On 1/7/15 1:23 PM, Kathleen Wilson wrote:
China Financial Certification Authority (CFCA) has applied to include
the “CFCA EV ROOT” root certificate, turn on the websites trust bit, and
enable EV treatment.
The first discussion resulted in CA action items, which have been
completed.
https://groups.google.com/d/msg/mozilla.dev.security.policy/2G6KuAT9Ekk/GyakphSLS5EJ
https://bugzilla.mozilla.org/show_bug.cgi?id=926029#c26
For your convenience, and because the request has been changed to be
just for the EV root, I will re-summarize the request below.
CFCA is a national authority of security authentication approved by the
People’s Bank of China and state information security administration.
CFCA is a critical national infrastructure of financial information
security and one of the first certification service suppliers granted a
certification service license after the release of the Electronic
Signature Law of the People’s Republic of China. There are more than 200
Chinese banks that are using CFCA’s certificates to ensure the security
of online banking trade.
The request is documented in the following bug:
https://bugzilla.mozilla.org/show_bug.cgi?id=926029
And in the pending certificates list:
http://www.mozilla.org/en-US/about/governance/policies/security-group/certs/pending/
Summary of Information Gathered and Verified:
https://bugzilla.mozilla.org/attachment.cgi?id=8545426
Noteworthy points:
* The primary documents are the CPS and CP, which are provided in
Chinese, and the CPS has been translated into English.
Document repository: http://www.cfca.com.cn/us/us-12.htm
CPS (Chinese) http://www.cfca.com.cn/file/qqfwq-cps.zip
CP (Chinese): http://www.cfca.com.cn/file/qqfwq-cp.zip
CPS (English): http://www.cfca.com.cn/file/CFCA-1403-CPS-en.rar
* CA Hierarchy: The “CFCA EV ROOT” root has one internally-operated
subordinate CA, “CFCA EV OCA”, which issues EV SSL certificates.
* This request is to turn on the websites trust bit for the “CFCA EV
ROOT” root certificate, and enable EV treatment.
All,
Does anyone have questions or comments about CFCA's request for root
inclusion and EV treatment?
Thanks,
Kathleen
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy