Wayne Thayer於 2018年5月19日星期六 UTC+8上午8時13分15秒寫道: > This request is for inclusion of the Chunghwa Telecom eCA as documented in > the following bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1341604
> I’ve reviewed the CPS, BR Self Assessment, and related information for the > Chunghwa Telecom eCA inclusion request that is being tracked in this bug > and have the following comments: > > ==Good== > * Clean WebTrust & BR audit statements cover periods back to the creation > of this root in 2015. > * The CPSs properly document 825 day maximum validity periods, and change > logs were recently added. > > ==Meh== > * Both of the domain validation methods that will be deprecated on 1-August > are currently listed as in-use in the root CP/CPS > * CAA Issuer Domain Names are only specified in the root CP, in section > 1.3.2.2 rather than 2.2. > * For domain validation, each CPS does not state which subsection of BR > 3.2.2.4 it is complying with as recommended by our policy. > - Wayne > Dear Wayne, I attached current ePKI CP V1.6 as https://bugzilla.mozilla.org/attachment.cgi?id=8982747. ePKI Root CA (eCA) CPS version 1.5 as https://bugzilla.mozilla.org/attachment.cgi?id=8982748 ePKI EVSSL CA CPS version 1.2 as https://bugzilla.mozilla.org/attachment.cgi?id=8982749 PublicCA CPS Version 1.8 as https://bugzilla.mozilla.org/attachment.cgi?id=8982750 Both of the domain validation methods that will be deprecated on August 1 are not used now. Please see Section 3.2.5 of CPSs of two Sub-CAs. (ePKI EVSSL CA CPS version 1.2 and PublicCA CPS Version 1.8). For domain validation, Section 3.2.5 of these two CPSs state which subsection of BR 3.2.2.4 it is complying with as recommended by Mozilla Root Store Policy. As for CP and 3 CPS about CAA issuer domain names. Please see Section 1.3.2.2 and Section 4.2.1 of ePKI CP Version 1.6. Please see Section 2.2 of ePKI Root CA(eCA) CPS version 1.5. Please see Section 2.2 and Section 4.2.1.1 of ePKI EV SSL CA Version 1.2. Please see Section 2.2 and Section 4.2.1 of PublicCA CPS Version 1.8. Because our president of Data Communications Business Group, Chunghwa Telecom Co., Ltd. went abroad for three weeks. After he went back to Taiwan, he approved the reorganization of "Policy Management Committee" (See Section 1.3.1 of ePKI CP) on May 21. Policy Management Committee approved the amended CP and 3 CPSs on May 28. Thanks for your reviewing about CP and 3CPSs. Sincerely Yours, Li-chun _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
