Thanks, Pekka1) How/if Telia Company AB is (Sweden) involved in Telia Finland Oyj’s CA/RA operations?you clarified that Telia CA is a group function of virtual Telia CA team from many Telia affiliates, in the meantime Mozilla accepts only real CA with disclosed locations that were "included in the scope of the audit or should have been included in the scope of the audit, whether the inspection was physically carried out in person at each location, and which audit criteria were checked (or not checked) at each location".a) Is this audit material available somehere?The documents provided under this request show that Telia Company AB is a PKI participant whose roles/responsibilities within the CA are not disclosed. I’d suggest in your answers to focus on Telia Company AB CA/RA functions/responsibilities rather than ownership details - BRs and Mozilla policy do not assume any privileges for owners, affiliates or groups - CA’s operational independence must be ensured and respected not only by its affiliates (including owners) but also by its own company management.b) according to RFC 3647 BRs and Mozilla policy require CP and CPS, while this root has CPS only, correct?2) does "Telia CA Policy Management Team" mean Telia Finland Oyj?you explained that its a Telia group function with two participants Telia Finland Oyj and Cygate AB, however based on 1) and the documents provided under this request, this CA has at least three PKI participants whose roles/responsibilities need to be disclosed.3) what is "affiliate" in terms of specific CA/RA functions?you explaned that "We use affiliate like BR defines it", sorry, but this is misunderstanding - in BRs affiliate is used in specific CA/RA operation contexts, so please be as specific as possible, what is the role of the affiliate you mentioned earlier - Telia Lithuania (legal name AB Telia Lietuva)?Thanks,M.D.Sent from my Galaxy -------- Original message --------From: "[email protected]" <[email protected]> Date: 12/13/21 08:34 (GMT+02:00) To: [email protected] Cc: "[email protected]" <[email protected]> Subject: Re: FW: RE: Public Discussion: Inclusion of Telia Root CA v2 1) How/if Telia Company AB is (Sweden) involved in Telia Finland Oyj’s CA/RA operations?
The main company “Telia Company AB” is the owner of the other Telia organizations (aka companies aka subsidiaries aka affiliates). Telia Finland Oyj and Cygate AB are such subsidiaries. Within Telia Company group, each subsidiary is responsible for running the operations. Telia Finland Oyj is the legal entity running Telia CA operations. Telia employees from many Telia companies may belong to group functions that create systems for the whole Telia group. E.g. Telia CA is a group function so that persons in virtual Telia CA team come from many Telia affiliates and thus from many countries. Complex but big enterprises may work like this. To simplify a bit you can say that Telia Finland is running Telia CA using resources from many Telia affiliates. And all is owned by Telia Company AB. All Telia CA employees belong legally to one of the Telia affiliates. 2) does "Telia CA Policy Management Team" mean Telia Finland Oyj? Telia CA Policy Management team is also a Telia group function like described above. Currently it has members from “Telia Finland Oyj” and “Cygate AB”. 3) what is "affiliate" in terms of specific CA/RA functions? We use affiliate like BR defines it: “Affiliate: A corporation, partnership, joint venture or other entity controlling, controlled by, or under common control with another entity, or an agency, department, political subdivision, or any entity operating under the direct control of a Government Entity.” Resources to run CA/RA come from several Telia affiliates but CA belongs legally to Telia Finland Oyj. One RA belongs to and is run by Telia Finland Oyj and the other belongs to Cygate AB.maanantai 13. joulukuuta 2021 klo 0.28.41 UTC+2 [email protected] kirjoitti:Forwarding to the listSent from my Galaxy-------- Original message --------From: md <[email protected]> Date: 12/8/21 17:02 (GMT+02:00) To: "Lahtiharju, Pekka" <[email protected]>, Ben Wilson <[email protected]> Cc: "Liimatainen, Mika A." <[email protected]>, "Gholami, Ali" <[email protected]> Subject: RE: Public Discussion: Inclusion of Telia Root CA v2 Good day, PekkaLet’s focus on information directly relevant to this CA. As you already explained, "Telia" is just a trademark used by Telia Finland Oyj, which is the CA - a legal entity behind this root inclusion request.You have also clarified that Telia Finland Oyj has two (undisclosed) RAs and a number of so called affiliates. We still need to understand:1) How/if Telia Company AB is (Sweden) involved in Telia Finland Oyj’s CA/RA operations?2) does "Telia CA Policy Management Team" mean Telia Finland Oyj?3) what is "affiliate" in terms of specific CA/RA functions?Thanks,M.D.Sent from my Galaxy -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/3661305c-0adb-436d-a091-46234cb00a1dn%40mozilla.org. -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/61b86a16.1c69fb81.f026c.7fb4%40mx.google.com.
