← Taiwan-CA Inc. (TWCA) cases
Bugzilla #1952639
Policy Compliance
TWCA: Missing or Inconsistent Disclosure of S/MIME BR Audits
RESOLVED
FIXED
Taiwan-CA Inc. (TWCA)
AI Summary
The TWCA CYBER Root CA was initially found to be missing from the S/MIME BR Audit report, leading to concerns about compliance with Mozilla's policies. After discussions and clarifications regarding the inclusion of self-signed root certificates, it was determined that the TWCA CYBER Root should be included in the audit. The CA has since rectified the issue by including the root in the latest S/MIME audit report and committing to stricter scrutiny in future audits. All relevant updates have been uploaded to the CCADB.
Chronology
- Non-compliance identified regarding S/MIME BR Audit report.
- Discussions with auditors led to agreement to include the TWCA CYBER Root in the audit.
- Updated audit report uploaded to CCADB.
- Report Closure Summary submitted.
Participants
chtsai@twca.com.tw
bwilson@mozilla.com
dzacharo@harica.gr
bugzilla@jesperkristensen.dk
rowleylaw@gmail.com
incident-reporting@ccadb.org
External References
Similar Local Cases
TWCA: Policy OID not set to indicate the assurance level to the issued certs
iTrusChina: lacking 2018 KGC and GAP period audit report
Microsoft PKI Services: Firewall log data retention
D-Trust: Non-compliance of issued root and intermediate S/MIME certificates
Chunghwa Telecom: outdated and stale policy documents disclosed to the CCADB
Firmaprofesional: 2020 Audit Report Finding 1 out of 4
IdenTrust: basicConstraints not flagged "Critical" Per Certification Practices Statement
PKIoverheid: TSP KPN Findings in 2025 ETSI Audit - Incident Report #7 – Change Management