← Chunghwa Telecom cases
Bugzilla #1903066
Delayed Revocation
Chunghwa Telecom: Delayed Revocation with Controversial Extension (2.5.29.9, SubjectDirectoryAttributes)
RESOLVED
FIXED
Chunghwa Telecom
AI Summary
Chunghwa Telecom faced challenges in revoking 12,911 certificates due to the use of a controversial extension in compliance with Baseline Requirements (BR). The revocation process was complicated by the short time frame between this incident and a previous one, impacting government agency operations. Despite efforts to communicate and coordinate with users, the full revocation could not be completed within the mandated timeframe. The CA has committed to adhering strictly to BR requirements in the future, ensuring timely revocations without grace periods.
Chronology
- Stopped issuing certificates with the controversial extension.
- Revoked the first batch of certificates.
- Completed revocation of all affected certificates.
- Chunghwa Telecom committed to strict adherence to BR requirements.
Participants
leox@cht.com.tw
mike.shaver@gmail.com
tim.callan@sectigo.com
bwilson@mozilla.com
ryandickson@google.com
walter.j.marks@proton.me
External References
Similar Local Cases
Chunghwa Telecom: Delayed Revocation Due to GTLSCA EKU Misissuance
Entrust: Delayed revocation of EV TLS certificates with missing cPSuri
GDCA: Delayed revocation of SSL/TLS certificates with Non-critical Basic Constraints
Entrust: Delayed revocation of certificates affected by Jurisdiction issue in some EV TLS & Code Signing certificates
Chunghwa Telecom: Delayed revocation for bug 1951415
Chunghwa Telecom: Delayed disclosure to Bug 2008788 GTLSCA Audit Incident Report #2 - Domain validation records without the TLS BR version
Telekom Security: Delayed Revocations of Sub-CA certificates
NETLOCK: Bug 1891331 replacement - delayed revocation -