← Chunghwa Telecom cases
Bugzilla #2052090 Trust Bit Disablement Incident

Remove the Email (S/MIME) trust bit for ePKI Root Certification Authority

ASSIGNED Chunghwa Telecom
This summary was auto-generated by AI and revised by me when needed — accuracy improves with each update. Always refer to the official Bugzilla thread as the authoritative source. If you spot an inaccuracy, let me know via the contact form.
AI Summary

This bug tracks a request by Chunghwa Telecom to remove the remaining Email (S/MIME) trust bit for its ePKI Root Certification Authority root certificate. The bug states that Websites (TLS) trust for this root was previously removed via Bug 1974299, and that Mozilla currently recognizes the root only for Email (S/MIME). The request is tied to Chunghwa Telecom’s PKI transition, including discontinuing S/MIME issuance under this hierarchy and revoking subordinate CAs previously used for S/MIME issuance. If approved, the action would leave the root with no remaining Mozilla trust bits. The bug also notes that a corresponding bug would be filed in the NSS :: CA Certificates Code component to implement the change, and that Bug 2052097 was filed for that purpose.

Model: gpt-5.4-nano Generated: 2026-07-04 18:30 UTC Confidence: 0.86 2 comments
Chronology
  1. Mozilla opened a bug to remove the Email (S/MIME) trust bit for Chunghwa Telecom’s ePKI Root Certification Authority root.
  2. A corresponding implementation bug was filed in NSS :: CA Certificates Code (Bug 2052097).
Thread Activity
  1. bwilson@mozilla.com — Opened the bug describing the proposed removal of the Email (S/MIME) trust bit for ePKI Root Certification Authority and noting TLS trust was previously removed via Bug 1974299.
  2. bwilson@mozilla.com — Noted that Bug 2052097 was filed in NSS :: CA Certificates Code to implement the requested change.
Participants
bwilson@mozilla.com
External References
Related Bugzilla IDs Mentioned
Similar Local Cases
#1943135 RESOLVED Trust Bit Disablement Closure Request Opened 2025-01-22 · Closed 2025-05-25 · 68% similar
Request to disable SMIME "trust bit" for GoDaddy CAs
#1905070 RESOLVED Trust Bit Disablement Opened 2024-06-27 · Closed 2024-08-28 · 67% similar
Turn off Secure Email Trust Bit for certSIGN ROOT CA cert
#1905072 RESOLVED Trust Bit Disablement Opened 2024-06-27 · Closed 2024-08-22 · 67% similar
Turn off Secure Email Trust Bit for certSIGN ROOT CA G2 cert
#847604 RESOLVED Trust Bit Disablement Opened 2013-03-04 · Closed 2022-11-14 · 60% similar
Turn off websites and code signing trust bits for two IdenTrust root certs
#1684158 RESOLVED Trust Bit Disablement Opened 2020-12-24 · Closed 2022-11-14 · 58% similar
PKIoverheid: Removal of websites trust bit for "Staat der Nederlanden Root CA – G3"
#1465625 RESOLVED Trust Bit Disablement Opened 2018-05-30 · Closed 2022-11-14 · 58% similar
Turn off Websites trust bit for OpenTrust and Certplus root certs
#1891438 RESOLVED Trust Bit Disablement Opened 2024-04-15 · Closed 2026-02-13 · 58% similar
Chunghwa Telecom: Postpone removal of ePKI Root CA's websites trust bit
#1655074 RESOLVED Trust Bit Disablement Opened 2020-07-24 · Closed 2022-11-14 · 57% similar
Add several ICAs of Firmaprofesional to OneCRL

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action