在 2016年10月30日星期日 UTC+8上午5:30:23,Peter Bowen写道:
> > On Oct 29, 2016, at 2:23 PM, Han Yuwei <hanyuwe...@gmail.com> wrote:
> > 
> > 在 2016年10月28日星期五 UTC+8下午9:23:01,wangs...@gmail.com写道:
> >> We are not intended to cover-up anything since we had disclosed every 
> >> change to the Chinese version CP/CPS at once after the auditor reviewed.
> >> The “ROOTCA(SM2)” CA in $1.1.3 of CPS ver4.3 is equivalent to the “SM2 
> >> ROOT Certificate” CA in $1.1.3 of CPS ver4.1. The “Guangdong Certificate 
> >> Authority(SM2) ” CA in $1.1.3 of CPS ver4.3 is equivalent to the “SM2 CA 
> >> Certificate” CA in $1.1.3 of CPS ver4.1. We change these names in diagram 
> >> in this revision in order to show the actual CN of these certificates. 
> >> Furthermore, we only issue SM2 subscriber certificates from the subCA of 
> >> “ROOTCA(SM2)” CA.
> > 
> > Is SM2 acceptable in publicy-trusted CAs? I don't think so.
> > 
> > Maybe Gerv could explain more about this. And I am wondering what can CA do 
> > if government requirement conflicts with Mozilla's policy?
> 
> It is acceptable to have a single CPS that covers CAs that are included the 
> Mozilla list of trust anchors and CAs that are not trusted by Mozilla.  The 
> CPS should make clear which portions apply to which CA when there are 
> portions that do not apply to all CAs.
> 
> In this case, I would expect that the ROOTCA(SM2) CA is not proposed for 
> inclusion in Mozilla.  As long as the CPS does not allow issuance of SM2 
> signed certificates or certificates with SM2 subject public keys from the CAs 
> proposed for inclusion in Mozilla, I do not seen an issue.
> 
> Thanks,
> Peter

I don't see anything about this in Chinese CPS or Bugzilla. Could someone point 
out or GDCA explain about this?
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to