All,
This email commences a six-week public discussion of TWCA’s request to include the following two (2) certificates as publicly trusted root certificates in one or more CCADB Root Store Member’s program. This discussion period is scheduled to close on June 3, 2024.
The purpose of this public discussion process is to promote openness and transparency. However, each Root Store makes its inclusion decisions independently, on its own timelines, and based on its own inclusion criteria. Successful completion of this public discussion process does not guarantee any favorable action by any Root Store.
Anyone with concerns or questions is urged to raise them on this CCADB Public list by replying directly in this discussion thread. Likewise, a representative of the applicant must promptly respond directly in the discussion thread to all questions that are posted.
CCADB Case Number: 00001244
Organization Background Information (listed in CCADB):
CA Owner Name: TWCA
Website: https://www.twca.com.tw/
Address: Customer Service Center, 10th Floor, 85 Yen-Ping South Road, Taipei, Taiwan 100, Taiwan (Republic of China)
Problem Reporting Mechanisms: c...@twca.com.tw
Organization Type: Public Corporation
Repository URL: https://www.twca.com.tw/repository?lang=en
Certificates Requested for Inclusion:
TWCA CYBER Root CA (included in case 00001244):
Certificate download links: (CA Repository, crt.sh)
Use cases served/EKUs:
Server Authentication (TLS) 1.3.6.1.5.5.7.3.1
Test websites:
Revoked: https://cyberevrevoked.twca.com.tw/
Expired: https://cyberevexpired.twca.com.tw/
TWCA Global Root CA G2 (included in case 00001244):
Certificate download links: (CA Repository, crt.sh)
Use cases served/EKUs:
Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4
Client Authentication 1.3.6.1.5.5.7.3.2
Document Signing AATL 1.2.840.113583.1.1.5
Time Stamping 1.3.6.1.5.5.7.3.8
Test websites: N/A
Existing Publicly Trusted Root CAs from TWCA:
TWCA Global Root CA:
Certificate download links: (CA Repository, crt.sh)
Use cases served/EKUs:
Server Authentication (TLS) 1.3.6.1.5.5.7.3.1
Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4
Client Authentication 1.3.6.1.5.5.7.3.2
Document Signing AATL 1.2.840.113583.1.1.5
Time Stamping 1.3.6.1.5.5.7.3.8
Certificate corpus: here (Censys login required)
Included in: Apple, Chrome, Microsoft, and Mozilla
TWCA Root Certification Authority:
Certificate download links: (CA Repository, crt.sh)
Use cases served/EKUs:
Server Authentication (TLS) 1.3.6.1.5.5.7.3.1
Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4
Client Authentication 1.3.6.1.5.5.7.3.2
Document Signing AATL 1.2.840.113583.1.1.5
Time Stamping 1.3.6.1.5.5.7.3.8
Certificate corpus: here (Censys login required)
Included in: Apple, Chrome, Microsoft, and Mozilla
Relevant Policy and Practices Documentation:
The following CP applies to both applicant root CAs:
The following CPS applies to TWCA CYBER Root CA:
The following CPS applies to TWCA Global Root CA G2:
Most Recent Self-Assessment:
The following Self-Assessment applies to TWCA CYBER Root CA:
https://bugzilla.mozilla.org/attachment.cgi?id=9392695 (completed 3/1/2024)
The following Self-Assessment applies to TWCA Global Root CA G2:
https://bugzilla.mozilla.org/attachment.cgi?id=9392696 (completed 3/1/2024)
Audit Statements:
Audit Criteria: WebTrust
Date of Audit Issuance: 3/11/2024
For Period Ending: 12/31/2023
Audit Statement(s):
Standard Audit (covers both applicant root CAs)
BR (SSL) Audit (covers both applicant root CAs)
EV SSL Audit (covers both applicant root CAs)
Incident Summary (Bugzilla incidents from previous 24 months):
1886110: TWCA: Revocation delay for TLS certificates with non-critical basicConstraints
1883620: TWCA: TLS EV certificates with invalid subject attribute order
1884568: TWCA: Revocation delay for EV TLS certificates with invalid subject attribute order
1885132: TWCA: TLS certificates with non-critical basicConstraints
1793445: TWCA: "unknown" OCSP response for issued certificates
1848240: TWCA: Undisclosed CA
1848306: TWCA: CA certificate without EKU
Thank you
-Chris, on behalf of the CCADB Steering Committee
All,
This is a reminder that the public discussion period on the inclusion application of TWCA will close on Monday June 3, 2024.
Thank you
-Chris, on behalf of the CCADB Steering Committee