All, This is a reminder that the public discussion period on the inclusion application of TWCA will close on Monday June 3, 2024.
Thank you -Chris, on behalf of the CCADB Steering Committee On Mon, Apr 22, 2024 at 9:25 AM Chris Clements <[email protected]> wrote: > All, > > This email commences a six-week public discussion of TWCA’s request to > include the following two (2) certificates as publicly trusted root > certificates in one or more CCADB Root Store Member’s program. This > discussion period is scheduled to close on June 3, 2024. > > The purpose of this public discussion process is to promote openness and > transparency. However, each Root Store makes its inclusion decisions > independently, on its own timelines, and based on its own inclusion > criteria. Successful completion of this public discussion process does not > guarantee any favorable action by any Root Store. > > Anyone with concerns or questions is urged to raise them on this CCADB > Public list by replying directly in this discussion thread. Likewise, a > representative of the applicant must promptly respond directly in the > discussion thread to all questions that are posted. > > CCADB Case Number: 00001244 > <https://ccadb.my.salesforce-sites.com/mozilla/PrintViewForCase?CaseNumber=00001244> > > Organization Background Information (listed in CCADB): > > - > > CA Owner Name: TWCA > - > > Website: https://www.twca.com.tw/ > - > > Address: Customer Service Center, 10th Floor, 85 Yen-Ping South Road, > Taipei, Taiwan 100, Taiwan (Republic of China) > - > > Problem Reporting Mechanisms: [email protected] > - > > Organization Type: Public Corporation > - > > Repository URL: https://www.twca.com.tw/repository?lang=en > > Certificates Requested for Inclusion: > > 1. > > TWCA CYBER Root CA (included in case 00001244 > > <https://ccadb.my.salesforce-sites.com/mozilla/PrintViewForCase?CaseNumber=00001244> > ): > - > > Certificate download links: (CA Repository > <https://itax.twca.com.tw/cacert/TWCA_Cyber_RCA_cert.zip>, crt.sh > > <https://crt.sh/?q=3F63BB2814BE174EC8B6439CF08D6D56F0B7C405883A5648A334424D6B3EC558> > ) > - > > Use cases served/EKUs: > 1. > > Server Authentication (TLS) 1.3.6.1.5.5.7.3.1 > - > > Test websites: > 1. > > Valid: https://cyberevnormal.twca.com.tw/ > 2. > > Revoked: https://cyberevrevoked.twca.com.tw/ > 3. > > Expired: https://cyberevexpired.twca.com.tw/ > 2. > > TWCA Global Root CA G2 (included in case 00001244 > > <https://ccadb.my.salesforce-sites.com/mozilla/PrintViewForCase?CaseNumber=00001244> > ): > - > > Certificate download links: (CA Repository > <https://itax.twca.com.tw/cacert/TWCA_Global_RCA_G2_cert.zip>, > crt.sh > > <https://crt.sh/?q=3A0072D49FFC04E996C59AEB75991D3C340F3615D6FD4DCE90AC0B3D88EAD4F4> > ) > - > > Use cases served/EKUs: > 1. > > Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4 > 2. > > Client Authentication 1.3.6.1.5.5.7.3.2 > 3. > > Document Signing AATL 1.2.840.113583.1.1.5 > 4. > > Time Stamping 1.3.6.1.5.5.7.3.8 > - > > Test websites: N/A > > Existing Publicly Trusted Root CAs from TWCA: > > 1. > > TWCA Global Root CA: > > > - > > Certificate download links: (CA Repository > <http://itax.twca.com.tw/cacert/global_root_2012.crt>, crt.sh > > <https://crt.sh/?q=59769007F7685D0FCD50872F9F95D5755A5B2B457D81F3692B610A98672F0E1B> > ) > - > > Use cases served/EKUs: > - > > Server Authentication (TLS) 1.3.6.1.5.5.7.3.1 > - > > Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4 > - > > Client Authentication 1.3.6.1.5.5.7.3.2 > - > > Document Signing AATL 1.2.840.113583.1.1.5 > - > > Time Stamping 1.3.6.1.5.5.7.3.8 > - > > Certificate corpus: here > > <https://search.censys.io/search?resource=certificates&q=59769007f7685d0fcd50872f9f95d5755a5b2b457d81f3692b610a98672f0e1b+and+labels%3Dever-trusted> > (Censys login required) > - > > Included in: Apple, Chrome, Microsoft, and Mozilla > > > 2. > > TWCA Root Certification Authority: > > > - > > Certificate download