Open Bug 1891438 Opened 1 year ago Updated 4 months ago

Chunghwa Telecom: Postpone removal of ePKI Root CA's websites trust bit

Categories

(CA Program :: CA Certificate Root Program, task)

Product:
CA Program
Component:
CA Certificate Root Program
Type:
task

Tracking

(Not tracked)

Status:
REOPENED

People

(Reporter: tmkuo, Assigned: bwilson)

References

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Steps to reproduce:

We have a new root CA, i.e., HiPKI RCA (Cert SN#: 2d dd ac ce 62 97 94 a1 43 e8 b0 cd 76 6a 5e 60), which is single-purpose root CA and is cross-signed by our old Root CA (ePKI Root Certification Authority, cert SN#: 15 c8 bd 65 47 5c af b8 97 00 5e e4 06 d2 bc 9d). For transition purposes, we would like to ask browsers to postpone our root certificate (ePKI Root Certification Authority, cert SN#: 15 c8 bd 65 47 5c af b8 97 00 5e e4 06 d2 bc 9d) trust bit removal plan to a later date. The main reason is the delay on function testing, as we got a government CA sub-system and they ask more time to deal with the budget and testing issue as well, below is the time frame they gave and promised.

Time Description of work
Oct. 2023 Signed a new maintain contract with CHT for 2024.
Nov. 2023 Explain Mozilla/Google expected timeline to CA owner, i.e., government agencies.
Mar. 2024 Third-party auditor renews contract with CA owner.
Mar. 2024 Conduct the key generation ceremony of second-generation GTLSCA (GTLSCA-G2) and invite third-party auditors to witness and provide witness reports.
Apr. 2024 CHT conduct the application and review meeting of GTLSCA-G2 for becoming subordinate CA of HiPKI Root CA.
June 2024 Prepare a budget list of each work item for new budget year.
Aug. 2024 Signed a new maintain contract with CHT for 2025.
Sep. 2024 Conduct a system integration test of new cert chain.
Nov. 2024 Transfer the Root CA to new PKI, i.e., HiPKI Root CA.

Chunghwa Telecom Co., Ltd.,

Assignee: nobody → bwilson
Status: UNCONFIRMED → ASSIGNED
Type: enhancement → task
Ever confirmed: true
Summary: Postpone the removal of CHT old root CA → Chunghwa Telecom: Postpone removal of ePKI Root CA's websites trust bit
Flags: needinfo?(bwilson)

(In reply to Tsung-Min Kuo from comment #0)

Greetings Chunghwa Telecom Team,

I am writing to request a status update on the following key milestones in your efforts to get the GTLS CA transitioned from the ePKI Root CA to the HiPKI Root CA, as outlined below:

Time Description of work
...
Apr. 2024 CHT conduct the application and review meeting of GTLSCA-G2 for becoming subordinate CA of HiPKI Root CA.

Could you please confirm whether the application and review meeting for GTLSCA-G2 took place as scheduled in April 2024? If so, what were the outcomes of the meeting?

June 2024 Prepare a budget list of each work item for new budget year.

Who is currently responsible for preparing the budget list for each work item for the new budget year? Could you provide an update on the progress of this task?

Aug. 2024 Signed a new maintain contract with CHT for 2025.

On what specific date in August 2024 is the new maintenance contract expected to be signed? Are there any anticipated challenges or dependencies that might adversely affect this milestone?

Sep. 2024 Conduct a system integration test of new cert chain.

Is any work on this or other preparations currently underway?

Nov. 2024 Transfer the Root CA to new PKI, i.e., HiPKI Root CA.

What steps are required for this milestone to be met? Are there any subsequent steps or milestones needed to complete a successful transition to the HiPKI Root?

Also, are there any updates or changes to the overall project timeline that we should be informed about. Maintaining clear communication and adhering to the planned schedule over the next several months will be crucial to ensure a successful and timely transition.

Thank you for your attention to these matters and to any other information related to meeting these key milestones.

Flags: needinfo?(bwilson) → needinfo?(tmkuo)

(In reply to Ben Wilson from comment #1)

(In reply to Tsung-Min Kuo from comment #0)

Greetings Chunghwa Telecom Team,

I am writing to request a status update on the following key milestones in your efforts to get the GTLS CA transitioned from the ePKI Root CA to the HiPKI Root CA, as outlined below:

Time Description of work
...
Apr. 2024 CHT conduct the application and review meeting of GTLSCA-G2 for becoming subordinate CA of HiPKI Root CA.

