All,

This is a reminder that the public discussion period on the inclusion
application of TWCA will close on Monday June 3, 2024.

Thank you

-Chris, on behalf of the CCADB Steering Committee


On Mon, Apr 22, 2024 at 9:25 AM Chris Clements <[email protected]> wrote:

> All,
>
> This email commences a six-week public discussion of TWCA’s request to
> include the following two (2) certificates as publicly trusted root
> certificates in one or more CCADB Root Store Member’s program. This
> discussion period is scheduled to close on June 3, 2024.
>
> The purpose of this public discussion process is to promote openness and
> transparency. However, each Root Store makes its inclusion decisions
> independently, on its own timelines, and based on its own inclusion
> criteria. Successful completion of this public discussion process does not
> guarantee any favorable action by any Root Store.
>
> Anyone with concerns or questions is urged to raise them on this CCADB
> Public list by replying directly in this discussion thread. Likewise, a
> representative of the applicant must promptly respond directly in the
> discussion thread to all questions that are posted.
>
> CCADB Case Number: 00001244
> <https://ccadb.my.salesforce-sites.com/mozilla/PrintViewForCase?CaseNumber=00001244>
>
> Organization Background Information (listed in CCADB):
>
>    -
>
>    CA Owner Name: TWCA
>    -
>
>    Website: https://www.twca.com.tw/
>    -
>
>    Address: Customer Service Center, 10th Floor, 85 Yen-Ping South Road,
>    Taipei, Taiwan 100, Taiwan (Republic of China)
>    -
>
>    Problem Reporting Mechanisms: [email protected]
>    -
>
>    Organization Type: Public Corporation
>    -
>
>    Repository URL: https://www.twca.com.tw/repository?lang=en
>
> Certificates Requested for Inclusion:
>
>    1.
>
>    TWCA CYBER Root CA (included in case 00001244
>    
> <https://ccadb.my.salesforce-sites.com/mozilla/PrintViewForCase?CaseNumber=00001244>
>    ):
>    -
>
>       Certificate download links: (CA Repository
>       <https://itax.twca.com.tw/cacert/TWCA_Cyber_RCA_cert.zip>, crt.sh
>       
> <https://crt.sh/?q=3F63BB2814BE174EC8B6439CF08D6D56F0B7C405883A5648A334424D6B3EC558>
>       )
>       -
>
>       Use cases served/EKUs:
>       1.
>
>          Server Authentication (TLS) 1.3.6.1.5.5.7.3.1
>          -
>
>       Test websites:
>       1.
>
>          Valid: https://cyberevnormal.twca.com.tw/
>          2.
>
>          Revoked: https://cyberevrevoked.twca.com.tw/
>          3.
>
>          Expired: https://cyberevexpired.twca.com.tw/
>          2.
>
>    TWCA Global Root CA G2 (included in case 00001244
>    
> <https://ccadb.my.salesforce-sites.com/mozilla/PrintViewForCase?CaseNumber=00001244>
>    ):
>    -
>
>       Certificate download links: (CA Repository
>       <https://itax.twca.com.tw/cacert/TWCA_Global_RCA_G2_cert.zip>,
>       crt.sh
>       
> <https://crt.sh/?q=3A0072D49FFC04E996C59AEB75991D3C340F3615D6FD4DCE90AC0B3D88EAD4F4>
>       )
>       -
>
>       Use cases served/EKUs:
>       1.
>
>          Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4
>          2.
>
>          Client Authentication 1.3.6.1.5.5.7.3.2
>          3.
>
>          Document Signing AATL 1.2.840.113583.1.1.5
>          4.
>
>          Time Stamping 1.3.6.1.5.5.7.3.8
>          -
>
>       Test websites: N/A
>
> Existing Publicly Trusted Root CAs from TWCA:
>
>    1.
>
>    TWCA Global Root CA:
>
>
>    -
>
>    Certificate download links: (CA Repository
>    <http://itax.twca.com.tw/cacert/global_root_2012.crt>, crt.sh
>    
> <https://crt.sh/?q=59769007F7685D0FCD50872F9F95D5755A5B2B457D81F3692B610A98672F0E1B>
>    )
>    -
>
>    Use cases served/EKUs:
>    -
>
>       Server Authentication (TLS) 1.3.6.1.5.5.7.3.1
>       -
>
>       Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4
>       -
>
>       Client Authentication 1.3.6.1.5.5.7.3.2
>       -
>
>       Document Signing AATL 1.2.840.113583.1.1.5
>       -
>
>       Time Stamping 1.3.6.1.5.5.7.3.8
>       -
>
>    Certificate corpus: here
>    
> <https://search.censys.io/search?resource=certificates&q=59769007f7685d0fcd50872f9f95d5755a5b2b457d81f3692b610a98672f0e1b+and+labels%3Dever-trusted>
>    (Censys login required)
>    -
>
>    Included in: Apple, Chrome, Microsoft, and Mozilla
>
>
>    2.
>
>    TWCA Root Certification Authority:
