While you are here, I hope you can answer a couple of questions.
1) Are the first three shareholders listed in the attached file the
same companies as the "Qihoo 360 Software (Beijing) Co., Ltd.",
"Beijing Qifutong
Technology Co., Ltd.", and "Beijing Yuan Tu Technology Co., Ltd."
entities listed in Qihoo 360 SEC reports as VIEs or subsidiaries of
VIEs?
[Xiaosheng]: Yes, they are.
2) Does Qihoo 360, a Qihoo 360 subsidiary, a Qihoo 360 VIE, or a Qihoo
360 VIE subsidiary, or a combination of those own or control a
majority of shares in WoSign?
[Xiaosheng]: Yes, the combination of those own 84% of shares in Wosign.
Thanks,
Peter
>
> Thanks,
> Xiaosheng
>
> Xiaosheng Tan, Chief Security Officer
> Qihoo 360
> E-Mail: tanxiaosh...@360.cn
> Web: www.360.cn <http://www.360.cn/>
> Address: Bldg 2, 6 Haoyuan, Jiuxianqiao Rd, Chaoyang Dist, Beijing, China
100015
>
>
> 在 16/9/20 下午2:05,“dev-security-policy 代表
Percy”<dev-security-policy-bounces+tanxiaosheng=360...@lists.mozilla.org 代表
percyal...@gmail.com> 写入:
>
> On Monday, September 19, 2016, Richard Wang <rich...@wosign.com>
wrote:
>
> > Thanks for your pointing out one of the very important evidence for
the
> > transaction is NOT completed till yesterday that we released the
news after
> > it is finished at the first phase. We just finished the UK company
> > investment.
> >
> > For Qihoo 360, I don't know anything and I don’t have the right to
do any
> > comment. Sorry.
>
> Considering that StartCom is hosted by Qihoo 360
>
https://pierrekim.github.io/blog/2016-02-16-why-i-stopped-using-startssl-because-of-qihoo-360.html
> and
> that you're the sole director of StartCom, it's hard for me to
believe that
> you "don't know anything" about Qihoo 360.
>
> >
> > Best Regards,
> >
> > Richard
> >
> > -----Original Message-----
> > From: Peter Bowen [mailto:pzbo...@gmail.com <javascript:;>]
> > Sent: Tuesday, September 20, 2016 10:18 AM
> > To: Richard Wang <rich...@wosign.com <javascript:;>>
> > Cc: Nick Lamb <tialara...@gmail.com <javascript:;>>;
> > mozilla-dev-security-pol...@lists.mozilla.org <javascript:;>
> > Subject: Re: Incidents involving the CA WoSign
> >
> > Richard,
> >
> > As someone pointed out on Twitter this morning, it seems that the
PSC
> > notification for Startcom UK was filed recently:
> > https://s3-eu-west-1.amazonaws.com/document-api-images-prod/docs/
> > UdxHYAlFj6U9DNs6VBJdnIDv4IQAWd4YKYomMERO_2o/application-pdf
> > Were you unaware of this filing?
> >
> > Additionally, companies that register to trade on the New York Stock
> > Exchange have to file reports with the US Security and Exchange
> > Commission. Qihoo 360 filed a report that included a list of their
> > variable interest entities and Qihoo's percent of economic interest
in each
> > (https://www.sec.gov/Archives/edgar/data/1508913/
> > 000114420413022823/v341745_20f.htm
> > page F-10). It also describes all the ways in which Qihoo 360
controls
> > these entities, including assuring that Qihoo has decision making
authority
> > over the entities.
> >
> > I agree that Mozilla does not require reporting that multiple Root
CAs are
> > Affiliates. Perhaps it should. However, as you know, the
CA/Browser Forum
> > does require such. So I don't think it would be a stretch for
Mozilla to
> > do so. It is something that should probably be added to the 2.3
policy
> > discussion.
> >
> > Thanks,
> > Peter
> >
> >
> > On Mon, Sep 19, 2016 at 6:51 PM, Richard Wang <rich...@wosign.com
> > <javascript:;>> wrote:
> > > Thanks for your detail info.
> > > No worry about this, all companies must be complied with local
law.
> > >
> > > But I really don't care who is my company's shareholder's
shareholder's
> > shareholder, you need to find out this by yourself if you care.
> > >
> > > If you think Mozilla must require this, please add to the Mozilla
policy
> > that require all CA disclose its nine generation including all
subordinate
> > companies and all parent companies.
> > >
> > >
> > > Best Regards,
> > >
> > > Richard
> > >
> > > -----Original Message-----
> > > From: dev-security-policy
> > > [mailto:dev-security-policy-bounces+richard <javascript:;>
> > =wosign.com@lists.mozilla.o
> > > rg] On Behalf Of Nick Lamb
> > > Sent: Tuesday, September 20, 2016 9:06 AM
> > > To: mozilla-dev-security-pol...@lists.mozilla.org <javascript:;>
> > > Subject: Re: Incidents involving the CA WoSign
> > >
> > > On Tuesday, 20 September 2016 01:25:59 UTC+1, Richard Wang wrote:
> > >> This case is WoSign problem, you found out all related
subordinate
> > companies and all related parent companies that up to nine
generations! I
> > think this is NOT the best practice in the modern law-respect
society.
> > >
> > > It seems the governments of the European Union countries
(including the
> > UK where one of the mentioned companies is located) disagree with
you about
> > whether this is best practice.
> > >
> > > Identifying individual human persons behind a company is a key
plank of
> > their anti-money laundering and anti-tax evasion policies. To
identify
> > these human persons it is necessary to look through any number
(even more
> > than nine) of layers of corporate ownership. In the UK the legal
term is
> > Persons with Significant Control and PSC registration is mandatory
since
> > this summer, a company registered in the UK is obliged to figure
out if
> > there are such Persons and if so list them in its routine filings.
Failing
> > to properly investigate, or concealing the truth about control of
the
> > company is punishable by forfeiture, ie the state would seize the
company's
> > assets.
> >
>
>
> --
> _______________________________________________
> dev-security-policy mailing list
> dev-security-policy@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-security-policy
>
>
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
