Hello,

Thank you for the links.  I note, however, that there's at least one
difference between the native language version and the English translation:

http://www.gdca.com.cn/cps/cps version 4.3 has a section 4.2.4 covering
CAA.
https://bug1128392.bmoattachments.org/attachment.cgi?id=8795091 version 4.3
in English has no such section.

The fact there's a discrepancy is rather worrying.  Could you please check
and let me know if there are any other substantive differences between the
Chinese and English versions?

Cheers,

Andrew

On Mon, Sep 26, 2016 at 7:17 PM, <wangsn1...@gmail.com> wrote:

> 在 2016年9月27日星期二 UTC+8上午4:15:00,Andrew R. Whalley写道:
> > Hello,
> >
> > I have completed a read through of the English translations of the CP
> > (v1.2) and CPS (v4.1). Before I post my comments I wanted to see if there
> > were any more recent translations?  It looks like the local language
> > versions are 1.4 and 4.3 respectively.
> >
> > Many thanks,
> >
> > Andrew
> >
> > On Wed, Aug 3, 2016 at 2:45 PM, Kathleen Wilson <kwil...@mozilla.com>
> wrote:
> >
> > > This request from Guangdong Certificate Authority (GDCA) is to include
> the
> > > "GDCA TrustAUTH R5 ROOT" certificate, turn on the Websites trust bit,
> and
> > > enabled EV treatment.
> > >
> > > GDCA is a nationally recognized CA that operates under China’s
> Electronic
> > > Signature Law. GDCA’s customers are business corporations registered in
> > > mainland China, government agencies of China, individuals or mainland
> China
> > > citizens, servers of business corporations which have been registered
> in
> > > mainland China, and software developers.
> > >
> > > The request is documented in the following bug:
> > > https://bugzilla.mozilla.org/show_bug.cgi?id=1128392
> > >
> > > And in the pending certificates list:
> > > https://wiki.mozilla.org/CA:PendingCAs
> > >
> > > Summary of Information Gathered and Verified:
> > > https://bugzilla.mozilla.org/attachment.cgi?id=8749437
> > >
> > > Noteworthy points:
> > >
> > > * Root Certificate Download URL:
> > > https://bugzilla.mozilla.org/attachment.cgi?id=8748933
> > > https://www.gdca.com.cn/cert/GDCA_TrustAUTH_R5_ROOT.der
> > >
> > > * The primary documents are provided in Chinese.
> > >
> > > CA Document Repository: https://www.gdca.com.cn/
> > > customer_service/knowledge_universe/cp_cps/
> > > http://www.gdca.com.cn/cp/cp
> > > http://www.gdca.com.cn/cps/cps
> > > http://www.gdca.com.cn/cp/ev-cp
> > > http://www.gdca.com.cn/cps/ev-cps
> > >
> > > Translations into English:
> > > CP: https://bugzilla.mozilla.org/attachment.cgi?id=8650346
> > > CPS: https://bugzilla.mozilla.org/attachment.cgi?id=8688749
> > >
> > > * CA Hierarchy: This root certificate has internally-operated
> subordinate
> > > CAs
> > > - GDCA TrustAUTH R4 SSL CA (issues 2048-bit SSL certs)
> > > - GDCA TrustAUTH R4 Generic CA (issues 2048-bit individual certs)
> > > - GDCA TrustAUTH R4 CodeSigning CA (issues 2048-bit CodeSigning certs)
> > > - GDCA TrustAUTH R4 Extended Validation SSL CA (issues 2048-bit EV SSL
> > > certs)
> > > - GDCA TrustAUTH R4 Extended Validation Code Signing CA (issues
> 2048-bit
> > > EV CodeSigning certs)
> > >
> > > * This request is to turn on the Websites trust bit.
> > >
> > > CPS section 3.2.5: For domain verification, GDCA needs to check the
> > > written materials which can be used to prove the ownership of
> corresponding
> > > domain provided by applicant. Meanwhile, GDCA should ensure the
> ownership
> > > of domain from corresponding registrant or other authoritative
> third-party
> > > databases. During the verification, GDCA needs to perform the following
> > > procedures:
> > > 1. GDCA should confirm that the domain's owner is certificate applicant
> > > based on the information queried from corresponding domain registrant
> or
> > > authoritative third-party database and provided by applicant.
> > > 2. GDCA should confirm that the significant information (such as
> document
> > > information of applicant) in application materials are consistent with
> the
> > > reply of domain's owner by sending email or making phone call based on
> the
> > > contact information (such as email, registrar, administrator's email
> > > published at this domain's website, etc.) queried from corresponding
> domain
> > > registrant or authoritative third-party database.
> > > If necessary, GDCA also need to take other review measures to confirm
> the
> > > ownership of the domain name. Applicant can't refuse to the request for
> > > providing appropriate assistance.
> > >
> > >
> > > * EV Policy OID: 1.2.156.112559.1.1.6.1
> > >
> > > * Test Website: https://ev-ssl-test-1.95105813.cn/
> > >
> > > * CRL URLs:
> > > http://www.gdca.com.cn/crl/GDCA_TrustAUTH_R5_ROOT.crl
> > > http://www.gdca.com.cn/crl/GDCA_TrustAUTH_R4_SSL_CA.crl
> > > http://www.gdca.com.cn/crl/GDCA_TrustAUTH_R4_Extended_
> > > Validation_SSL_CA.crl
> > >
> > > * OCSP URL:
> > > http://www.gdca.com.cn/TrustAUTH/ocsp
> > >
> > > * Audit: Annual audits are performed by PricewaterhouseCoopers Zhong
> Tian
> > > LLP according to the WebTrust criteria.
> > > WebTrust CA: https://cert.webtrust.org/SealFile?seal=2024&file=pdf
> > > WebTrust BR: https://cert.webtrust.org/SealFile?seal=2025&file=pdf
> > > WebTrust EV: https://cert.webtrust.org/SealFile?seal=2026&file=pdf
> > >
> > > * Potentially Problematic Practices: None Noted
> > > (http://wiki.mozilla.org/CA:Problematic_Practices)
> > >
> > > This begins the discussion of the request from Guangdong Certificate
> > > Authority (GDCA) to include the "GDCA TrustAUTH R5 ROOT" certificate,
> turn
> > > on the Websites trust bit, and enabled EV treatment. At the conclusion
> of
> > > this discussion I will provide a summary of issues noted and action
> items.
> > > If there are outstanding issues, then an additional discussion may be
> > > needed as follow-up. If there are no outstanding issues, then I will
> > > recommend approval of this request in the bug.
> > >
> > > Kathleen
> > >
> > > _______________________________________________
> > > dev-security-policy mailing list
> > > dev-security-policy@lists.mozilla.org
> > > https://lists.mozilla.org/listinfo/dev-security-policy
> > >
>
> Yes, we have new version translations. We have uploaded to Bug 1128392.
> CP V1.4: https://bug1128392.bmoattachments.org/attachment.cgi?id=8795090
> CPS V4.3: https://bug1128392.bmoattachments.org/attachment.cgi?id=8795091
> EV CP V1.2: https://bug1128392.bmoattachments.org/attachment.
> cgi?id=8795093
> EV CPS V1.3: https://bug1128392.bmoattachments.org/attachment.
> cgi?id=8795094
> _______________________________________________
> dev-security-policy mailing list
> dev-security-policy@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-security-policy
>
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to