Could you please confirm whether the application and review meeting for GTLSCA-G2 took place as scheduled in April 2024? If so, what were the outcomes of the meeting?

The CHT PMA meeting has conducted on 11st April, and Our PMA conclusion is to agree to the application for GTLSCA-G2 subordinate CA certificate.

June 2024 Prepare a budget list of each work item for new budget year.

Who is currently responsible for preparing the budget list for each work item for the new budget year? Could you provide an update on the progress of this task?

It's the Project Manager of GTLSCA CA team, Leo Fang (leox@cht.com.tw), he will cowork and discuss with the contact window of Taiwan Government. The progress of this task is almost done that I got from their biweek meeting, where it's final version is about to sent to the budget office for approve.

Aug. 2024 Signed a new maintain contract with CHT for 2025.

On what specific date in August 2024 is the new maintenance contract expected to be signed? Are there any anticipated challenges or dependencies that might adversely affect this milestone?
Not yet know.

Sep. 2024 Conduct a system integration test of new cert chain.

Is any work on this or other preparations currently underway?
The test script is ready, but it will not be carried out until the contract is signed.

Nov. 2024 Transfer the Root CA to new PKI, i.e., HiPKI Root CA.

What steps are required for this milestone to be met? Are there any subsequent steps or milestones needed to complete a successful transition to the HiPKI Root?

In short, the following steps are required

  1. the represent of Taiwan government present the cross-sign application and we conduct CHT PMA meeting, which has done on 11st April.
  2. make sure the new maintain contract is ongoing
  3. assure the bugzilla issues are all solved.

Also, are there any updates or changes to the overall project timeline that we should be informed about. Maintaining clear communication and adhering to the planned schedule over the next several months will be crucial to ensure a successful and timely transition.

Thank you for your attention to these matters and to any other information related to meeting these key milestones.

I will update it if there's any updates or changes. And I will follow up the related schedules that GTLSCA promised me.
Currently, they are in trouble with the following bug:
https://bugzilla.mozilla.org/show_bug.cgi?id=1899466

Flags: needinfo?(tmkuo)

A new maintenance contract has been signed, and plans for system integration testing of the new PKI and new cert chain are about to begin for GTLSCA.

Over the past few months, CHT has held multiple meetings with CA owners to discuss these incidents and CHT's response.

System integration testing of the new certificate chain was completed in October 2024. For TLS certificates, our commercial TLS business has been transferred to the new HiPKI OV TLS CA in these days, which is basically completed; but due to some issues, the transfer of new governmental TLS CA, GTLSCA-G2, has not yet been completed.

(In reply to Tsung-Min Kuo from comment #4)

in these days, which is basically completed; but due to some issues, the transfer of new governmental TLS CA, GTLSCA-G2, has not yet been completed.

Can you help identify the issues and hurdles faced in order to complete work on the transition to the GTLSCA-G2?
Maybe knowing about them will help create a 4-month project plan. (The scheduled date for TLS trust bit removal of April 15, 2025, is just 4 months away.)

Thanks,
Ben

Flags: needinfo?(tmkuo)

We are negociating with the other browsers to reconsider this cross-certificate request from our eCA-G1 to GTLSCA-G2, so that the transition make sence.

Here's the expected time description of GTLSCA-G2 cross-sign work in 2025:

Date Description of expected work
Mar. 2025 Completed negotiations with the other browsers to extend the removal of our eCA-G1.
April 2025 CHT conduct the application and review meeting of GTLSCA-G2 for becoming subordinate CA of HiPKI Root CA. \ (TLS dedicated PKI)
May-July 2025 Conduct a system integration test of new cert chain.
Aug. 2025 Completed transfers the GTLSCA-G2 business to new PKI, i.e., HiPKI Root CA.

We hope you will approve this 4-month transition project plan.

BR,
Tsung-Min Kuo

Flags: needinfo?(tmkuo)

There is a typo, the update is as follows:
We are negociating with the other browsers to reconsider this cross-certificate request from our HiPKI RCA-G1 to GTLSCA-G2, so that the transition make sence.

We are continuing to monitor this issue.

We appreciate CHT’s efforts to decommission the TLS use of the ePKI Root CA. However, we are concerned that your proposed timeline (Comment #6 and Comment #7) extends into August 2025. The timeline proposed is not aligned with those previously provided in Comment #0 and Comment #2 nor with the progress that we thought was being made, as reported in other updates. (FWIW - in an initial email before this bug was opened, CHT indicated that it might need an additional three months beyond April 15, 2025--i.e. July 15, 2025.)

