← Chunghwa Telecom cases
Bugzilla #1959278
Delayed Revocation
Chunghwa Telecom: Delayed revocation for bug 1951415
RESOLVED
FIXED
Chunghwa Telecom
AI Summary
Chunghwa Telecom (CHT) reported a delayed revocation incident involving four TLS certificates that were not revoked within the required 24-hour period as specified by TLS BR 4.9.1.1 Item 5. This delay was attributed to a misunderstanding of the relevant policies and the timing of the incident coinciding with a holiday, which complicated customer communication. CHT has since completed the revocation of the affected certificates and implemented measures to enhance compliance with TLS requirements, including retraining staff and improving subscriber communication.
Chronology
- Non-compliance start date
- Non-compliance identified date
- Non-compliance end date
- Preliminary Incident Report submitted
- Report Closure Summary submitted
Participants
Tsung-Min Kuo
External References
Related Bugzilla IDs Mentioned
Similar Local Cases
Chunghwa Telecom: Delayed disclosure to Bug 2008803 GTLSCA Audit Incident Report #4 - Missing evaluation for third parties
Chunghwa Telecom: Delayed disclosure to Bug 2008788 GTLSCA Audit Incident Report #2 - Domain validation records without the TLS BR version
Chunghwa Telecom: Delayed Revocation Due to GTLSCA EKU Misissuance
Chunghwa Telecom: Delayed Revocation with Controversial Extension (2.5.29.9, SubjectDirectoryAttributes)
Buypass: Delayed revocation of TLS certificates
GDCA: Delayed revocation of SSL/TLS certificates with Non-critical Basic Constraints
Entrust: Delayed Revocation for EV TLS Certificate incorrect jurisdiction
Telekom Security: Revocation delay for TLS certificates with basicConstraints not marked as critical