← Chunghwa Telecom cases
Bugzilla #2008788
Audit Related
Chunghwa Telecom: Findings in 2025 WebTrust Audit - GTLSCA Audit Incident Report #2 - Domain validation records without the TLS BR version
RESOLVED
FIXED
Chunghwa Telecom
AI Summary
During the 2025 WebTrust audit of Chunghwa Telecom's GTLSCA, it was discovered that the domain validation records did not consistently include the applicable TLS Baseline Requirements (BR) version. This omission was identified as a structural design deficiency in the RA system, which failed to capture this information as a mandatory field. The issue was not related to errors in the validation process itself but rather to incomplete record-keeping practices. Remediation actions have been implemented to ensure compliance with current standards, including the addition of a structured field for BR version tracking in the validation records.
Chronology
- Non-compliance start date
- Non-compliance identified date
- Non-compliance end date
- Incident report closure
Participants
Tsung-Min Kuo
External References
Similar Local Cases
Chunghwa Telecom: Findings in 2025 WebTrust Audit - GTLSCA Audit Incident Report #4 - Missing evaluation for third parties
Chunghwa Telecom: Findings in 2025 WebTrust Audit - GTLSCA Audit Incident Report #3 - Missing vulnerability scan
Chunghwa Telecom: Findings in 2025 WebTrust Audit - GTLSCA Audit Incident Report #1 - mass certificate revocation plan
Chunghwa Telecom Audit Statements
PKIoverheid: TSP CIBG Findings in 2025 ETSI Audit - Incident Report #5 – Risk Management
PKIoverheid: TSP CIBG Findings in 2025 ETSI Audit - Incident Report #8 – Human Resources Management
FNMT: Findings in 2019 Audit Statement, including domain validation methods, CAA, etc.
Telia: Findings in 2024 Audit