Open Bug 1563417 Opened 1 year ago Updated 5 months ago

Add Chunghwa Telecom's HiPKI Root CA -G1 Certificate to NSS

Categories

(NSS :: CA Certificate Root Program, task)

task
Not set

Tracking

(Not tracked)

ASSIGNED

People

(Reporter: realsky, Assigned: wthayer)

Details

(Whiteboard: [ca-cps-review] - KW 2019-09-12)

Attachments

(3 files)

Chunghwa Telecom wants to request for the inclusion of our new root certificate, namely HiPKI Root CA – G1, to be included in Mozilla Root Store.

The audit case for the new Root inclusion request is in https://ccadb.force.com/5001J00000lRxe6 in CCADB.

We have held a key generation ceremony (KGC) regarding our new Root CA, HiPKI Root CA, and a Subordinate CA, HiPKI EV TLS CA, on Feb. 22 2019, and we have completed a point-in-time audit performed in accordance with applicable standards under WebTrust scheme and a KGC audit used to ensure the integrity and confidentiality of the key pairs.

We provide you the download links of the related audit reports which can be found from the following links:

(1) WebTrust for CA point-in-time audit report
http://eca.hinet.net/download/WTCA_Readiness_Assessment_Report_with_Assertion.pdf

(2) WebTrust for CA-SSL BR and Network Security point-in-time audit report
http://eca.hinet.net/download/WTCA_SSLBR_Readiness_Assessment_Report_with_Assertion.pdf

(3) WebTrust for CA-EV SSL point-in-time audit report
http://eca.hinet.net/download/WTCA_EVSSL_Readiness_Assessment_Report_with_Assertion.pdf.

(4) Audit report of Root & Sub Key Generation Ceremony
http://eca.hinet.net/download/INDEPENDENT_ASSURANCE_REPORT.pdf

We have also completed a period-of-time audit performed in accordance with applicable standards under WebTrust scheme for HiPKI Root CA and HiPKI EV TLS CA. The related audit reports can be found from the following links:

(1) WebTrust for CA period-of-time audit https://www.cpacanada.ca/webtrustseal?sealid=10010

(2) WebTrust for CA -SSL BR and Network Security period-of-time audit https://www.cpacanada.ca/webtrustseal?sealid=10011

(3) WebTrust for CA-EV SSL period-of-time audit https://www.cpacanada.ca/webtrustseal?sealid=10012

Attached please find the HiPKI Root CA self-signed certificate and HiPKI EV TLS CA subordinate CA certificate.

Thank you.

Flags: needinfo?(realsky)
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true

BR-Self-Assessment.

Flags: needinfo?(realsky)

The CA's documents: https://eca.hinet.net/repository-h/en/index.htm
(i) HiPKI Certificate Policy Version 1.0
https://eca.hinet.net/download/HiPKI-CP-v1.0-en.pdf
(ii) HiPKI Root Certification Authority Certification Practice Statement Version 1.0
https://eca.hinet.net/download/HiPKI-RCA-CPS-v1.0-en.pdf
(iii) HiPKI EV TLS Certification Authority Certification Practice Statement Version 1.0
https://eca.hinet.net/download/HiPKI-EV-TLSCA-CPS-v1.0-en.pdf

Attached file is HiPKI PKI Hierarchy.

Whiteboard: [ca-initial]

The audit case #00000476 in CCADB (https://ccadb.force.com/5001J00000mGtDg) is for updating period of time audit of HiPKI Root CA-G1 and HiPKI EV TLS CA-G1 from May 1 to May 31 to keep all of our company's CAs audit reports and management's assertions in the same seal. The statement date of audit reports and management's assertions are on July 22, 2019. The start date of audit period is Feb. 23, 2019. The end date of audit period is May 31, 2019. The audit report and management's assertion of HiPKI Root CA-G1 and HiPKI EV TLS CA-G1 are in the second half part of each report.

(1) WebTrust for CA period-of-time audit https://www.cpacanada.ca/generichandlers/aptifyattachmenthandler.ashx?attachmentid=232565

Please read page 19 to page 30.

(2) WebTrust for CA -SSL BR and Network Security period-of-time audit https://www.cpacanada.ca/generichandlers/aptifyattachmenthandler.ashx?attachmentid=232566
Please read page 17 to page 26.

(3) WebTrust for CA-EV SSL period-of-time audit https://www.cpacanada.ca/generichandlers/aptifyattachmenthandler.ashx?attachmentid=233024

Please read page 10 to page 18.

Thank you.

Whiteboard: [ca-initial] → [ca-verifying]

The information for this root inclusion request is available at the following URL.

https://ccadb-public.secure.force.com/mozilla/PrintViewForCase?CaseNumber=00000491

This root inclusion request is ready for the Detailed CP/CPS Review phase, step 3 of
https://wiki.mozilla.org/CA/Application_Process#Process_Overview
so assigning this bug to Wayne.

There is a queue waiting for detailed CP/CPS reviews:
https://wiki.mozilla.org/CA/Dashboard#Detailed_CP.2FCPS_Review

It takes significant time and concentration to do a detailed CP/CPS review, so please be patient. In the meantime, I recommend looking at the results of the detailed CP/CPS reviews that have been previously completed.
https://wiki.mozilla.org/CA/Required_or_Recommended_Practices#CP.2FCPS_Documents_will_be_Reviewed.21

Assignee: kwilson → wthayer
Whiteboard: [ca-verifying] → [ca-cps-review] - KW 2019-09-12
Type: enhancement → task
You need to log in before you can comment on or make changes to this bug.