Thanks to all of you who reviewed and commented on this request from Guangdong
Certificate Authority (GDCA) to include the GDCA TrustAUTH R5 ROOT certificate,
turn on the Websites trust bit, and enabled EV treatment.
I believe that all of the concerns that were raised in this discussion have
The updated documents are also posted on the CA's website:
https://www.gdca.com.cn/customer_service/knowledge_universe/cp_cps/
Current audit statements are here:
WebTrust CA: https://cert.webtrust.org/ViewSeal?id=2231
WebTrust BR: https://cert.webtrust.org/ViewSeal?id=2232
WebTrust EV SSL:
Hi All,
We have just updated and published our CP/CPS, and the latest versions are
available at:
CP V1.7: https://bug1128392.bmoattachments.org/attachment.cgi?id=8871236
CPS V4.6: https://bug1128392.bmoattachments.org/attachment.cgi?id=8871237
EV CP V1.5:
在 2017年5月17日星期三 UTC+8下午5:18:59,Rob Stradling写道:
> On 12/05/17 06:51, wangsn1206--- via dev-security-policy wrote:
> > 在 2017年5月11日星期四 UTC+8下午5:58:00,Rob Stradling写道:
> >> On 11/05/17 10:42, wangsn1206--- via dev-security-policy wrote:
> >>
> * CPS Appendix1: Certificate information of the
On 12/05/17 06:51, wangsn1206--- via dev-security-policy wrote:
在 2017年5月11日星期四 UTC+8下午5:58:00,Rob Stradling写道:
On 11/05/17 10:42, wangsn1206--- via dev-security-policy wrote:
* CPS Appendix1: Certificate information of the publicly trusted CAs: Most
of the listed CAs can't be found in crt.sh
在 2017年5月16日星期二 UTC+8上午5:19:14,Patrick Tronnier写道:
> Greetings, I have reviewed your second BR self-assessment
> (https://bugzilla.mozilla.org/attachment.cgi?id=8860627) against your updated
> CP/CPS (CP V1.6, CPS V4.5, EV CP V1.4, and EV CPS V1.5) and provided the
> following comments and/or
Greetings, I have reviewed your second BR self-assessment
(https://bugzilla.mozilla.org/attachment.cgi?id=8860627) against your updated
CP/CPS (CP V1.6, CPS V4.5, EV CP V1.4, and EV CPS V1.5) and provided the
following comments and/or recommendations.
1. BR Section 3.2.2.5 Authentication for
在 2017年5月11日星期四 UTC+8下午5:58:00,Rob Stradling写道:
> On 11/05/17 10:42, wangsn1206--- via dev-security-policy wrote:
>
> >> * CPS Appendix1: Certificate information of the publicly trusted CAs: Most
> >> of the listed CAs can't be found in crt.sh - it would be great to get them
> >> CT logged.
> >>
On 11/05/17 10:42, wangsn1206--- via dev-security-policy wrote:
* CPS Appendix1: Certificate information of the publicly trusted CAs: Most
of the listed CAs can't be found in crt.sh - it would be great to get them
CT logged.
Already get CT logged for GDCA TrustAUTH R5 ROOT,and such operation
Hi Andrew,
Thanks for the comments. Please check our following responses.
> * Please don't protect your PDFs for printing
>
We have removed the restrictions on the printing of the PDF documents and
re-uploaded them to the BUG, these documents are available at:
在 2017年4月20日星期四 UTC+8下午11:31:14,Patrick Tronnier写道:
> On Thursday, April 20, 2017 at 9:30:31 AM UTC-4, wangs...@gmail.com wrote:
> > We have just published the updated CP/CPS documents, this version has been
> > revised according to the latest Baseline Requirements and has been reviewed
> >
On Thursday, April 20, 2017 at 9:30:31 AM UTC-4, wangs...@gmail.com wrote:
> We have just published the updated CP/CPS documents, this version has been
> revised according to the latest Baseline Requirements and has been reviewed
> internally, meanwhile, the points our “Analysis on the
在 2017年3月30日星期四 UTC+8下午10:34:00,Patrick Tronnier写道:
> On Sunday, March 26, 2017 at 11:48:43 PM UTC-4, wangs...@gmail.com wrote:
> > We compiled an analysis document on our CP/CPS’s Compliance with the BRs
> > for everyone to review and comment. You can find the document at the
> > following
在 2017年3月30日星期四 UTC+8下午10:34:00,Patrick Tronnier写道:
> On Sunday, March 26, 2017 at 11:48:43 PM UTC-4, wangs...@gmail.com wrote:
> > We compiled an analysis document on our CP/CPS’s Compliance with the BRs
> > for everyone to review and comment. You can find the document at the
> > following
On Sunday, March 26, 2017 at 11:48:43 PM UTC-4, wangs...@gmail.com wrote:
> We compiled an analysis document on our CP/CPS’s Compliance with the BRs for
> everyone to review and comment. You can find the document at the following
> address of the
>
All,
This request is to include the "GDCA TrustAUTH R5 ROOT" certificate, turn on
the Websites trust bit, and enabled EV treatment.
