在 2016年10月21日星期五 UTC+8上午12:15:00,Han Yuwei写道:
Thanks again for Yuwei to list the major differences between the Chinese version and the English version.
>1.1.2
>Para.2 have a link
http://www.gdca.com.cn/TrustAUTH/ returned 404 at 20OCT2016 13:50Z, so I can't verify the CP.
>Chinese version missed the detail of Object identifier section
The link is now
http://www.gdca.com.cn/cp/cp
>1.1.3
>Chinese version: Currently, GDCA has 6 root certificates, including ROOTCA (RSA), GDCA ROOT CA, ROOTCA(SM2), GDCA TrustAUTH R5 ROOT, 数安时代 R5 ROOT (CN is Chinese), GDCA TrustAUTH E5 ROOT
>1) About GDCA TrustAUTH R2 CA which will expire at 15DEC2018, from 15DEC2016, GDCA will no longer use it to issue subscriber certificates.
>2) GDCA ROOT CA will expire on 11DEC2024.
>4) GDCA TrustAUTH R5 would issue EV certficates
>4) 5) 6) section is totally different from English version. I can't translate it all.
The 4) section is about the GDCA TrustAUTH R5 ROOT and sub-CAs
The 5) section is about the 数安时代 R5 ROOT and sub-CAs
The 6) section is about the GDCA TrustAUTH E5 ROOT and sub-CAs
>1.2
>Chinese version missed the OID section.
1.2. Document Name and Identification
In this document called "Global Digital Cybersecurity Authority CO., LTD. Certification Practice Statement" (abbreviated as “GDCA CPS”), CPS is equivalent to the document name and applicable name defined in this section.
The object identifier (OID) of certificates applied to the project of Hong Kong-Guangdong mutual recognition in this CPS are consistent with "Certificate Policy for Hong Kong-Guangdong mutual recognition of electronic signature certificates” while other are consistent with “GDCA Certificate Policy” (abbreviated as “GDCA CP”).
>3.2 is totally a mess.
The 3.2 section of the Chinese version is different from the English version now. Please see it in the new English version next week.
>Appendix:
>GDCA TrushAUTH R4 EV SSL CA & GDCA TrustAUTH R4 EV CodeSigning CA's information will be discloused in GDCA EV CPS
>GDCA TrustAUTH R4 IV SSL CA (SHA1=78AEA851A31B0F049AF02CD0F2AD9140604FA7A3)
>GDCA TrustAUTH R4 DV SSL CA (SHA1=30184A5B924E679E7A91329317D0560F587E697B)
>GDCA TrustAUTH R4 Primer CA (SHA1=14C2B33BBF6EBD84FCA7015413EBD0433E171A98)
>some Chinese CN CAs
>some E5 CAs
GDCA TrustAUTH R5 ROOT SHA1 digest = 0f 36 38 5b 81 1a 25 c3 9b 31 4e 83 ca e9 34 66 70 cc 74 b4
GDCA TrustAUTH R4 EV SSL CA See “GDCA EV CPS”
GDCA TrustAUTH R4 EV CodeSigning CA See “GDCA EV CPS”
GDCA TrustAUTH R4 OV SSL CA SHA1 digest = c3 4a d6 45 d5 79 1c 5f 22 e7 33 d7 53 47 08 15 85 75 6c 2d
GDCA TrustAUTH R4 IV SSL CA SHA1 digest = 78 ae a8 51 a3 1b 0f 04 9a f0 2c d0 f2 ad 91 40 60 4f a7 a3
GDCA TrustAUTH R4 DV SSL CA SHA1 digest = 30 18 4a 5b 92 4e 67 9e 7a 91 32 93 17 d0 56 0f 58 7e 69 7b
