Hi All,
We have just updated and published our CP/CPS, and the latest versions are
available at:
CP V1.7: https://bug1128392.bmoattachments.org/attachment.cgi?id=8871236
CPS V4.6: https://bug1128392.bmoattachments.org/attachment.cgi?id=8871237
EV CP V1.5: https://bug1128392.bmoattachments.org/at
在 2017年5月17日星期三 UTC+8下午5:18:59,Rob Stradling写道:
> On 12/05/17 06:51, wangsn1206--- via dev-security-policy wrote:
> > 在 2017年5月11日星期四 UTC+8下午5:58:00,Rob Stradling写道:
> >> On 11/05/17 10:42, wangsn1206--- via dev-security-policy wrote:
> >>
> >>>> * CPS
在 2017年5月16日星期二 UTC+8上午5:19:14,Patrick Tronnier写道:
> Greetings, I have reviewed your second BR self-assessment
> (https://bugzilla.mozilla.org/attachment.cgi?id=8860627) against your updated
> CP/CPS (CP V1.6, CPS V4.5, EV CP V1.4, and EV CPS V1.5) and provided the
> following comments and/or re
在 2017年5月11日星期四 UTC+8下午5:58:00,Rob Stradling写道:
> On 11/05/17 10:42, wangsn1206--- via dev-security-policy wrote:
>
> >> * CPS Appendix1: Certificate information of the publicly trusted CAs: Most
> >> of the listed CAs can't be found in crt.sh - it would be gre
Hi Andrew,
Thanks for the comments. Please check our following responses.
> * Please don't protect your PDFs for printing
>
We have removed the restrictions on the printing of the PDF documents and
re-uploaded them to the BUG, these documents are available at:
https://bug1128392.bmoattachments
在 2017年4月4日星期二 UTC+8上午1:47:34,Kathleen Wilson写道:
> I updated https://wiki.mozilla.org/CA:BRs-Self-Assessment to add a section
> called 'Annual BR Self Assessment', which states:
> "CAs with included root certificates that have the Websites trust bit set
> must do an annual self-assessment of the
在 2017年4月20日星期四 UTC+8下午11:31:14,Patrick Tronnier写道:
> On Thursday, April 20, 2017 at 9:30:31 AM UTC-4, wangs...@gmail.com wrote:
> > We have just published the updated CP/CPS documents, this version has been
> > revised according to the latest Baseline Requirements and has been reviewed
> > inter
We have just published the updated CP/CPS documents, this version has been
revised according to the latest Baseline Requirements and has been reviewed
internally, meanwhile, the points our “Analysis on the Compliance of GDCA’s CP
and CPS with the Baseline Requirements (published on March 25, 201
在 2017年3月30日星期四 UTC+8下午10:34:00,Patrick Tronnier写道:
> On Sunday, March 26, 2017 at 11:48:43 PM UTC-4, wangs...@gmail.com wrote:
> > We compiled an analysis document on our CP/CPS’s Compliance with the BRs
> > for everyone to review and comment. You can find the document at the
> > following addre
在 2017年3月30日星期四 UTC+8下午10:34:00,Patrick Tronnier写道:
> On Sunday, March 26, 2017 at 11:48:43 PM UTC-4, wangs...@gmail.com wrote:
> > We compiled an analysis document on our CP/CPS’s Compliance with the BRs
> > for everyone to review and comment. You can find the document at the
> > following addre
We compiled an analysis document on our CP/CPS’s Compliance with the BRs for
everyone to review and comment. You can find the document at the following
address of the
BUG:https://bug1128392.bmoattachments.org/attachment.cgi?id=8851230
Your suggestions will be much appreciated.
The answer is yes. That’s why we need to apply for root inclusion. We also
upload the latest version of CP/CPS here for your convenience.
1. GDCA CP Ver 1.5
https://bug1128392.bmoattachments.org/attachment.cgi?id=8813656
2. GDCA CPS Ver 4.4
https://bug1128392.bmoattachments.org/attachment.cgi?i
Thanks for all suggestions upon our CP/CPS and base on the development of our
business, we have revised and prepared a bilingual edition of CP/CPS, which
have been submitted to our auditor to check the consistency of major contents
between Chinese version and English version, and officially publ
在 2016年11月18日星期五 UTC+8下午10:05:46,Gervase Markham写道:
> On 18/11/16 11:38, wangsn1...@gmail.com wrote:
> > GDCA takes security and governance seriously and we have a strict
> > control for Chinese version CP/CPS, all the contents are disclosed.
> > And The Chinese versions for CPS 4.1, 4.2, 4.3 are p
在 2016年11月17日星期四 UTC+8下午7:20:05,Gervase Markham写道:
> Hi Kathleen,
>
> On 15/11/16 00:51, Kathleen Wilson wrote:
> > There were some recommendations to deny this request due to the
> > versioning problems between the English documents and the original
> > documents.
