I have added BJCA's email addresses, including "[email protected]", to the list with posting privileges. Hopefully this will enable some responses. Thanks, Ben
On Thu, Jan 26, 2023 at 9:00 AM Ben Wilson <[email protected]> wrote: > From BJCA - > Hi Ben, > When we reply to the forum through our gmail account, we are prompted that > we have no permission. This gmail address ([email protected]) represents > BJCA, please help to add permissions so that we can participate in the > discussion, thank you. > > [email protected] > ------------------------ > I'll see what I can do to get this straightened out. > Ben > > On Wed, Jan 25, 2023 at 7:06 PM Kurt Seifried <[email protected]> wrote: > >> Is BJCA.cn still on this list? if we've only got 3 weeks (21 days) and >> they take 2+ days to answer we're going to run out of time pretty quickly. >> >> On Mon, Jan 23, 2023 at 6:11 PM Kurt Seifried <[email protected]> wrote: >> >>> This seems to mostly depend upon BJCA.cn disclosing information to us. >>> Information we have asked for in the past but been told is "confidential" >>> and so on. >>> >>> So with this in mind: BJCA.cn: can you please explain how your company >>> is structured to prevent subversion of the root certificate authority? E.g. >>> technical measures can be circumvented trivially if the people running them >>> are told to do so (and if they don't they can be replaced with people that >>> will). >>> >>> On Mon, Jan 23, 2023 at 4:57 PM Ben Wilson <[email protected]> wrote: >>> >>>> All, >>>> >>>> We recently concluded a six-week public discussion on the CCADB Public >>>> list for the root inclusion request of Beijing CA (BJCA), >>>> https://groups.google.com/a/ccadb.org/g/public/c/o9lbCbr92Ug/m/lPkqrHF1DQAJ. >>>> This >>>> email is to announce a continued 3-week discussion of BJCA’s inclusion >>>> application to be held on this list. The reason for this continued >>>> discussion is that we need to gather more information to better understand >>>> BJCA’s operational and management controls and the One Pass software (among >>>> any other issues that might be raised during this continued discussion). >>>> >>>> The current state of our understanding is summarized in the post >>>> referenced in the link above. That is, BJCA operates two different >>>> infrastructures, one that meets the needs of its national government and >>>> another that aims to meet the needs of the global public. Also, according >>>> to BJCA, the One Pass software was mislabelled as spyware. >>>> >>>> There hasn’t been enough evidence yet to make conclusions about these >>>> two questions–how is management and operation of the two infrastructures >>>> separated, given that they both are part of the same company, and did the >>>> Beijing One Pass software have any components that would be considered >>>> spyware? I would expect that BJCA might want to respond initially to these >>>> questions, even if they believe that they have answered them adequately in >>>> the past. >>>> >>>> We need fact-based discourse that answers these questions. >>>> >>>> In addition to these questions, does anyone have examples of other >>>> conduct by BJCA or insights into its practices? Can anyone provide more >>>> information about BJCA’s information security practices, compliance with >>>> international standards, or performance under other metrics that will help >>>> determine its future conduct, were it to become a publicly trusted CA? >>>> >>>> I’d like to continue this discussion through Monday, February 13, 2023. >>>> As with the public discussion held on CCADB Public, please reply directly >>>> in this discussion thread with thoughtful and constructive comments, and a >>>> representative of BJCA must respond here to all questions or issues that >>>> are raised. >>>> >>>> Thanks, >>>> >>>> Ben >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "[email protected]" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaaRA81B1SF%3DSRF%3DPsJJcNsoq70hDZO703yOtG4FMPajTw%40mail.gmail.com >>>> <https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaaRA81B1SF%3DSRF%3DPsJJcNsoq70hDZO703yOtG4FMPajTw%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>> >>> >>> -- >>> Kurt Seifried (He/Him) >>> [email protected] >>> >> >> >> -- >> Kurt Seifried (He/Him) >> [email protected] >> > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaYDix5sA6NSA5oZmj7sFMia9bVLytw14iRrFeeBa%3DwEXQ%40mail.gmail.com.