GDCA TrustAUTH R4 CodeSigning CA SHA1 digest = fc 6d cb 06 a5 5b ff 76 83 64 27 5b 29 d6 4f 7c 3a a9 cf b4
GDCA TrustAUTH R4 Generic CA SHA1 digest =6f ed 83 eb e1 83 cc 71 d0 ed e1 2a e8 77 e0 df 98 96 1f 24
GDCA TrustAUTH R4 Primer CA SHA1 digest =14 c2 b3 3b bf 6e bd 84 fc a7 01 54 13 eb d0 43 3e 17 1a 98
2 New Root:
数安时代R5根CA证书 SHA1 digest = 23 eb 1b a4 64 71 a1 e7 e9 f2 db 57 01 fe f8 f2 f8 0c aa e9
数安时代R4 EV 服务器 See “GDCA EV CPS”
数安时代R4 OV 服务器证书 CA SHA1 digest = 93 92 5b 05 17 30 05 86 fd 2c 45 eb 18 6e 00 9e b9 75 a5 d0
数安时代R4 IV 服务器证书 CA SHA1 digest = 10 b8 fb 9a d2 50 32 6a ee fb 05 ad da 9d 3a 2b bb bd 5d bf
数安时代R4 DV 服务器证书 CA SHA1 digest = 01 ad 04 cd e1 05 56 23 4a f6 6f a0 e6 64 f3 a6 18 80 4d f5
数安时代R4 代码签名证书 CA SHA1 digest = 4f be 54 bc 70 8e b1 2a 11 86 dd 79 aa ff e7 95 f8 ad c6 e9
数安时代R4 普通订户证书 CA SHA1 digest = 07 33 29 cb 53 b1 86 36 25 38 1b fb 48 a0 43 a7 b1 fe 28 6f
数安时代R4 基础订户证书 CA SHA1 digest = e5 da 52 2d 5f 38 7a 6e 72 49 5e 66 a4 be ba 0f 24 f2 59 dc
GDCA TrustAUTH E5 ROOT SHA1 digest = eb 46 6c d3 75 65 f9 3c de 10 62 cd 8d 98 26 ed 23 73 0f 12
GDCA TrustAUTH E4 EV SSL CA See “GDCA EV CPS”
GDCA TrustAUTH E4 OV SSL CA SHA1 digest = 50 15 62 d8 1b a2 40 27 1b ee 06 d2 b3 7f 5b 35 cb 9d 8c b8
GDCA TrustAUTH E4 IV SSL CA SHA1 digest = a8 45 2b fc 20 f9 de b6 9b 8b 3f 29 73 e0 a3 b3 6f 82 eb 5b
GDCA TrustAUTH E4 DV SSL CA SHA1 digest = 8e 9b 9a db f5 ec c4 6b 05 76 82 2e de 5e 80 d1 57 6b 5d 7c
GDCA TrustAUTH E4 CodeSigning CA SHA1 digest = 10 6a 4e 5d ca 05 92 28 e4 ff 89 52 66 53 a4 64 7d 57 ee 63
GDCA TrustAUTH E4 Generic CA SHA1 digest = fd 63 ba 6e e7 89 f6 0a 16 72 b5 b3 3a 29 7d 71 71 65 54 ee
GDCA TrustAUTH E4 Primer CA SHA1 digest =5f 42 a4 4d c8 ca 12 df ae 1c 29 92 1f 47 3e 3b be 8b d4 2c
There are also other changes:
Section 1.4.1.6. CP Object Identifiers of Certificates
Type I individual certificate policy: (1.2.156.112559.1.1.1.1)
Type II individual certificate policy: (1.2.156.112559.1.1.1.2)
Type III individual certificate policy: (1.2.156.112559.1.1.1.3)
Type IV individual certificate policy: (1.2.156.112559.1.1.1.4)
Type III organization certificate policy: (1.2.156.112559.1.1.2.1)
Type IV organization certificate policy: (1.2.156.112559.1.1.2.2)
Equipment certificate policy: (1.2.156.112559.1.1.3.1)
OV SSL server certificate policy: (1.2.156.112559.1.1.4.1)
IV SSL server certificate policy: (1.2.156.112559.1.1.4.2)
DV SSL server certificate policy: (1.2.156.112559.1.1.4.3)
EV SSL server certificate policy: (1.2.156.112559.1.1.6.1)
General CodeSigning certificate policy: (1.2.156.112559.1.1.5.1)
EV CodeSigning certificate policy: (1.2.156.112559.1.1.7.1)
Hong Kong-Guangdong mutual recognition individual certificates: 2.16.156.339.1.1.1.2.1
Hong Kong-Guangdong mutual recognition organization certificates: 2.16.156.339.1.1.2.2.1
Section 1.5.2. Contact Person
Contact: Ms Wang