links: (CA Repository > <http://itax.twca.com.tw/cacert/root2048.crt>, crt.sh > > <https://crt.sh/?q=BFD88FE1101C41AE3E801BF8BE56350EE9BAD1A6B9BD515EDC5C6D5B8711AC44> > ) > - > > Use cases served/EKUs: > - > > Server Authentication (TLS) 1.3.6.1.5.5.7.3.1 > - > > Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4 > - > > Client Authentication 1.3.6.1.5.5.7.3.2 > - > > Document Signing AATL 1.2.840.113583.1.1.5 > - > > Time Stamping 1.3.6.1.5.5.7.3.8 > - > > Certificate corpus: here > > <https://search.censys.io/search?resource=certificates&q=bfd88fe1101c41ae3e801bf8be56350ee9bad1a6b9bd515edc5c6d5b8711ac44+and+labels%3Dever-trusted> > (Censys login required) > - > > Included in: Apple, Chrome, Microsoft, and Mozilla > > Relevant Policy and Practices Documentation: > > The following CP applies to both applicant root CAs: > > - > > > > https://www.twca.com.tw/upload/saveArea/filePage/20230822/bcc9c65cda1a48378bea750a4d744fc3/bcc9c65cda1a48378bea750a4d744fc3.pdf > > > > The following CPS applies to TWCA CYBER Root CA: > > - > > > > https://www.twca.com.tw/upload/saveArea/filePage/20240313/05926332a5cb42bbb70bc7a0c841dff4/05926332a5cb42bbb70bc7a0c841dff4.pdf > > > > The following CPS applies to TWCA Global Root CA G2: > > - > > > > https://www.twca.com.tw/upload/saveArea/filePage/20240314/71f4d975e13f4860b9e95dc0503be0eb/71f4d975e13f4860b9e95dc0503be0eb.pdf > > > > Most Recent Self-Assessment: > > The following Self-Assessment applies to TWCA CYBER Root CA: > > - > > https://bugzilla.mozilla.org/attachment.cgi?id=9392695 (completed > 3/1/2024) > > > The following Self-Assessment applies to TWCA Global Root CA G2: > > - > > https://bugzilla.mozilla.org/attachment.cgi?id=9392696 (completed > 3/1/2024) > > Audit Statements: > > - > > Auditor: KPMG <https://home.kpmg.com/us/en/home.html> (enrolled > > <https://www.cpacanada.ca/en/business-and-accounting-resources/audit-and-assurance/overview-of-webtrust-services/licensed-webtrust-practitioners-international> > through WebTrust) > - > > Audit Criteria: WebTrust > - > > Date of Audit Issuance: 3/11/2024 > - > > For Period Ending: 12/31/2023 > - > > Audit Statement(s): > - > > Standard Audit > > <https://cpa.cpacanada.ca//GenericHandlers/CPACHandler.ashx?AttachmentID=df6e9d55-7e71-44d4-be4f-3a6e28902d24> > (covers both applicant root CAs) > - > > BR (SSL) Audit > > <https://cpa.cpacanada.ca//GenericHandlers/CPACHandler.ashx?AttachmentID=e7a7fd14-1d1a-41bc-9c71-125e86bee6cc> > (covers both applicant root CAs) > - > > EV SSL Audit > > <https://cpa.cpacanada.ca//GenericHandlers/CPACHandler.ashx?AttachmentID=8b0388a5-fbee-44b4-b66e-ba7a0b7b76dc> > (covers both applicant root CAs) > > Incident Summary (Bugzilla incidents from previous 24 months): > > - > > 1886110 <https://bugzilla.mozilla.org/show_bug.cgi?id=1886110>: TWCA: > Revocation delay for TLS certificates with non-critical basicConstraints > - > > 1883620 <https://bugzilla.mozilla.org/show_bug.cgi?id=1883620>: TWCA: > TLS EV certificates with invalid subject attribute order > - > > 1884568 <https://bugzilla.mozilla.org/show_bug.cgi?id=1884568>: TWCA: > Revocation delay for EV TLS certificates with invalid subject attribute > order > - > > 1885132 <https://bugzilla.mozilla.org/show_bug.cgi?id=1885132>: TWCA: > TLS certificates with non-critical basicConstraints > - > > 1793445 <https://bugzilla.mozilla.org/show_bug.cgi?id=1793445>: TWCA: > "unknown" OCSP response for issued certificates > - > > 1848240 <https://bugzilla.mozilla.org/show_bug.cgi?id=1848240>: TWCA: > Undisclosed CA > - > > 1848306 <https://bugzilla.mozilla.org/show_bug.cgi?id=1848306>: TWCA: > CA certificate without EKU > > > Thank you > > -Chris, on behalf of the CCADB Steering Committee > -- You received this message because you are subscribed to the Google Groups "CCADB Public" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/ccadb.org/d/msgid/public/CAAbw9mBaYDojf6ME4vBVUEio08STXZbxpH7YiEaSnsTqvMOjhQ%40mail.gmail.com.