>
>
>    -
>
>    Certificate download links: (CA Repository
>    <http://itax.twca.com.tw/cacert/root2048.crt>, crt.sh
>    
> <https://crt.sh/?q=BFD88FE1101C41AE3E801BF8BE56350EE9BAD1A6B9BD515EDC5C6D5B8711AC44>
>    )
>    -
>
>    Use cases served/EKUs:
>    -
>
>       Server Authentication (TLS) 1.3.6.1.5.5.7.3.1
>       -
>
>       Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4
>       -
>
>       Client Authentication 1.3.6.1.5.5.7.3.2
>       -
>
>       Document Signing AATL 1.2.840.113583.1.1.5
>       -
>
>       Time Stamping 1.3.6.1.5.5.7.3.8
>       -
>
>    Certificate corpus: here
>    
> <https://search.censys.io/search?resource=certificates&q=bfd88fe1101c41ae3e801bf8be56350ee9bad1a6b9bd515edc5c6d5b8711ac44+and+labels%3Dever-trusted>
>    (Censys login required)
>    -
>
>    Included in: Apple, Chrome, Microsoft, and Mozilla
>
> Relevant Policy and Practices Documentation:
>
> The following CP applies to both applicant root CAs:
>
>    -
>
>
>    
> https://www.twca.com.tw/upload/saveArea/filePage/20230822/bcc9c65cda1a48378bea750a4d744fc3/bcc9c65cda1a48378bea750a4d744fc3.pdf
>
>
>
> The following CPS applies to TWCA CYBER Root CA:
>
>    -
>
>
>    
> https://www.twca.com.tw/upload/saveArea/filePage/20240313/05926332a5cb42bbb70bc7a0c841dff4/05926332a5cb42bbb70bc7a0c841dff4.pdf
>
>
>
> The following CPS applies to TWCA Global Root CA G2:
>
>    -
>
>
>    
> https://www.twca.com.tw/upload/saveArea/filePage/20240314/71f4d975e13f4860b9e95dc0503be0eb/71f4d975e13f4860b9e95dc0503be0eb.pdf
>
>
>
> Most Recent Self-Assessment:
>
> The following Self-Assessment applies to TWCA CYBER Root CA:
>
>    -
>
>    https://bugzilla.mozilla.org/attachment.cgi?id=9392695 (completed
>    3/1/2024)
>
>
> The following Self-Assessment applies to TWCA Global Root CA G2:
>
>    -
>
>    https://bugzilla.mozilla.org/attachment.cgi?id=9392696 (completed
>    3/1/2024)
>
> Audit Statements:
>
>    -
>
>    Auditor: KPMG <https://home.kpmg.com/us/en/home.html> (enrolled
>    
> <https://www.cpacanada.ca/en/business-and-accounting-resources/audit-and-assurance/overview-of-webtrust-services/licensed-webtrust-practitioners-international>
>    through WebTrust)
>    -
>
>    Audit Criteria: WebTrust
>    -
>
>    Date of Audit Issuance: 3/11/2024
>    -
>
>    For Period Ending: 12/31/2023
>    -
>
>    Audit Statement(s):
>    -
>
>       Standard Audit
>       
> <https://cpa.cpacanada.ca//GenericHandlers/CPACHandler.ashx?AttachmentID=df6e9d55-7e71-44d4-be4f-3a6e28902d24>
>       (covers both applicant root CAs)
>       -
>
>       BR (SSL) Audit
>       
> <https://cpa.cpacanada.ca//GenericHandlers/CPACHandler.ashx?AttachmentID=e7a7fd14-1d1a-41bc-9c71-125e86bee6cc>
>       (covers both applicant root CAs)
>       -
>
>       EV SSL Audit
>       
> <https://cpa.cpacanada.ca//GenericHandlers/CPACHandler.ashx?AttachmentID=8b0388a5-fbee-44b4-b66e-ba7a0b7b76dc>
>       (covers both applicant root CAs)
>
> Incident Summary (Bugzilla incidents from previous 24 months):
>
>    -
>
>    1886110 <https://bugzilla.mozilla.org/show_bug.cgi?id=1886110>: TWCA:
>    Revocation delay for TLS certificates with non-critical basicConstraints
>    -
>
>    1883620 <https://bugzilla.mozilla.org/show_bug.cgi?id=1883620>: TWCA:
>    TLS EV certificates with invalid subject attribute order
>    -
>
>    1884568 <https://bugzilla.mozilla.org/show_bug.cgi?id=1884568>: TWCA:
>    Revocation delay for EV TLS certificates with invalid subject attribute
>    order
>    -
>
>    1885132 <https://bugzilla.mozilla.org/show_bug.cgi?id=1885132>: TWCA:
>    TLS certificates with non-critical basicConstraints
>    -
>
>    1793445 <https://bugzilla.mozilla.org/show_bug.cgi?id=1793445>: TWCA:
>    "unknown" OCSP response for issued certificates
>    -
>
>    1848240 <https://bugzilla.mozilla.org/show_bug.cgi?id=1848240>: TWCA:
>    Undisclosed CA
>    -
>
>    1848306 <https://bugzilla.mozilla.org/show_bug.cgi?id=1848306>: TWCA:
>    CA certificate without EKU
>
>
> Thank you
>
> -Chris, on behalf of the CCADB Steering Committee
>

-- 
You received this message because you are subscribed to the Google Groups 
"CCADB Public" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/a/ccadb.org/d/msgid/public/CAAbw9mBaYDojf6ME4vBVUEio08STXZbxpH7YiEaSnsTqvMOjhQ%40mail.gmail.com.

Reply via email to