Apple, Google, Mozilla, Opera, what are you afraid of?
January 28, 2023

Update on January 31:

The author sent an email to the CA - SwissSign, which voted "No", and the reply from the company's information security manager surprised me!

[The decision to vote "no" on this ballot was discussed internally with all relevant stakeholders and it was an intense and close discussion. In the end our decision was reached and communicated also in light of the fact that SwissSign does not believe to do business in China in the recognizable future.]

Is this also the reason? Voting should be based on the Bylaw of CA/Browser Forum and the Charter of Server Certificate Work Group, but this CA actually votes based on its own interests! Is this the "Respect for rules" and "Spirit of Contract" advertised by the West? !

Not only is it unjustifiable from a legal point of view, but the manager does not understand the CA business at all. If your company does not do business in China, it does not mean that your customers do not do business in China! If ZT Browser distrusts your root certificate, then your customer's website will all be displayed as "Not secure", it's not as simple as whether your company does business in China or not!

And, one of the browsers voted "no" because his leader asked him to vote like this. This is also not "Respect for rules", but "Respect for the leader". It feels that the culture of the East and the West is completely reversed now!

ZT Browser will definitely have equivalent countermeasures in the next version released.

ZT Browser has been downloaded and used by users from more than 100 countries and regions since the public beta version was released on June 1 last year. Since it is so popular, the author decided to apply to become a member of an international organization - CA/Browser Forum as Certificate Consumer (Application Software Supplier). Therefore, on behalf of the company, the author applied for membership on November 24, 2022. The application discussion on the conference call on December 9 failed, and one member said that more time was needed for evaluation. On January 6, 2023, the meeting discussed our application again, but still have some members disagree, so a public ballot is required according to the Charter. On January 6, Aaron Gable of ISRG/Let's Encrypt initiated a ballot and was endorsed by Tobias Josefowitz of Opera and Tim Hollebeek of DigiCert, the public discussion period is determined to be two weeks (3:00 on January 6th to 3:00 on January 20th) (the time referred to in this article is China time). The 7-day voting period (7:00 on January 21 to 7:00 on January 28) has entered on January 21, which happens to be the 7-day holiday of the Chinese New Year, which is a bit of a coincidence.

The statistical result after the voting end at 7 o'clock this morning is “fail”, because the four browsers: Apple, Google, Mozilla, Opera voted “no”. The benefits of voting are open and transparent, so that applicant can clearly know who is opposing. Through this result is what the author has guessed, but the author still wants to ask: Apple, Google, Mozilla, Opera, what are you afraid of? Is it afraid that a browser from China has the right to vote in international standards organization?

Since the browser has a strong position in the CA/Browser Forum, it is very easy for other browsers to apply for joining before ZT Browser. If the application is made, the application in discussion at the first meeting will be passed. However, the first discussion of ZT Browser failed, and the second discussion failed, so it had to initiate a vote according to the Charter, but still failed, because it requires at least one current browser member to vote “yes”, but unfortunately no! The author wants to ask again: Apple, Google, Mozilla, Opera, what are you afraid of? Can you openly respond to why you voted no?

ZT Browser is applying to become a certificate consumer member of the CA/Browser Forum, that is, a member of the browser side, hoping to become a member like Apple, Google, Mozilla, Opera, Microsoft with voting rights for the formulation of CA international standards, because the current CA/Browser Forum does not have a browser member who understands CA business and CA needs, and does not have a browser member who is friendly to CAs, which leads to this international organization serious inequality, CAs are in a seriously weak position in this organization, which is not conducive to the healthy development of this international organization.

Let me share some insider information about the voting process here.

  • After one browser voted “no”, I sent a private email to the voter: Can you tell me the reason why your browser voted “no”? Because I am very familiar with this voter, the author participated in 11 face-to-face meetings of the CA/Browser Forum as an CA member before, and specially entertained all the participants to visit the Forbidden City and the Great Wall when hosting the CAB Forum meeting in Beijing, so he kindly told me this is the Company leader asked him to vote “no”. And I asked another browser voter I am not familiar with and didn't receive a reply.
  • One CA voter that voted “abstain” said: The purpose of a membership ballot is to discuss and clarify whether the membership criteria are met. But I find it unfortunate that no substantive discussion has occurred and that CAs and Browsers appear to be split on this important issue and believes if the application is to be denied, it is important that appropriate reasoning and rationale be provided as part of the public record.
  • Another CA voter that voted “abstain” said: We agree with “the above CA” that it is unfortunate that no substantive discussion has taken place on this matter. In particular, we would be very interested in understanding the reason behind the "no" votes. [Author's Note: This is also what I want to know]
  • There is also a CA voter that voted “abstain” said: We consider positive the mix of CAs of different jurisdictions and profiles, and the same for cert consumers… but we don’t feel having enough information to express a positive or negative vote. [Author's Note: There are 6 CA members from China].
  • The opinions of the other CAs that voted “yes” are: There does not appear to be any reason to reject the application per the Server Certificate Working Group (SCWG) Charter.

Finally, let me share with you the canvassing email that the author wrote at the start of the voting discussion period on January 6. Please be sure to read the third reason for Chinese readers.

From: Richard Wang
Sent: Friday, January 6, 2023 10:07 AM
To: 'Dean Coclin'
Cc: 'CABforum4'
Subject: RE: [cabfquest] Membership Application of ZT Browser

Hello Dean and Members,

Very thanks for your effort for my company’s application.

I wish to be a membership become I love CABF since I joint this organization in 2013, this is the best international organization in the world that every member work hard to do the best to make the Internet more secure.

So, I sincerely invite you to vote “YES”, thanks.

Here are the reasons:

(1) ZT Browser is the only one that keep the EV green bar, this is the first feature. I know all CA love it once I decided to make a browser. Everyone can get this love from the blog: https://pkic.org/2019/08/27/why-are-you-removing-website-identity-google-and-mozilla/ wrote by Kirk Hall (Entrust), Tim Callan (Sectigo). We believe that website identity is same important as encryption.

We think Internet users must have the freedom of choice to love EV green bar or NOT, but current situation is NO choice, this is not good.

Vote ZT Browser is to vote the Choice!

(2) ZT Browser believe the website security not only just encryption, and not only the identity, but also need protection. This is why we display the WAF protection icon (F) in the address bar. This also is the unique one in all current browsers.

We think Internet users must have the right to know if the website they are visiting have security protection to give them confidence for surfing.

Vote ZT Browser is to vote the Right!

(3) ZT Browser is the unique one that support China algorithm SM2 SSL certificate and SM2 Certificate Transparency, SM2 algorithm support is the compliance requirement of China Cryptography Law since ZT Browser made in China. All website using SM2 SSL certificate for https encryption display the special icon ( sm2 ) in the address bar.

We think all browsers will support SM2 algorithm in the future since it is not only required in China market, but it also an approved algorithm by ISO/IEC. CA/B Forum need a browser member that support SM2 algorithm for Internet user’s choice and for trial for all browsers.

Vote ZT Browser is to vote the Future!


Thanks for your love! Have a bright new year!

Best Regards,

Richard Wang

ZT Browser Chief Architecture
CEO & CTO
ZoTrus Technology Limited

Click here to download this blog post (PDF format, digital signed and timestamped with global trust and global legal effect, all rights reserved, plagiarism must be punished! Reprint this article, please indicate: Reprinted from ZoTrus CEO Blog)