Public Discussion of BJCA's CA inclusion request

440 views
Skip to first unread message

Ben Wilson

unread,
Nov 30, 2022, 12:55:13 PM11/30/22
to dev-secur...@mozilla.org
All,
A six-week public discussion of BJCA's CA inclusion request has begun on the CCADB Public List: 
Thanks,
Ben

Kurt Seifried

unread,
Nov 30, 2022, 3:13:02 PM11/30/22
to Ben Wilson, dev-secur...@mozilla.org
The second google result I got was:


Which links to the original report:


Insikt Group independently verified that the installed application exhibits characteristics consistent with potentially unwanted applications (PUA) and spyware. The software is associated with the Beijing Certificate Authority (北京数字认证股份有限公司), which is a Chinese state-owned enterprise (BJCA, www.bjca[.]cn).

So a good start might be having someone from bjca.cn explain their relationship with PUAspyeware apps in China. 



--
You received this message because you are subscribed to the Google Groups "dev-secur...@mozilla.org" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dev-security-po...@mozilla.org.
To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaZZr-p2GW9fe1pcPyB7ALj2S7Xn37UuineVuBLkV9Z1JA%40mail.gmail.com.


--
Kurt Seifried (He/Him)
ku...@seifried.org

Kurt Seifried

unread,
Nov 30, 2022, 4:34:52 PM11/30/22
to Ben Wilson, dev-secur...@mozilla.org
Also a second question: are there any examples of people/orgs using this CA? It's trusted in the 360 browser and Adobe (https://crt.sh/?q=BJCA) but I can't find any examples of certificates.

John Han (hanyuwei70)

unread,
Dec 16, 2022, 5:10:39 AM12/16/22
to dev-secur...@mozilla.org, ku...@seifried.org, dev-secur...@mozilla.org, bwi...@mozilla.com

Quickly reviewed their site, they are focused in digital signature, key management and crypto hardware. Public-trusted certificate are little known to public.
Reply all
Reply to author
Forward
0 new messages