In order to help get this discussion moving again, I asked GDCA to provide a
side-by-side comparison of the latest version of the BRs with their CP/CPS
We compiled an analysis document on our CP/CPS’s Compliance with the BRs for
everyone to review and comment. You can find the document at the following
address of the
BUG:https://bug1128392.bmoattachments.org/attachment.cgi?id=8851230
Your suggestions will be much appreciated.
The answer is yes. That’s why we need to apply for root inclusion. We also
upload the latest version of CP/CPS here for your convenience.
1. GDCA CP Ver 1.5
https://bug1128392.bmoattachments.org/attachment.cgi?id=8813656
2. GDCA CPS Ver 4.4
On 22/11/16 15:47, wangsn1...@gmail.com wrote:
> into effect on Dec 1st, 2016. Here are the names of the files and
> their URL: 1. GDCA CP Ver 1.5
> https://www.gdca.com.cn/export/sites/default/customer_service/.content/attachments/1.GDCA-CP-V1.5.pdf
A bilingual edition seems like an excellent
Thanks for all suggestions upon our CP/CPS and base on the development of our
business, we have revised and prepared a bilingual edition of CP/CPS, which
have been submitted to our auditor to check the consistency of major contents
between Chinese version and English version, and officially
On 18/11/16 11:38, wangsn1...@gmail.com wrote:
> GDCA takes security and governance seriously and we have a strict
> control for Chinese version CP/CPS, all the contents are disclosed.
> And The Chinese versions for CPS 4.1, 4.2, 4.3 are published on the
> official website, so we cannot cover-up
在 2016年11月17日星期四 UTC+8下午7:20:05,Gervase Markham写道:
> Hi Kathleen,
>
> On 15/11/16 00:51, Kathleen Wilson wrote:
> > There were some recommendations to deny this request due to the
> > versioning problems between the English documents and the original
> > documents.
> >
> > Do you all still feel
On 17/11/2016 12:19, Gervase Markham wrote:
Hi Kathleen,
On 15/11/16 00:51, Kathleen Wilson wrote:
There were some recommendations to deny this request due to the
versioning problems between the English documents and the original
documents.
Do you all still feel that is the proper answer to
在 2016年11月16日星期三 UTC+8下午3:59:12,wangs...@gmail.com写道:
> 在 2016年11月16日星期三 UTC+8上午1:11:05,Han Yuwei写道:
> > 在 2016年11月15日星期二 UTC+8下午7:03:07,wangs...@gmail.com写道:
> > > 在 2016年11月15日星期二 UTC+8上午8:51:25,Kathleen Wilson写道:
> > > > On Friday, October 28, 2016 at 7:29:56 AM UTC-7, wangs...@gmail.com
> > >
Hi Kathleen,
On 15/11/16 00:51, Kathleen Wilson wrote:
> There were some recommendations to deny this request due to the
> versioning problems between the English documents and the original
> documents.
>
> Do you all still feel that is the proper answer to this root
> inclusion request?
As I
在 2016年11月16日星期三 UTC+8上午1:11:05,Han Yuwei写道:
> 在 2016年11月15日星期二 UTC+8下午7:03:07,wangs...@gmail.com写道:
> > 在 2016年11月15日星期二 UTC+8上午8:51:25,Kathleen Wilson写道:
> > > On Friday, October 28, 2016 at 7:29:56 AM UTC-7, wangs...@gmail.com wrote:
> > > > We have uploaded the lastest translantion of CP/CPS.
