Re: Fwd: Re: CNNIC Root Inclusion

On Mar 29, 2:53 pm, Jean-Marc Desperrier <jmd...@gmail.com> wrote:
> Eddy Nigg wrote:
> > from the information I have fetched, partially from my
> > friends in China, there are adequate evidences which can prove that
> > the CNNIC has launched a series of actions, including but not limited
> > to installing adware/spyware on user's computers that cannot be
> > removed; hijacking DNS services, constructing phishing sites, tapping
> > on Internet transmissions.
>
> I hope those who want rejection of CNNIC can understand the only thing
> Mozilla wants to see is actual evidence, not any indirect report.
> Don't say "there are adequate evidences", just show them.
>
> Those indirect reports, and statement of distrust not backed by evidence
> actually *hurt* that cause, instead of helping it.
> That's because they reinforce the impression that Mozilla quite
> obviously currently has, which is that all those claims are not backed
> by anything concrete.
>
> About the adware/spyware installation, I have seen some reports based on
> the automatic inspection done by google tools that seemed to have
> something in them. So please, develop and build a strong case on that,
> just stop the indirect reports.
> Actual DNS hijacking proof could be useful also. Maybe I need a better
> explanation, but I don't believe that the kind of thing the already
> reported incident really shows.

On Mar 30, 7:33 am, Florian Weimer <f...@deneb.enyo.de> wrote:
> * Stephen Schultze:

> > I don't know how to parse your last sentence, but it is clear that
> > China/CNNIC has been hijacking DNS for years:
> >https://lists.dns-oarc.net/pipermail/dns-operations/2010-March/005270...
> >https://lists.dns-oarc.net/pipermail/dns-operations/2010-March/005273...
>
> And so what?
>
> Many network providers, including those running Mozilla-accredited
> CAs, perform DNS hijacking these days.  In fact, the whole
> DNS-redirection-for-ad-serving thing was made (un)popular by Verisign,
> of all companies.

I thank you all for notice for etiquette which surely I know. But
etiquette is only meant for reasonable people, not blindly arrogant
people. This discussion already showed to be meaningless by low-level
repeating of evidences and reasons which are ignored repeatedly. What
the fuck!

Please see what kind of responses the Mozilla security managers
provided to the users. They're not qualified, as I can see.

Don't ask me to follow fucking rules. The guys from Mozilla never
follow their rules.

On Mar 30, 4:19 pm, Erwann Abalea <erwann.aba...@keynectis.com> wrote:
> tophits a crit :

> Please, try to moderate yourself. "Evidence" here has to be taken as an opposite
> to "belief".
>
> I'm personally in favor of removing CNNIC Root CA from Mozilla's database, but I
> have to admit that rules have to be strictly followed by everybody, including
> people who wants to ban CNNIC.
>
> CNNIC Root inclusion process has followed the rules; maybe those were imperfect,
> surely those will improve.
>
> I also personally know Jean-Marc (since more than 20 years now), and can tell
> he's not any kind of "rubbish". If the right arguments can be advanced, he'll be
> conviced. I believe that's also true with a lot of regular contributors.
>
> Clearly, shouting louder than one other doesn't fall into the "right arguments"
> category.
>
> --
> Erwann

On Apr 8, 9:37 am, "Moudrick M. Dadashov" <m...@ssc.lt> wrote:
> Thanks Nelson, fully agree.
>
> M.D.
> Cell: +370-699-26662
> ----- Original message -----
> > On 2010/04/05 04:15 PDT, Moudrick M. Dadashov wrote:
>
> > > We have an applicant here and the forum is questioning his credibility.
> > > It is the obligation of applicant to respond. Obviously they even have a
> > > choice to comment directly here or send their answers to Mozilla. If
> > > they fail to do so that means there is no dialog between them and
> > > Mozilla. And as a result Mozilla probably could keep this application on
> > > hold.
>
> > I don't think the applicant is obliged to answer lots of accusation for
> > which no evidence is presented.  But I do agree that he/she would be
> > obliged to respond if real evidence was presented.
>
> > That is why I keep asking the accusers for real evidence.  The fact that
> > they never produce any, and instead keep making more unfounded accusations,
> > and making statements that suggest that they do not understand the
> > difference between evidence and accusation, only weakens their case.
>
> > This process has a finite lifetime.  Mozilla won't hold the application
> > indefinitely while people continue to bring nothing but accusations without
> > evidence.
>
> > So to all the accusers out there, stop ignoring the advice to come up with
> > evidence.
>
> > > This is not a chat room.
>
> > That's right, so let's keep unbounded amounts of unfounded and/or
> > irrelevant accusation out of this forum.
> > _______________________________________________
> > dev-security-policy mailing list
> > dev-security-pol...@lists.mozilla.org
> >https://lists.mozilla.org/listinfo/dev-security-policy

