In trying to validate the problem reporting e-mail address for https://crt.sh/?id=657220608, I grovelled through the CCADB CSV-o'-Doom (freshly downloaded for that "new CSV" smell <grin>), and the CPS link therein refers to http://grca.nat.gov.tw/download/GPKI_CP_eng_v1.7.pdf which, at the time of writing, is dated "January 31, 2013".
It also has no Section 1.5.2 (at all), and Section 1.4, "Contact Details", does not have any contact details in it, but merely refers the interested reader to http://grca.nat.gov.tw/, which... is in (I assume) Chinese, which I sadly cannot read. This all makes it rather difficult to report a key compromise, and I'd really appreciate it if (a) GRCA could fix this up ASAP, and (b) other CAs could cast an eye over their CPSes to make sure they're not six years out-of-date. - Matt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
