CFCA: Delayed response to CPR-related email related with bug 2049179
This case concerns CFCA’s handling of a CPR-related email associated with bug 2049179. In the thread, CFCA states that it failed to identify a community member’s CPR-related email sent to c**********i@cfca.com.cn. CFCA further states that the address was shown only on the CPR web page as supplementary contact text and was not disclosed in its CPS or CCADB. The comment also states that the disclosed CPR web form (https://cloudpki.cfca.com.cn/cpr) was not affected, and that no certificates were impacted and no revocation was requested. The thread characterizes the incident disclosure source as “Third Party Reported.” The bug is currently marked ASSIGNED, with no resolution stated in the provided content.
- CFCA reported a CPR-related email handling issue tied to bug 2049179, stating it failed to identify the community member’s email address.
- China Financial Certification Authority (CFCA) — CFCA described that it did not identify a community member’s CPR-related email sent to c**********i@cfca.com.cn (supplementary CPR-page contact text not disclosed in CPS/CCADB), and stated the CPR web form was not affected and no certificates/revocation were impacted.