*Chunghwa Telecom* This is to announce the beginning of the public discussion phase of the Mozilla root CA inclusion process for Chunghwa Telecom’s request to include the HiPKI Root CA - G1 Certificate in the root store as an TLS/SSL-only root CA. See https://wiki.mozilla.org/CA/Application_Process#Process_Overview, (Steps 4 through 9).
Mozilla is considering approving Chunghwa Telecom’s request to add the root as a trust anchor with the websites trust bit and EV enabled as documented in Bugzilla bug #1563417 <https://bugzilla.mozilla.org/show_bug.cgi?id=1563417>. This email begins the 3-week comment period, after which, if no concerns are raised, we will close the discussion and the request may proceed to the approval phase (Step 10). *A Summary of Information Gathered and Verified appears here in the CCADB:* https://ccadb-public.secure.force.com/mozilla/PrintViewForCase?CaseNumber=00000491 *HiPKI Root CA - G1 *is valid from 2/22/2019 to 12/31/2037 SHA2 Certificate Hash: F015CE3CC239BFEF064BE9F1D2C417E1A0264A0A94BE1F0C8D121864EB6949CC https://crt.sh/?id=1639768443 *Root Certificate Download:* http://eca.hinet.net/download/HRCA.cer (DER) http://eca.hinet.net/download/HRCA_b64.crt (PEM) *CP/CPS:* Effective June 17, 2021, the current CP and CPSes for the Chunghwa’s HiPKI Root CA - G1 Certificate are: http://eca.hinet.net/download/HiPKI-CP-v1.15-en.pdf; http://eca.hinet.net/download/HiPKI-RCA-CPS-v1.16-en.pdf; and http://eca.hinet.net/download/HiPKI-EV-TLSCA-CPS-v1.16-en.pdf. Repository location: https://eca.hinet.net/repository-h/en/index.htm *Test Websites:* https://good.hipkig1ev.hinet.net https://revoked.hipkig1ev.hinet.net https://expired.hipkig1ev.hinet.net *BR Self Assessment* (Excel) is located here: https://bugzilla.mozilla.org/attachment.cgi?id=9075869 *Audits:* Annual audits are performed by Sunrise CPAs / DFK International. The most recent audits received by Mozilla were for the period ending May 31, 2020, and performed according to WebTrust audit criteria -- Standard, Baseline Requirements and EV Guidelines. WebTrust seals were issued. See here: https://tls.hinet.net/. We expect to be receiving the 2021 WebTrust audit reports soon. *Incident Reports / Mis-Issuances * *The following bugs/incidents involving Chunghwa Telecom have been reported and closed. * Bug 1532436 <https://bugzilla.mozilla.org/show_bug.cgi?id=1532436> - Test certificate with unregistered domain name No misissuances were found under this root, and certificates issued under it have passed testing. I have no further questions or concerns at this time, however I urge anyone with concerns or questions to raise them on this list by replying under the subject heading above. A representative of Chunghwa Telecom must promptly respond directly in the discussion thread to all questions that are posted. Again, this email begins a three-week public discussion period, which I’m scheduling to close on August 24, 2021. Sincerely yours, Ben Wilson Mozilla Root Program -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaYgXqK3Upt%2BPxy7w3dZUOkW7JL%2BG7BBLNGbwxK1yMYJBg%40mail.gmail.com.
