← Chunghwa Telecom cases
Bugzilla #1947034
Policy Compliance
Chunghwa Telecom: outdated and stale policy documents disclosed to the CCADB
RESOLVED
FIXED
Chunghwa Telecom
AI Summary
Chunghwa Telecom identified that outdated policy documents were disclosed to the CCADB, violating the Chrome Root Program and CCADB policies. The issue arose due to an oversight during the update process, compounded by staff leave and lack of a proxy assignment. Although no security incidents occurred, the incident highlighted the need for improved internal processes. Corrective actions have been implemented to ensure timely updates in the future.
Chronology
- CHT submitted a request case to update CA repository URLs and add CPS documents.
- Google Chrome Root Program informed CHT about the outdated policy documents.
- CHT updated the version number and re-submitted the case.
- The case was closed after review.
- Issue scheduled for closure unless further questions arise.
Participants
Tsung-Min Kuo
bwilson@mozilla.com
External References
Similar Local Cases
iTrusChina: lacking 2018 KGC and GAP period audit report
IdenTrust: basicConstraints not flagged "Critical" Per Certification Practices Statement
Microsoft PKI Services: Firewall log data retention
Microsoft PKI Services: Failure to modify policy documents within 365 days
TWCA: Missing or Inconsistent Disclosure of S/MIME BR Audits
Firmaprofesional: 2020 Audit Report Finding 1 out of 4
D-Trust: Non-compliance of issued root and intermediate S/MIME certificates
SECOM: Failed an annual CPS update of Cybertrust Japan (CTJ)