Peter Bowen於 2016年9月20日星期二 UTC+8下午11時53分29秒寫道: > On Fri, Sep 16, 2016 at 2:00 PM, Kathleen Wilson <[email protected]> wrote: > > > > * CA Hierarchy: Diagram of CA Hierarchy: http://grca.nat.gov.tw/ > > All subordinate CAs are operated by Taiwan Government organizations. > > GCA is responsible for signing certificates for government agencies. This > > is the only intermediate cert that can issue SSL certs. > > XCA is responsible for signing certificates for organizations; > > MOICA is responsible for signing certificates for citizens; > > MOEACA is responsible for signing certificates for corporations; and > > HCA is responsible for signing certificates for health agencies. > > > > * Audit: Annual audits are performed by KPMG according to the WebTrust > > criteria. > > WebTrust CA: https://cert.webtrust.org/SealFile?seal=2050&file=pdf > > WebTrust BR: https://cert.webtrust.org/SealFile?seal=2051&file=pdf > > I'm having trouble matching up the audits with the subordinate CAs. > There are two different CAs with the same Distinguished Name but > different SubjectPublicKeyInfo and KeyIDs (https://crt.sh/?caid=186 > and https://crt.sh/?caid=1330) which makes it trickier than normal, > but either way I'm not seeing all of these subordinates covered in the > audit reports. Can someone please provide a link to each audit report > for each subordinate? > > Thanks, > Peter
GRCA WebTrust CA (http://grca.nat.gov.tw/download/Audit/GRCA_Audit_Report_2016.pdf) GCA WebTrust CA (http://grca.nat.gov.tw/download/Audit/GCA_WTCA_Report_2016.pdf) GCA BR (http://grca.nat.gov.tw/download/Audit/GCA_BR_Audit_Report_2015.pdf) XCA WebTrust CA (http://grca.nat.gov.tw/download/Audit/XCA_Report_2016.pdf) HCA WebTrust CA (http://grca.nat.gov.tw/download/Audit/HCA_WTCA_Audit_Report_2015.pdf) MOEACA WebTrust CA (http://grca.nat.gov.tw/download/Audit/MOEACA_Audit_Report_2015.pdf) MOICA WebTrust CA (http://grca.nat.gov.tw/download/Audit/MOICA_Audit_Report_2015.pdf) National Development Council (TW) _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
