>From BJCA - Hi Ben, When we reply to the forum through our gmail account, we are prompted that we have no permission. This gmail address ([email protected]) represents BJCA, please help to add permissions so that we can participate in the discussion, thank you.
[email protected] ------------------------ I'll see what I can do to get this straightened out. Ben On Wed, Jan 25, 2023 at 7:06 PM Kurt Seifried <[email protected]> wrote: > Is BJCA.cn still on this list? if we've only got 3 weeks (21 days) and > they take 2+ days to answer we're going to run out of time pretty quickly. > > On Mon, Jan 23, 2023 at 6:11 PM Kurt Seifried <[email protected]> wrote: > >> This seems to mostly depend upon BJCA.cn disclosing information to us. >> Information we have asked for in the past but been told is "confidential" >> and so on. >> >> So with this in mind: BJCA.cn: can you please explain how your company is >> structured to prevent subversion of the root certificate authority? E.g. >> technical measures can be circumvented trivially if the people running them >> are told to do so (and if they don't they can be replaced with people that >> will). >> >> On Mon, Jan 23, 2023 at 4:57 PM Ben Wilson <[email protected]> wrote: >> >>> All, >>> >>> We recently concluded a six-week public discussion on the CCADB Public >>> list for the root inclusion request of Beijing CA (BJCA), >>> https://groups.google.com/a/ccadb.org/g/public/c/o9lbCbr92Ug/m/lPkqrHF1DQAJ. >>> This >>> email is to announce a continued 3-week discussion of BJCA’s inclusion >>> application to be held on this list. The reason for this continued >>> discussion is that we need to gather more information to better understand >>> BJCA’s operational and management controls and the One Pass software (among >>> any other issues that might be raised during this continued discussion). >>> >>> The current state of our understanding is summarized in the post >>> referenced in the link above. That is, BJCA operates two different >>> infrastructures, one that meets the needs of its national government and >>> another that aims to meet the needs of the global public. Also, according >>> to BJCA, the One Pass software was mislabelled as spyware. >>> >>> There hasn’t been enough evidence yet to make conclusions about these >>> two questions–how is management and operation of the two infrastructures >>> separated, given that they both are part of the same company, and did the >>> Beijing One Pass software have any components that would be considered >>> spyware? I would expect that BJCA might want to respond initially to these >>> questions, even if they believe that they have answered them adequately in >>> the past. >>> >>> We need fact-based discourse that answers these questions. >>> >>> In addition to these questions, does anyone have examples of other >>> conduct by BJCA or insights into its practices? Can anyone provide more >>> information about BJCA’s information security practices, compliance with >>> international standards, or performance under other metrics that will help >>> determine its future conduct, were it to become a publicly trusted CA? >>> >>> I’d like to continue this discussion through Monday, February 13, 2023. >>> As with the public discussion held on CCADB Public, please reply directly >>> in this discussion thread with thoughtful and constructive comments, and a >>> representative of BJCA must respond here to all questions or issues that >>> are raised. >>> >>> Thanks, >>> >>> Ben >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "[email protected]" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaaRA81B1SF%3DSRF%3DPsJJcNsoq70hDZO703yOtG4FMPajTw%40mail.gmail.com >>> <https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaaRA81B1SF%3DSRF%3DPsJJcNsoq70hDZO703yOtG4FMPajTw%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >> >> >> -- >> Kurt Seifried (He/Him) >> [email protected] >> > > > -- > Kurt Seifried (He/Him) > [email protected] > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtabXJt-wWL9_gR0vMNxiKjxxST_770nzwgebaHDD9J7nHw%40mail.gmail.com.