> >
> > Do you all still feel t
在 2016年11月16日星期三 UTC+8上午1:11:05,Han Yuwei写道:
> 在 2016年11月15日星期二 UTC+8下午7:03:07,wangs...@gmail.com写道:
> > 在 2016年11月15日星期二 UTC+8上午8:51:25,Kathleen Wilson写道:
> > > On Friday, October 28, 2016 at 7:29:56 AM UTC-7, wangs...@gmail.com wrote:
> > > > We have uploaded the lastest translantion of CP/CPS.
>
在 2016年11月16日星期三 UTC+8上午6:35:22,Kathleen Wilson写道:
> On Tuesday, November 15, 2016 at 10:41:28 AM UTC-8, Peter Bowen wrote:
> > I think Mozilla needs to update its guidance to CAs. The information
> > checklist directions
> > (https://wiki.mozilla.org/CA:Information_checklist#Verification_Policies
在 2016年11月15日星期二 UTC+8上午8:51:25,Kathleen Wilson写道:
> On Friday, October 28, 2016 at 7:29:56 AM UTC-7, wangs...@gmail.com wrote:
> > We have uploaded the lastest translantion of CP/CPS.
> > CP: https://bugzilla.mozilla.org/attachment.cgi?id=8805543
> > CPS: https://bug1128392.bmoattachments.org/atta
在 2016年10月30日星期日 UTC+8下午9:13:32,Gervase Markham写道:
> On 29/10/16 22:23, Han Yuwei wrote:
> > Is SM2 acceptable in publicy-trusted CAs? I don't think so.
>
> No; the BRs list the permitted algorithms, and SM2 is not one of them.
>
> > Maybe Gerv could explain more about this. And I am wondering wh
在 2016年10月28日星期五 UTC+8上午8:19:43,Percy写道:
> "When facing any requirements of laws and regulations or any demands for
> undergoing legal
> process of court and other agencies, GDCA must provide confidential
> information in this CP"
>
> Can GDCA specify what other agencies are included? In China,
We have uploaded the lastest translantion of CP/CPS.
CP: https://bugzilla.mozilla.org/attachment.cgi?id=8805543
CPS: https://bug1128392.bmoattachments.org/attachment.cgi?id=8805545
EV CP: https://bugzilla.mozilla.org/attachment.cgi?id=8805546
EV CPS: https://bug1128392.bmoattachments.org/attachment
We are not intended to cover-up anything since we had disclosed every change to
the Chinese version CP/CPS at once after the auditor reviewed.
The “ROOTCA(SM2)” CA in $1.1.3 of CPS ver4.3 is equivalent to the “SM2 ROOT
Certificate” CA in $1.1.3 of CPS ver4.1. The “Guangdong Certificate
Authority
在 2016年10月27日星期四 UTC+8上午8:09:06,Peter Kurrasch写道:
> I think these are both good points and my recommendation is that Mozilla deny
> GDCA's request for inclusion.
>
>
> We should not have to explain something as basic as document versioning and
> version control. If GDCA can not demonstrate suff
We have already implemented version control on Chinese version CP/CPS, which
include version number (e.g. V4.3) and effective date (e.g. 2016-08-01). The
revision and release of CP/CPS are reviewed and approved by the security policy
committee (see section 1.5 in CP/CPS).
Meanwhile, we are a
在 2016年10月21日星期五 UTC+8上午12:15:00,Han Yuwei写道:
> 在 2016年10月20日星期四 UTC+8上午5:27:42,Andrew R. Whalley写道:
> > Hello,
> >
> > Thank you for the links. I note, however, that there's at least one
> > difference between the native language version and the English translation:
> >
> > http://www.gdca.com.
在 2016年10月21日星期五 UTC+8上午10:52:42,Percy写道:
> Thanks for bringing the discrepancy into our attention.
> Even the cover page of the English and Chinese version of CPS are dated
> differently.
>
> English
> Global Digital Cybersecurity Authority
> CO., LTD.
> Certification Practice Statement (CPS) V
在 2016年9月27日星期二 UTC+8上午4:15:00,Andrew R. Whalley写道:
> Hello,
>
> I have completed a read through of the English translations of the CP
> (v1.2) and CPS (v4.1). Before I post my comments I wanted to see if there
> were any more recent translations? It looks like the local language
> versions are 1
> Dear Peter, Thanks for your comments! We think that there are some good
> suggestions for our work. We’ll take notes and do better in our future work.
> >> We have discussed these questions with our auditor. Here are our reply to
> your comments: >
> - The basic WebTrust for CA Report does n
在 2016年9月17日星期六 UTC+8上午5:38:29,Percy写道:
> On Wednesday, August 3, 2016 at 2:45:23 PM UTC-7, Kathleen Wilson wrote:
> > This request from Guangdong Certificate Authority (GDCA) is to include the
> > "GDCA TrustAUTH R5 ROOT" certificate, turn on the Websites trust bit, and
> > enabled EV treatment.
Dear Peter, Thanks for your comments! We think that there are some good
suggestions for our work. We’ll take notes and do better in our future work.
We have discussed these questions with our auditor. Here are our reply to your
comments:
Opportunties for Improvement:
- The basic WebTrus
30 matches
Mail list logo