Thanks, Ryan Indeed, its really quite complicated.
I agree with Pekka in a sense that eIDAS & GDPR chaos is not directly related to this request, however this CA is quite similar to Telia Company AB's eIDAS business. See in-line. On Tue, Jan 4, 2022, 19:36 Ryan Sleevi <[email protected]> wrote: > > > On Tue, Jan 4, 2022 at 9:46 AM Moudrick Dadashov <[email protected]> > wrote: > >> Thanks, Ryan >> >> I'm afraid we are taking wrong direction. :) >> >> As I responded to Pekka today, the email you are commenting below is my >> answer to your questions about my comments re: eIDAS & GDPR chaos. If you >> are still interested, we can continue this discussion separately. >> > >> To keep the root inclusion process in order, I'd suggest to reply to my >> last email today. >> > > Hi Moudrick, > > Thanks for attempting to clarify. However, I'm still struggling here to > understand the substance of your messages. Right now, they feel very > incoherent, and I want to make sure I (and others watching this thread) are > not misunderstanding which points you believe are on-topic and which are > not. > > You originally suggested this discussion was relevant, when you wrote: > >> If approved, this request will create a precedent of ”do like Telia” - a >> practice that is widely used by Telia Company AB and its affiliates in the >> trust services markets under eIDAS. That’s how the recent eIDAS & GDPR >> misimplementation chaos started. >> > > Your latest reply makes it seem like "the recent eIDAS & GDPR > misimplementation chaos" is unrelated to this inclusion. However, I'm > having trouble understanding that, since in the above message, you > reference "widely used by Telia Company AB and its affiliates", and in your > explanation of the chaos, you stated: > > instance means a data object that Telia's affiliates - SK ID Solutions >> (formerly AS Sertifitseerimeskeskus) together with its RA - Omnitel (legal >> name - AB Telia Lietuva) have been issuing to the public as "qualified >> certificate" >> > > and > >> Correct. Telia Company AB is the driving force of an ”organized group”, >> where >> > > > So the discussion about eIDAS and GDPR chaos is something that you > introduced as directly factoring in to considering, so I'm not sure I > understand why the change in direction. If it's not relevant to the > discussion of Telia, that's totally fine - but I want to make sure that's > explicitly what you're stating, because you introduced it as relevant for > consideration. > Ryan, I'm afraid of creating disorder in this discussion - I've comments ***directly*** related to this request (with references to CA's documentation), I also have comments about eIDAS & GDPR chaos created by Telia Company AB (BTW similar to this CA, Telia Company AB has no PKI participant role (disclosed obligations) in SK ID Solutions' operations). This practice takes its roots from Telia Company AB's telco/ISP business, where they have operational access/control over its national affiliate's business. This means nobody will be able to investigate incidents caused directly by Telia Company AB (as it happened some years ago when prosecuters discovered a spying system collecting terabytes of phone call data - this equipment was installed by "Telia people"). Again, I've no preference where to discuss this - I can respond to your previous email or you can forward it as a new message. Makes sense? Thanks, M.D. -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CAMMZRryfPXVv9pGK_3e06Xsu5Mfpuaz2RWSRCGLUUFOSKPcJQA%40mail.gmail.com.
