Peter Bowen於 2016年9月20日星期二 UTC+8下午11時53分29秒寫道:
> On Fri, Sep 16, 2016 at 2:00 PM, Kathleen Wilson <kwil...@mozilla.com> wrote:
> >
> > * CA Hierarchy: Diagram of CA Hierarchy: http://grca.nat.gov.tw/
> > All subordinate CAs are operated by Taiwan Government organizations.
> > GCA is responsible for signing certificates for government agencies. This 
> > is the only intermediate cert that can issue SSL certs.
> > XCA is responsible for signing certificates for organizations;
> > MOICA is responsible for signing certificates for citizens;
> > MOEACA is responsible for signing certificates for corporations; and
> > HCA is responsible for signing certificates for health agencies.
> >
> > * Audit: Annual audits are performed by KPMG according to the WebTrust 
> > criteria.
> > WebTrust CA: https://cert.webtrust.org/SealFile?seal=2050&file=pdf
> > WebTrust BR: https://cert.webtrust.org/SealFile?seal=2051&file=pdf
> 
> I'm having trouble matching up the audits with the subordinate CAs.
> There are two different CAs with the same Distinguished Name but
> different SubjectPublicKeyInfo and KeyIDs (https://crt.sh/?caid=186
> and https://crt.sh/?caid=1330) which makes it trickier than normal,
> but either way I'm not seeing all of these subordinates covered in the
> audit reports.  Can someone please provide a link to each audit report
> for each subordinate?
> 
> Thanks,
> Peter

GRCA WebTrust CA 
(http://grca.nat.gov.tw/download/Audit/GRCA_Audit_Report_2016.pdf)

GCA WebTrust CA (http://grca.nat.gov.tw/download/Audit/GCA_WTCA_Report_2016.pdf)
GCA BR (http://grca.nat.gov.tw/download/Audit/GCA_BR_Audit_Report_2015.pdf)

XCA WebTrust CA (http://grca.nat.gov.tw/download/Audit/XCA_Report_2016.pdf)

HCA WebTrust CA 
(http://grca.nat.gov.tw/download/Audit/HCA_WTCA_Audit_Report_2015.pdf)

MOEACA WebTrust CA 
(http://grca.nat.gov.tw/download/Audit/MOEACA_Audit_Report_2015.pdf)

MOICA WebTrust CA 
(http://grca.nat.gov.tw/download/Audit/MOICA_Audit_Report_2015.pdf)


National Development Council (TW)
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to