在 2016年11月16日星期三 UTC+8上午6:35:22,Kathleen Wilson写道:
> On Tuesday, November 15, 2016 at 10:41:28 AM UTC-8, Peter Bowen wrote:
> > I think Mozilla needs to update its guidance to CAs. The information
> > checklist directions
> >
On Tuesday, November 15, 2016 at 10:41:28 AM UTC-8, Peter Bowen wrote:
> I think Mozilla needs to update its guidance to CAs. The information
> checklist directions
> (https://wiki.mozilla.org/CA:Information_checklist#Verification_Policies_and_Practices)
> says "If the CP/CPS documents are not in
On Tue, Nov 15, 2016 at 3:02 AM, wrote:
>
> Because we misunderstand that we only need to provide the related chapters of
> CP/CPS in English, and non-related sections are not required. We are terribly
> sorry that we misinterpreted your requirement and upload an
On Tuesday, November 15, 2016 at 6:03:07 AM UTC-5, wangs...@gmail.com wrote:
> 在 2016年11月15日星期二 UTC+8上午8:51:25,Kathleen Wilson写道:
> > On Friday, October 28, 2016 at 7:29:56 AM UTC-7, wangs...@gmail.com wrote:
> > > We have uploaded the lastest translantion of CP/CPS.
> > > CP:
On 15/11/2016 18:10, Han Yuwei wrote:
在 2016年11月15日星期二 UTC+8下午7:03:07,wangs...@gmail.com写道:
在 2016年11月15日星期二 UTC+8上午8:51:25,Kathleen Wilson写道:
On Friday, October 28, 2016 at 7:29:56 AM UTC-7, wangs...@gmail.com wrote:
We have uploaded the lastest translantion of CP/CPS.
CP:
在 2016年11月15日星期二 UTC+8下午7:03:07,wangs...@gmail.com写道:
> 在 2016年11月15日星期二 UTC+8上午8:51:25,Kathleen Wilson写道:
> > On Friday, October 28, 2016 at 7:29:56 AM UTC-7, wangs...@gmail.com wrote:
> > > We have uploaded the lastest translantion of CP/CPS.
> > > CP:
Agree with Gerv & Tony,
More patience should be given if they want to improve.
And I don’t think “I posted on the solidot (Chinese Slashdot) about this. The
majority comments want the application rejected. “is enough to be the reason to
reject the request.
For many Chinese companies, they do
在 2016年11月15日星期二 UTC+8下午5:53:19,Gervase Markham写道:
> On 15/11/16 08:39, Percy wrote:
> > I posted on the solidot (Chinese Slashdot) about this. The majority
> > comments want the application rejected.
> >
On Wednesday, August 3, 2016 at 2:45:23 PM UTC-7, Kathleen Wilson wrote:
> This request from Guangdong Certificate Authority (GDCA) is to include the
> "GDCA TrustAUTH R5 ROOT" certificate, turn on the Websites trust bit, and
> enabled EV treatment.
>
> GDCA is a nationally recognized CA that
在 2016年11月15日星期二 UTC+8上午8:51:25,Kathleen Wilson写道:
> On Friday, October 28, 2016 at 7:29:56 AM UTC-7, wangs...@gmail.com wrote:
> > We have uploaded the lastest translantion of CP/CPS.
> > CP: https://bugzilla.mozilla.org/attachment.cgi?id=8805543
> > CPS:
On Friday, October 28, 2016 at 7:29:56 AM UTC-7, wangs...@gmail.com wrote:
> We have uploaded the lastest translantion of CP/CPS.
> CP: https://bugzilla.mozilla.org/attachment.cgi?id=8805543
> CPS: https://bug1128392.bmoattachments.org/attachment.cgi?id=8805545
> EV CP:
On Sun, Oct 30, 2016 at 11:34 PM, wrote:
> wangs...@gmail.com於 2016年10月31日星期一 UTC+8下午2時22分05秒寫道:
>> 在 2016年10月28日星期五 UTC+8上午8:19:43,Percy写道:
>> > "When facing any requirements of laws and regulations or any demands for
>> > undergoing legal
>> > process of court and
在 2016年10月30日星期日 UTC+8下午9:13:32,Gervase Markham写道:
> On 29/10/16 22:23, Han Yuwei wrote:
> > Is SM2 acceptable in publicy-trusted CAs? I don't think so.
>
> No; the BRs list the permitted algorithms, and SM2 is not one of them.