Related to this request for an extension, and in order for this transition to be successful, CHT needs to cease TLS certificate issuance under the ePKI Root CA and/or ensure that certificate chains are replaced in a timely and controlled manner.

Also of concern is the role of the Ministry of Digital Affairs (MODA) and its effect on CHT’s CA operations. We want to ensure that CHT complies with industry standards, such as the TLS Baseline Requirements, and therefore we want to understand any compliance challenges that CHT faces under its arrangement with MODA -- whether CHT’s TLS-issuing subordinate CAs are operated externally by MODA or internally by CHT under government contract.

To address these concerns, we propose the following:

  1. All necessary work, including the full transition to the GTLSCA-G2 CA and acceptance testing, must be completed no later than July 15, 2025. This 3-month revised deadline already represents a significant extension beyond April 15, 2025, and it also aligns with CHT’s initial email. We urge you to prioritize meeting this date.
  2. Please provide updates on your progress here in this bug at least every 14 days. These updates should include clear details on the status of meeting your key milestones and dealing with the issues that exist, or any that may arise.
  3. CHT must ensure that certificate issuance under the ePKI Root CA quickly declines and/or that it is replacing certificate chains, etc., so that there are no last-minute surprises. A clear plan for this effort, along with fortnightly updates, must be provided.
  4. CHT needs to clarify its contractual obligations with MODA and explain how CHT ensures proper oversight and governance for its subordinate CAs—whether operated internally or externally.

We are committed to working with CHT to ensure a successful transition, but it is imperative that CHT adheres to this adjusted timeline and provides transparent updates throughout the process.

Finally, note that other root programs, e.g. Google Chrome, have their own policies and timelines, and it is important to engage with them directly to confirm their requirements and assess the feasibility of obtaining any extensions or approvals.

(In reply to Ben Wilson from comment #9)

We appreciate CHT’s efforts to decommission the TLS use of the ePKI Root CA. However, we are concerned that your proposed timeline (Comment #6 and Comment #7) extends into August 2025. The timeline proposed is not aligned with those previously provided in Comment #0 and Comment #2 nor with the progress that we thought was being made, as reported in other updates. (FWIW - in an initial email before this bug was opened, CHT indicated that it might need an additional three months beyond April 15, 2025--i.e. July 15, 2025.)

Related to this request for an extension, and in order for this transition to be successful, CHT needs to cease TLS certificate issuance under the ePKI Root CA and/or ensure that certificate chains are replaced in a timely and controlled manner.

We already ceased TLS certificate issuance under the ePKI Root CA at around 2024-12-09 and will ensure that certificate chains are replaced in a timely and controlled manner.

Also of concern is the role of the Ministry of Digital Affairs (MODA) and its effect on CHT’s CA operations. We want to ensure that CHT complies with industry standards, such as the TLS Baseline Requirements, and therefore we want to understand any compliance challenges that CHT faces under its arrangement with MODA -- whether CHT’s TLS-issuing subordinate CAs are operated externally by MODA or internally by CHT under government contract.

To address these concerns, we propose the following:

  1. All necessary work, including the full transition to the GTLSCA-G2 CA and acceptance testing, must be completed no later than July 15, 2025. This 3-month revised deadline already represents a significant extension beyond April 15, 2025, and it also aligns with CHT’s initial email. We urge you to prioritize meeting this date.
  2. Please provide updates on your progress here in this bug at least every 14 days. These updates should include clear details on the status of meeting your key milestones and dealing with the issues that exist, or any that may arise.
  3. CHT must ensure that certificate issuance under the ePKI Root CA quickly declines and/or that it is replacing certificate chains, etc., so that there are no last-minute surprises. A clear plan for this effort, along with fortnightly updates, must be provided.
  4. CHT needs to clarify its contractual obligations with MODA and explain how CHT ensures proper oversight and governance for its subordinate CAs—whether operated internally or externally.

This date (July 15, 2025) is OK, and we will re-discuss the transition plan with the MODA and provide an updated timeline.

We are committed to working with CHT to ensure a successful transition, but it is imperative that CHT adheres to this adjusted timeline and provides transparent updates throughout the process.

No problem, I will discuss this matter further with the GTLSCA team and the MODA during regular cross-check meetings, as well as provide transparent updates throughout the process.

Finally, note that other root programs, e.g. Google Chrome, have their own policies and timelines, and it is important to engage with them directly to confirm their requirements and assess the feasibility of obtaining any extensions or approvals.

Thanks for the reminder. We have already discussed this issue with Google Chrome root program and have asked certain questions directly and sought approval for any relevant actions.

