[cabfpub] Discussion relate to "Government CA"

张翼 zhangyi at cfca.com.cn
Thu Jul 16 06:32:05 UTC 2015


Hello everyone:

 

Below are contents from “2015-05-14 Minutes"

 

“

1.      Membership Application, China Financial Certification Authority: We
have received an application CFCA. IPR was signed and they appear to meet
all the CA membership criteria. Dean to double check with the applicant to
make sure the signed is authorized to sign on behalf of the company.
Otherwise, the application was conditionally approved.  Mat asked if there
was a relationship between this entity and the Chinese Government and
wondered if there were other Government owned CAs in the Forum. Atilla said
that the Government CA of Turkey under Tubitak, is a Government owned CA.
Mat thought it might be helpful to put those CAs in another category. Dean
said Izenpe is also owned by the Spanish Government. Gerv asked if CFCA were
a Government CA, would we treat their application differently?  The answer
from the floor was no. There is nothing in the bylaws that state that. Mat
said it would be helpful to understand which companies are public and which
are owned by Governments. Especially when security incidents occur, private
companies may be motivated to act differently. Dean suggested we discuss
this further on another call or F2F meeting and we approve this request as
is. Kirk suggested we ask in our application whether or not it is a
Government applicant. Gerv said it isn’t relevant to their application and
we should not ask it there. A discussion ensued on who audits Government CAs
because sometimes it’s not a 3rd party auditor but ended w/o conclusion.
Mat said the cross signing habits of Government CAs and Company CAs are
different and this should be noted for the browsers when managing the risk.

“

 

This Minutes have discussions relate to "Government CA", Mat said "it would
be helpful to understand which companies are public and which are owned by
Governments. Especially when security incidents occur, private companies may
be motivated to act differently." "the cross signing habits of Government
CAs and Company CAs are different and this should be noted for the browsers
when managing the risk."

 

Let me clarify , CFCA is NOT a government CA.

 

Chinese government have a list of companies directly controlled by
government, CFCA is not among them.

The Chinese company name of our company is "中金金融认证中心", we can't use
"中国"(China) in the Chinese company name registration because we are not
a government company.

China have over 7 million government-employee or so called "civil servant",
none of them work in CFCA, or in charge of CFCA.

CEO of CFCA, Ji XiaoJie, is not designated by Chinese government, none of
CFCA's employee or director is designated by Chinese government.

CFCA is not cross signed with any other CA or government department, or
government CA, actually CFCA is not cross signed with anyone, and have no
plan of doing so.

 

If need more proof or discussion we can put this into next conference. 

 

how do we define "Government CA"?

In China, Some CAs are Subordinate to Chinese government department and
their CEO are designated by Chinese Government, I won't object if you guys
want to define those CA as government CA.  But CFCA is not like that.

 

Mat said  " Government CAs and Company CAs are different and this should be
noted for the browsers when managing the risk."

I'm not sure if this is the reason why apple do not process our EV root
certificate inclusion application(We have no such problem with Microsoft,
Mozilla and Google), is there a "government CA" mark on our company name?

Mat give me a feeling that apple may think so-called "Government CA" is
ready to do dirty work, and ready to cover it up if incident happens. In
this case, been treated as a "Government CA" is not fair.

(please remind me if this is not appropriate to discuss in forum mail-list)

 

 

Zhang Yi

Business Research Competent

China Financial Certification Authority 

Business Department

 

Address: Bldg. 2, #20, 14th Kechuang street, YiZhuang
Economic-Technological Development Zone,Daxing District,Beijing , P. R.
China

Postcode: 100176

TEL: +86 010-58903555

Mobile: +86 18510280028

Email:  <mailto:zhangyi at cfca.com.cn> zhangyi at cfca.com.cn

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150716/9fceaefa/attachment-0002.html>


More information about the Public mailing list