>
> > Maybe Gerv could explain more about this. And I am wondering
在 2016年10月28日星期五 UTC+8上午8:19:43,Percy写道:
> "When facing any requirements of laws and regulations or any demands for
> undergoing legal
> process of court and other agencies, GDCA must provide confidential
> information in this CP"
>
> Can GDCA specify what other agencies are included? In China,
On 29/10/16 22:23, Han Yuwei wrote:
> Is SM2 acceptable in publicy-trusted CAs? I don't think so.
No; the BRs list the permitted algorithms, and SM2 is not one of them.
> Maybe Gerv could explain more about this. And I am wondering what can
> CA do if government requirement conflicts with
在 2016年10月30日星期日 UTC+8上午5:30:23,Peter Bowen写道:
> > On Oct 29, 2016, at 2:23 PM, Han Yuwei wrote:
> >
> > 在 2016年10月28日星期五 UTC+8下午9:23:01,wangs...@gmail.com写道:
> >> We are not intended to cover-up anything since we had disclosed every
> >> change to the Chinese version
> > >
> > >
> > > From: Jakob Bohm
> > > Sent: Saturday, October 22, 2016 9:07 AM
> > > To: mozilla-dev-s...@lists.mozilla.org
> > > Subject: Re: Guang Dong Certifica
> On Oct 29, 2016, at 2:23 PM, Han Yuwei wrote:
>
> 在 2016年10月28日星期五 UTC+8下午9:23:01,wangs...@gmail.com写道:
>> We are not intended to cover-up anything since we had disclosed every change
>> to the Chinese version CP/CPS at once after the auditor reviewed.
>> The
在 2016年10月28日星期五 UTC+8下午9:23:01,wangs...@gmail.com写道:
> We are not intended to cover-up anything since we had disclosed every change
> to the Chinese version CP/CPS at once after the auditor reviewed.
> The “ROOTCA(SM2)” CA in $1.1.3 of CPS ver4.3 is equivalent to the “SM2 ROOT
> Certificate” CA
On 27/10/16 23:43, Han Yuwei wrote:
> Since Mozilla's working language is English (Not sure about this),
That is true.
> it's your responsibility to provide an accurate translation of CPS.
That is also true. However, we don't require that the English version be
the master copy.
Gerv
We have uploaded the lastest translantion of CP/CPS.
CP: https://bugzilla.mozilla.org/attachment.cgi?id=8805543
CPS: https://bug1128392.bmoattachments.org/attachment.cgi?id=8805545
EV CP: https://bugzilla.mozilla.org/attachment.cgi?id=8805546
EV CPS:
We are not intended to cover-up anything since we had disclosed every change to
the Chinese version CP/CPS at once after the auditor reviewed.
The “ROOTCA(SM2)” CA in $1.1.3 of CPS ver4.3 is equivalent to the “SM2 ROOT
Certificate” CA in $1.1.3 of CPS ver4.1. The “Guangdong Certificate
"When facing any requirements of laws and regulations or any demands for
undergoing legal
process of court and other agencies, GDCA must provide confidential information
in this CP"
Can GDCA specify what other agencies are included? In China, many requests are
relayed simply through a phone
> >
> >
> > From: Jakob Bohm
> > Sent: Saturday, October 22, 2016
> > >
> > >
> > > From: Jakob Bohm
> > > Sent: Saturday, October 22, 2016 9:07 AM
> > > To: mozilla-dev-s...@lists.mozilla.org
> > > Subject: Re: Gu
> >
> >
> > From: Jakob Bohm
> > Sent
>
> From: Jakob Bohm
> Sent: Saturday, October 22, 2016 9:07 AM
> To: mozilla-dev-s...@lists.mozilla.org
> Subject: Re: Guang Dong Certificate Authority (GDCA) root inclusion request
>
>
> On 21/10/2016 10:38, Han Yuwei wrote
I think these are both good points and my recommendation is that Mozilla deny GDCA's request for inclusion.We should not have to explain something as basic as document versioning and version control. If GDCA can
We have already implemented version control on Chinese version CP/CPS, which
include version number (e.g. V4.3) and effective date (e.g. 2016-08-01). The
revision and release of CP/CPS are reviewed and approved by the security policy
committee (see section 1.5 in CP/CPS).
