On April 22, 2024, we began a six-week, public discussion <https://groups.google.com/a/ccadb.org/g/public/c/rAsxoNILZ6A/m/vqn7iTHEAwAJ> on the request from TWCA for inclusion of its root CA certificate(s):
- TWCA CYBER Root CA <https://crt.sh/?q=3F63BB2814BE174EC8B6439CF08D6D56F0B7C405883A5648A334424D6B3EC558> - TWCA Global Root CA G2 <https://crt.sh/?q=3A0072D49FFC04E996C59AEB75991D3C340F3615D6FD4DCE90AC0B3D88EAD4F4> The public discussion period has now ended. We did not receive any objections or other questions or comments in opposition to TWCA’s request. We thank the community for its review and consideration during this period. Root Store Programs will make final inclusion decisions independently, on their own timelines, and based on each Root Store Member’s inclusion criteria. Further discussion may take place in the independently managed Root Store community forums (i.e., MDSP). Thank you -Chris, on behalf of the CCADB Steering Committee On Tue, May 28, 2024 at 10:53 AM Chris Clements <[email protected]> wrote: > All, > > This is a reminder that the public discussion period on the inclusion > application of TWCA will close on Monday June 3, 2024. > > Thank you > > -Chris, on behalf of the CCADB Steering Committee > > > On Mon, Apr 22, 2024 at 9:25 AM Chris Clements <[email protected]> > wrote: > >> All, >> >> This email commences a six-week public discussion of TWCA’s request to >> include the following two (2) certificates as publicly trusted root >> certificates in one or more CCADB Root Store Member’s program. This >> discussion period is scheduled to close on June 3, 2024. >> >> The purpose of this public discussion process is to promote openness and >> transparency. However, each Root Store makes its inclusion decisions >> independently, on its own timelines, and based on its own inclusion >> criteria. Successful completion of this public discussion process does not >> guarantee any favorable action by any Root Store. >> >> Anyone with concerns or questions is urged to raise them on this CCADB >> Public list by replying directly in this discussion thread. Likewise, a >> representative of the applicant must promptly respond directly in the >> discussion thread to all questions that are posted. >> >> CCADB Case Number: 00001244 >> <https://ccadb.my.salesforce-sites.com/mozilla/PrintViewForCase?CaseNumber=00001244> >> >> Organization Background Information (listed in CCADB): >> >> - >> >> CA Owner Name: TWCA >> - >> >> Website: https://www.twca.com.tw/ >> - >> >> Address: Customer Service Center, 10th Floor, 85 Yen-Ping South Road, >> Taipei, Taiwan 100, Taiwan (Republic of China) >> - >> >> Problem Reporting Mechanisms: [email protected] >> - >> >> Organization Type: Public Corporation >> - >> >> Repository URL: https://www.twca.com.tw/repository?lang=en >> >> Certificates Requested for Inclusion: >> >> 1. >> >> TWCA CYBER Root CA (included in case 00001244 >> >> <https://ccadb.my.salesforce-sites.com/mozilla/PrintViewForCase?CaseNumber=00001244> >> ): >> - >> >> Certificate download links: (CA Repository >> <https://itax.twca.com.tw/cacert/TWCA_Cyber_RCA_cert.zip>, crt.sh >> >> <https://crt.sh/?q=3F63BB2814BE174EC8B6439CF08D6D56F0B7C405883A5648A334424D6B3EC558> >> ) >> - >> >> Use cases served/EKUs: >> 1. >> >> Server Authentication (TLS) 1.3.6.1.5.5.7.3.1 >> - >> >> Test websites: >> 1. >> >> Valid: https://cyberevnormal.twca.com.tw/ >> 2. >> >> Revoked: https://cyberevrevoked.twca.com.tw/ >> 3. >> >> Expired: https://cyberevexpired.twca.com.tw/ >> 2. >> >> TWCA Global Root CA G2 (included in case 00001244 >> >> <https://ccadb.my.salesforce-sites.com/mozilla/PrintViewForCase?CaseNumber=00001244> >> ): >> - >> >> Certificate download links: (CA Repository >> <https://itax.twca.com.tw/cacert/TWCA_Global_RCA_G2_cert.zip>, >> crt.sh >> >> <https://crt.sh/?q=3A0072D49FFC04E996C59AEB75991D3C340F3615D6FD4DCE90AC0B3D88EAD4F4> >> ) >> - >> >> Use cases served/EKUs: >> 1. >> >> Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4 >> 2. >> >> Client Authentication 1.3.6.1.5.5.7.3.2 >> 3. >> >> Document Signing AATL 1.2.840.113583.1.1.5 >> 4. >> >> Time Stamping 1.3.6.1.5.5.7.3.8 >> - >> >> Test websites: N/A >> >> Existing Publicly Trusted Root CAs from TWCA: >> >> 1. >> >> TWCA Global Root CA: >> >> >> - >> >> Certificate download links: (CA Repository >> <http://itax.twca.com.tw/cacert/global_root_2012.crt>, crt.sh >> >> <https://crt.sh/?q=59769007F7685D0FCD50872F9F95D5755A5B2B457D81F3692B610A98672F0E1B> >> ) >> - >> >> Use cases served/EKUs: >> - >> >> Server Authentication (TLS) 1.3.6.1.5.5.7.3.1 >> - >> >> Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4 >> - >> >> Client Authentication 1.3.6.1.5.5.7.3.2 >> - >> >> Document Signing AATL 1.2.840.113583.1.1.5 >> - >> >> Time Stamping 1.3.6.1.5.5.7.3.8 >> - >> >> Certificate corpus: here >> >> <https://search.censys.io/search?resource=certificates&q=59769007f7685d0fcd50872f9f95d5755a5b2b457d81f3692b610a98672f0e1b+and+labels%3Dever-trusted> >> (Censys login required) >> - >> >> Included in: Apple, Chrome, Microsoft, and Mozilla >> >> >> 2. >> >> TWCA Root Certification Authority: >> >> >> - >> >> Certificate download links: (CA Repository >> <http://itax.twca.com.tw/cacert/root2048.crt>, crt.sh >> >> <https://crt.sh/?q=BFD88FE1101C41AE3E801BF8BE56350EE9BAD1A6B9BD515EDC5C6D5B8711AC44> >> ) >> - >> >> Use cases served/EKUs: >> - >> >> Server Authentication (TLS) 1.3.6.1.5.5.7.3.1 >> - >> >> Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4 >> - >> >> Client Authentication 1.3.6.1.5.5.7.3.2 >> - >> >> Document Signing AATL 1.2.840.113583.1.1.5 >> - >> >> Time Stamping 1.3.6.1.5.5.7.3.8 >> - >> >> Certificate corpus: here >> >> <https://search.censys.io/search?resource=certificates&q=bfd88fe1101c41ae3e801bf8be56350ee9bad1a6b9bd515edc5c6d5b8711ac44+and+labels%3Dever-trusted> >> (Censys login required) >> - >> >> Included in: Apple, Chrome, Microsoft, and Mozilla >> >> Relevant Policy and Practices Documentation: >> >> The following CP applies to both applicant root CAs: >> >> - >> >> >> >> https://www.twca.com.tw/upload/saveArea/filePage/20230822/bcc9c65cda1a48378bea750a4d744fc3/bcc9c65cda1a48378bea750a4d744fc3.pdf >> >> >> >> The following CPS applies to TWCA CYBER Root CA: >> >> - >> >> >> >> https://www.twca.com.tw/upload/saveArea/filePage/20240313/05926332a5cb42bbb70bc7a0c841dff4/05926332a5cb42bbb70bc7a0c841dff4.pdf >> >> >> >> The following CPS applies to TWCA Global Root CA G2: >> >> - >> >> >> >> https://www.twca.com.tw/upload/saveArea/filePage/20240314/71f4d975e13f4860b9e95dc0503be0eb/71f4d975e13f4860b9e95dc0503be0eb.pdf >> >> >> >> Most Recent Self-Assessment: >> >> The following Self-Assessment applies to TWCA CYBER Root CA: >> >> - >> >> https://bugzilla.mozilla.org/attachment.cgi?id=9392695 (completed >> 3/1/2024) >> >> >> The following Self-Assessment applies to TWCA Global Root CA G2: >> >> - >> >> https://bugzilla.mozilla.org/attachment.cgi?id=9392696 (completed >> 3/1/2024) >> >> Audit Statements: >> >> - >> >> Auditor: KPMG <https://home.kpmg.com/us/en/home.html> (enrolled >> >> <https://www.cpacanada.ca/en/business-and-accounting-resources/audit-and-assurance/overview-of-webtrust-services/licensed-webtrust-practitioners-international> >> through WebTrust) >> - >> >> Audit Criteria: WebTrust >> - >> >> Date of Audit Issuance: 3/11/2024 >> - >> >> For Period Ending: 12/31/2023 >> - >> >> Audit Statement(s): >> - >> >> Standard Audit >> >> <https://cpa.cpacanada.ca//GenericHandlers/CPACHandler.ashx?AttachmentID=df6e9d55-7e71-44d4-be4f-3a6e28902d24> >> (covers both applicant root CAs) >> - >> >> BR (SSL) Audit >> >> <https://cpa.cpacanada.ca//GenericHandlers/CPACHandler.ashx?AttachmentID=e7a7fd14-1d1a-41bc-9c71-125e86bee6cc> >> (covers both applicant root CAs) >> - >> >> EV SSL Audit >> >> <https://cpa.cpacanada.ca//GenericHandlers/CPACHandler.ashx?AttachmentID=8b0388a5-fbee-44b4-b66e-ba7a0b7b76dc> >> (covers both applicant root CAs) >> >> Incident Summary (Bugzilla incidents from previous 24 months): >> >> - >> >> 1886110 <https://bugzilla.mozilla.org/show_bug.cgi?id=1886110>: TWCA: >> Revocation delay for TLS certificates with non-critical basicConstraints >> - >> >> 1883620 <https://bugzilla.mozilla.org/show_bug.cgi?id=1883620>: TWCA: >> TLS EV certificates with invalid subject attribute order >> - >> >> 1884568 <https://bugzilla.mozilla.org/show_bug.cgi?id=1884568>: TWCA: >> Revocation delay for EV TLS certificates with invalid subject attribute >> order >> - >> >> 1885132 <https://bugzilla.mozilla.org/show_bug.cgi?id=1885132>: TWCA: >> TLS certificates with non-critical basicConstraints >> - >> >> 1793445 <https://bugzilla.mozilla.org/show_bug.cgi?id=1793445>: TWCA: >> "unknown" OCSP response for issued certificates >> - >> >> 1848240 <https://bugzilla.mozilla.org/show_bug.cgi?id=1848240>: TWCA: >> Undisclosed CA >> - >> >> 1848306 <https://bugzilla.mozilla.org/show_bug.cgi?id=1848306>: TWCA: >> CA certificate without EKU >> >> >> Thank you >> >> -Chris, on behalf of the CCADB Steering Committee >> > -- You received this message because you are subscribed to the Google Groups "CCADB Public" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/ccadb.org/d/msgid/public/CAAbw9mDPHKEu9G8kC59qxc7HqdGCnm3o9AgiimtbWkd-HLRSOA%40mail.gmail.com.
