Hi Gerv, Please check this news (Feb 25th 2015) in OSCCA website: http://www.oscca.gov.cn/News/201312/News_1254.htm that all China licensed CA finished the PKI/CA system upgrade that all licensed CA MUST be able to issue SM2 certificate to subscribers.
As I said in last year CABF face to face meeting in Switzerland, WebTrust is USA standard, ESTI is Europe standard, I think China have its own standard also. This a problem for global CA that have business in worldwide countries that maybe need to setup many roots to manage for complying with different standard. We know issuing SM2 cert is not complied with BR, but you can treat it as "compelled" by regulations, so we need to test the gateway installed RSA certificate and SM2 certificate in the public Internet, to test the auto-negotiation from browser to gateway, if the browser like Firefox don't support SM2, then the gateway will use RSA certificate for communication, if the browser like 360 browser that support SM2, then use SM2 certificate. We revoked the SM2 certificate after finishing the test. Regards, Richard -----Original Message----- From: dev-security-policy [mailto:dev-security-policy-bounces+richard=wosign....@lists.mozilla.org] On Behalf Of Gervase Markham Sent: Friday, September 23, 2016 6:55 PM To: Han Yuwei <hanyuwe...@gmail.com>; mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: Incidents involving the CA WoSign On 23/09/16 11:49, Han Yuwei wrote: >> http://www.oscca.gov.cn/Column/Column_32.htm > > If anybody want a English version of laws & regulations, Percy and I may help. No-one is denying that SM2 may be a Chinese government standard. What we are saying is the fact that it's a standard does not compel WoSign to issue certificates using it from their publicly-trusted roots. Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy