On Fri, Sep 16, 2016 at 2:00 PM, Kathleen Wilson <[email protected]> wrote: > > * CA Hierarchy: Diagram of CA Hierarchy: http://grca.nat.gov.tw/ > All subordinate CAs are operated by Taiwan Government organizations. > GCA is responsible for signing certificates for government agencies. This is > the only intermediate cert that can issue SSL certs. > XCA is responsible for signing certificates for organizations; > MOICA is responsible for signing certificates for citizens; > MOEACA is responsible for signing certificates for corporations; and > HCA is responsible for signing certificates for health agencies. > > * Audit: Annual audits are performed by KPMG according to the WebTrust > criteria. > WebTrust CA: https://cert.webtrust.org/SealFile?seal=2050&file=pdf > WebTrust BR: https://cert.webtrust.org/SealFile?seal=2051&file=pdf
I'm having trouble matching up the audits with the subordinate CAs. There are two different CAs with the same Distinguished Name but different SubjectPublicKeyInfo and KeyIDs (https://crt.sh/?caid=186 and https://crt.sh/?caid=1330) which makes it trickier than normal, but either way I'm not seeing all of these subordinates covered in the audit reports. Can someone please provide a link to each audit report for each subordinate? Thanks, Peter _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
