← Chunghwa Telecom cases
Bugzilla #2009045
Delayed Revocation
Chunghwa Telecom: Delayed disclosure to Bug 2008788 GTLSCA Audit Incident Report #2 - Domain validation records without the TLS BR version
RESOLVED
FIXED
Chunghwa Telecom
AI Summary
Chunghwa Telecom experienced a delayed disclosure incident related to an audit finding from the GTLSCA annual audit report, which was received on December 13, 2025. The audit finding, concerning domain validation records lacking the TLS BR version, was not disclosed within the required 72-hour timeframe, as mandated by CCADB Policy 5.2. This oversight was identified on January 6, 2026, after a third-party notification. The CA has since initiated corrective actions, including mandatory training on CCADB policies and the implementation of an audit-finding monitoring dashboard.
Chronology
- Start of non-compliance due to missed disclosure window
- Non-compliance identified
- Non-compliance ended
Participants
Tsung-Min Kuo
External References
Similar Local Cases
Chunghwa Telecom: Delayed disclosure to Bug 2008803 GTLSCA Audit Incident Report #4 - Missing evaluation for third parties
Chunghwa Telecom: Delayed revocation for bug 1951415
Chunghwa Telecom: Delayed Revocation with Controversial Extension (2.5.29.9, SubjectDirectoryAttributes)
Chunghwa Telecom: Delayed Revocation Due to GTLSCA EKU Misissuance
SSL.com: Delayed revocation of 53 certificates affected by bug #1750631
HARICA: delayed revocation for bug 1943596
D-Trust: Delay beyond 5 days in revoking misissued certificate
Firmaprofesional: Delayed revocation of TLS certificates affected by bug #2009941