knowledge_universe/cp_cps/ > > http://www.gdca.com.cn/cp/cp > > http://www.gdca.com.cn/cps/cps > > http://www.gdca.com.cn/cp/ev-cp > > http://www.gdca.com.cn/cps/ev-cps > > > > Translations into English: > > CP: https://bugzilla.mozilla.org/attachment.cgi?id=8650346 > > CPS: https://bugzilla.mozilla.org/attachment.cgi?id=8688749 > > > > * CA Hierarchy: This root certificate has internally-operated subordinate > > CAs > > - GDCA TrustAUTH R4 SSL CA (issues 2048-bit SSL certs) > > - GDCA TrustAUTH R4 Generic CA (issues 2048-bit individual certs) > > - GDCA TrustAUTH R4 CodeSigning CA (issues 2048-bit CodeSigning certs) > > - GDCA TrustAUTH R4 Extended Validation SSL CA (issues 2048-bit EV SSL > > certs) > > - GDCA TrustAUTH R4 Extended Validation Code Signing CA (issues 2048-bit > > EV CodeSigning certs) > > > > * This request is to turn on the Websites trust bit. > > > > CPS section 3.2.5: For domain verification, GDCA needs to check the > > written materials which can be used to prove the ownership of corresponding > > domain provided by applicant. Meanwhile, GDCA should ensure the ownership > > of domain from corresponding registrant or other authoritative third-party > > databases. During the verification, GDCA needs to perform the following > > procedures: > > 1. GDCA should confirm that the domain's owner is certificate applicant > > based on the information queried from corresponding domain registrant or > > authoritative third-party database and provided by applicant. > > 2. GDCA should confirm that the significant information (such as document > > information of applicant) in application materials are consistent with the > > reply of domain's owner by sending email or making phone call based on the > > contact information (such as email, registrar, administrator's email > > published at this domain's website, etc.) queried from corresponding domain > > registrant or authoritative third-party database. > > If necessary, GDCA also need to take other review measures to confirm the > > ownership of the domain name. Applicant can't refuse to the request for > > providing appropriate assistance. > > > > > > * EV Policy OID: 1.2.156.112559.1.1.6.1 > > > > * Test Website: https://ev-ssl-test-1.95105813.cn/ > > > > * CRL URLs: > > http://www.gdca.com.cn/crl/GDCA_TrustAUTH_R5_ROOT.crl > > http://www.gdca.com.cn/crl/GDCA_TrustAUTH_R4_SSL_CA.crl > > http://www.gdca.com.cn/crl/GDCA_TrustAUTH_R4_Extended_ > > Validation_SSL_CA.crl > > > > * OCSP URL: > > http://www.gdca.com.cn/TrustAUTH/ocsp > > > > * Audit: Annual audits are performed by PricewaterhouseCoopers Zhong Tian > > LLP according to the WebTrust criteria. > > WebTrust CA: https://cert.webtrust.org/SealFile?seal=2024&file=pdf > > WebTrust BR: https://cert.webtrust.org/SealFile?seal=2025&file=pdf > > WebTrust EV: https://cert.webtrust.org/SealFile?seal=2026&file=pdf > > > > * Potentially Problematic Practices: None Noted > > (http://wiki.mozilla.org/CA:Problematic_Practices) > > > > This begins the discussion of the request from Guangdong Certificate > > Authority (GDCA) to include the "GDCA TrustAUTH R5 ROOT" certificate, turn > > on the Websites trust bit, and enabled EV treatment. At the conclusion of > > this discussion I will provide a summary of issues noted and action items. > > If there are outstanding issues, then an additional discussion may be > > needed as follow-up. If there are no outstanding issues, then I will > > recommend approval of this request in the bug. > > > > Kathleen > > > > _______________________________________________ > > dev-security-policy mailing list > > [email protected] > > https://lists.mozilla.org/listinfo/dev-security-policy > >
Yes, we have new version translations. We have uploaded to Bug 1128392. CP V1.4: https://bug1128392.bmoattachments.org/attachment.cgi?id=8795090 CPS V4.3: https://bug1128392.bmoattachments.org/attachment.cgi?id=8795091 EV CP V1.2: https://bug1128392.bmoattachments.org/attachment.cgi?id=8795093 EV CPS V1.3: https://bug1128392.bmoattachments.org/attachment.cgi?id=8795094 _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