Meanwhile, we are a
On 21/10/2016 10:38, Han Yuwei wrote:
I think this is a major mistake and a investgation should be conducted for CPS
is a critical document about CA. This is not just a translation problem but a
version control problem. Sometimes it can be lying.
Let me try to be more specific:
When
在 2016年10月21日星期五 UTC+8下午12:15:07,wangs...@gmail.com写道:
> 在 2016年10月21日星期五 UTC+8上午12:15:00,Han Yuwei写道:
> > 在 2016年10月20日星期四 UTC+8上午5:27:42,Andrew R. Whalley写道:
> > > Hello,
> > >
> > > Thank you for the links. I note, however, that there's at least one
> > > difference between the native
在 2016年10月21日星期五 UTC+8上午12:15:00,Han Yuwei写道:
> 在 2016年10月20日星期四 UTC+8上午5:27:42,Andrew R. Whalley写道:
> > Hello,
> >
> > Thank you for the links. I note, however, that there's at least one
> > difference between the native language version and the English translation:
> >
> >
在 2016年10月21日星期五 UTC+8上午10:52:42,Percy写道:
> Thanks for bringing the discrepancy into our attention.
> Even the cover page of the English and Chinese version of CPS are dated
> differently.
>
> English
> Global Digital Cybersecurity Authority
> CO., LTD.
> Certification Practice Statement (CPS)
Thanks for bringing the discrepancy into our attention.
Even the cover page of the English and Chinese version of CPS are dated
differently.
English
Global Digital Cybersecurity Authority
CO., LTD.
Certification Practice Statement (CPS) Version: V4.3
Effective Date: July 1, 2016
Chinese
在 2016年10月20日星期四 UTC+8上午5:27:42,Andrew R. Whalley写道:
> Hello,
>
> Thank you for the links. I note, however, that there's at least one
> difference between the native language version and the English translation:
>
> http://www.gdca.com.cn/cps/cps version 4.3 has a section 4.2.4 covering
> CAA.
Hello,
Thank you for the links. I note, however, that there's at least one
difference between the native language version and the English translation:
http://www.gdca.com.cn/cps/cps version 4.3 has a section 4.2.4 covering
CAA.
https://bug1128392.bmoattachments.org/attachment.cgi?id=8795091
在 2016年9月27日星期二 UTC+8上午4:15:00,Andrew R. Whalley写道:
> Hello,
>
> I have completed a read through of the English translations of the CP
> (v1.2) and CPS (v4.1). Before I post my comments I wanted to see if there
> were any more recent translations? It looks like the local language
> versions are
> Dear Peter, Thanks for your comments! We think that there are some good
> suggestions for our work. We’ll take notes and do better in our future work.
> >> We have discussed these questions with our auditor. Here are our reply to
> your comments: >
> - The basic WebTrust for CA Report does
在 2016年9月17日星期六 UTC+8上午5:38:29,Percy写道:
> On Wednesday, August 3, 2016 at 2:45:23 PM UTC-7, Kathleen Wilson wrote:
> > This request from Guangdong Certificate Authority (GDCA) is to include the
> > "GDCA TrustAUTH R5 ROOT" certificate, turn on the Websites trust bit, and
> > enabled EV
On Mon, Sep 19, 2016 at 1:56 AM, wrote:
> Dear Peter, Thanks for your comments! We think that there are some good
> suggestions for our work. We’ll take notes and do better in our future work.
>
> We have discussed these questions with our auditor. Here are our reply to
Dear Peter, Thanks for your comments! We think that there are some good
suggestions for our work. We’ll take notes and do better in our future work.
We have discussed these questions with our auditor. Here are our reply to your
comments:
Opportunties for Improvement:
- The basic
On Wed, Aug 3, 2016 at 2:45 PM, Kathleen Wilson wrote:
> This request from Guangdong Certificate Authority (GDCA) is to include the
> "GDCA TrustAUTH R5 ROOT" certificate, turn on the Websites trust bit, and
> enabled EV treatment.
>
> * CA Hierarchy: This root certificate
On Wednesday, August 3, 2016 at 2:45:23 PM UTC-7, Kathleen Wilson wrote:
> This request from Guangdong Certificate Authority (GDCA) is to include the
> "GDCA TrustAUTH R5 ROOT" certificate, turn on the Websites trust bit, and
> enabled EV treatment.
>
> GDCA is a nationally recognized CA that
69 matches
Mail list logo