If I've made it harder for you "to complain/provide evidence about
CNNIC behaving badly", I'll make it even harder to fuck you all! :)

> I have to wonder, is this an actual Chinese protester, or someone
> trying to cement the idea that the protesters are all rabid lunatics
> who should be ignored because.. well they're rabid lunatics. Sadly I
> suspect stupidity explains this one and not malice. tophits: you
> realize you have made it that much harder for a future person to
> complain/provide evidence about CNNIC behaving badly (in other words
> you've really screwed yourself, or alternatively, mission accomplished
> and bravo if you're one of the bad guys). Wouldn't be the first time
> Chinese people have astro turfed/hacked/censored/etc. for the Chinese
> government.
>
> Food for thought anyways.
>
> -Kurt

On Apr 11, 2:12 pm, "Moudrick M. Dadashov" <m...@ssc.lt> wrote:
> Just look at the bugs that request root inclusion here you can find many examples.
>
> You will notice that quite often 'action item' is produced from the concrete inconsistencies between the CA's CP/CPS  and its real actions. However  sometimes an 'action item' doesn't need any evidences, if states some public concerns that the CA has to address.
>
> There are very experienced folks on this list, hopefully they can help you to properly present your specific cases.

> > What evidence will bring Mozilla to action?!
>
> > On Apr 10, 11:43 pm, "Moudrick M. Dadashov" <m...@ssc.lt> wrote:
> > > Hello FCK gfw,
>
> > > thanks for your feedback. I personally know your situation not from
> > > books or media, half of my life went under similar totalitarian regime.
>
> > > As you understand this is not international tribunal, discussions in
> > > this forum result either with 'green light' or action items.
>
> > > I'd suggest you focus on formulating concrete action items and try to
> > > collect as many supporters as you can. As some colleagues already noted
> > > Mozilla can't refuse CNIIC root inclusion just because many people think
> > >   they are "bad guys". I understand your frustration because providing
> > > evidences is a serious professional work. But producing some action
> > > items that would *require* some response/feedback from CNIIC is a much
> > > more realistic task.
>
> > > All the best,
> > > M.D.
> > > cell: +370-699-26662

On Apr 12, 9:44 am, cindy <cindy....@gmail.com> wrote:
> The comments are not the truth.
>
> 1.  In China, the classification of government, company, organization
> is different with US or other countries. CNNIC doesn't belong to
> government, but definitely will be ordered by Chinese government.
> However, which company will not affected by the local government?
> 2. Someone said CNNIC spread malware or unloaded IE toolbar. This is
> not the truth. CNNIC had offered a tool called "zhongwenshangwang" to
> help Chinese people to get to the website they want with Chinese
> easily fot them to remember. This tool is not a malware and this had
> been confirmed by the Court. CNNIC has the official judgment.
> 3. CNNIC never hijacking the internet user's information or password
> or account. CNNIC is responsible for the registration and management
> of .cn. They didn't use any tool or software to hijacking someone's
> computer. The web server certificates issued by CNNIC are followed CPS
> and CP, and the whole procedures are audited by the third party. It is
> the website manager decides whether to use CNNIC certificate or not.
> CNNIC don't force people to use our certificate. So how can they bring
> the users risks?
> 4. In China, DNS service is not only offered by CNNIC, but also many
> ISPs, including China Telecom and many big companies. It is not
> possible for CNNIC to hijacking all users' DNS. And as an organization
> of the Chinese domain name's provider, CNNIC has responsibilities to
> maintain and control the internet order. CNNIC is the Secretariat of
> APAC (Anti-Phishing Alliance of China). When CNNIC receive the user's
> allegation on phishing website, thet will immediately investigate. And
> will soon close it if it is a phishing website. So far, CNNIC has
> closed many phishing websites. Why they forge a certificate or make a
> MITM attack?