We have just re-discussed the transition plan with MODA and provided an updated timeline, to which they agree.

We are continuing to monitor this issue.

We are continuing to monitor this issue.

Blocks: 1937338

We are currently implementing a migration plan for GTLSCA.

In the interest of transparency, Mozilla received a formal request from Taiwan’s Ministry of Digital Affairs (MODA), dated March 15, 2025, requesting that we delay the removal of the “websites” trust bit for Chunghwa Telecom’s ePKI Root CA, which is currently scheduled to occur on or about April 15, 2025, in accordance with Mozilla’s Root CA Lifecycles Transition Schedule.

MODA explained that the requested delay is intended to support the ongoing transition of government websites away from certificates issued by CHT’s GTLSCA-G1 subordinate CA. As we understand it, MODA is already implementing a short-term migration plan involving the dual issuance of approximately 12,000 new certificates for government websites—one from Chunghwa Telecom and one from Taiwan CA (TWCA)—to ensure continued availability of government services and minimize user disruption.

While we have not yet finalized a decision, we are currently contemplating:

  • Postponing the removal of the “websites” trust bit;
  • Implementing a distrust-after date; or
  • Taking other actions consistent with Mozilla Root Store Policy and ecosystem risk management.

We note that:

  • The ePKI Root CA uses a 4096-bit RSA key, which provides stronger security than other similarly aged root certificates.
  • Any extension under consideration would be strictly time-bounded (e.g., not to exceed August 1, 2025), reflecting a short-term accommodation, not a change in long-term policy direction.
  • Mozilla would retain the right to remove or revoke trust at any time, based on new information or evolving risk factors.

We welcome feedback on any of these approaches.

Ben,

Posting to m.d.s.p. may provide better visibility.

(In reply to Ben Wilson from comment #15)

In the interest of transparency, Mozilla received a formal request from Taiwan’s Ministry of Digital Affairs (MODA), dated March 15, 2025, requesting that we delay the removal of the “websites” trust bit for Chunghwa Telecom’s ePKI Root CA, which is currently scheduled to occur on or about April 15, 2025, in accordance with Mozilla’s Root CA Lifecycles Transition Schedule.

MODA explained that the requested delay is intended to support the ongoing transition of government websites away from certificates issued by CHT’s GTLSCA-G1 subordinate CA. As we understand it, MODA is already implementing a short-term migration plan involving the dual issuance of approximately 12,000 new certificates for government websites—one from Chunghwa Telecom and one from Taiwan CA (TWCA)—to ensure continued availability of government services and minimize user disruption.

While we have not yet finalized a decision, we are currently contemplating:

  • Postponing the removal of the “websites” trust bit;
  • Implementing a distrust-after date; or
  • Taking other actions consistent with Mozilla Root Store Policy and ecosystem risk management.

We note that:

  • The ePKI Root CA uses a 4096-bit RSA key, which provides stronger security than other similarly aged root certificates.
  • Any extension under consideration would be strictly time-bounded (e.g., not to exceed August 1, 2025), reflecting a short-term accommodation, not a change in long-term policy direction.
  • Mozilla would retain the right to remove or revoke trust at any time, based on new information or evolving risk factors.

We welcome feedback on any of these approaches.

Thanks for your information, we will share any status of this issue.

(In reply to Dimitris Zacharopoulos from comment #16)

Ben,

Posting to m.d.s.p. may provide better visibility.

Thanks, Dimitris

See https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/uYAm_c_pfos/m/Pz5m5PAZBwAJ

We are continuing to monitor this issue.

Our current plan is to postpone processing the websites trust bit removal from the Chunghwa Telecom ePKI Root CA until Firefox Release 141.

Thanks for your information, I will sync with MODA as well.

Flags: needinfo?(bwilson)
No longer blocks: 1937338
Depends on: 1967548

The websites trust bit has been removed in FF 141.

Status: ASSIGNED → RESOLVED
Closed: 4 months ago
Flags: needinfo?(bwilson)
Resolution: --- → FIXED
Status: RESOLVED → REOPENED
Resolution: FIXED → ---

We have opened a new bug (Bug #1974299) to revert the websites trust bit removal for the Chunghwa Telecom ePKI Root and to set a distrust-after date of April 15, 2025, 23:59:59 UTC for server authentication.

This change follows a formal request from the Taiwan Ministry of Digital Affairs (MODA), which is executing on its strategy to phase out this root from government use.

MODA confirmed that Chunghwa Telecom has stopped issuing new certificates from this hierarchy and is actively supporting the transition effort. However, some critical government sites still rely on previously issued certificates, and premature distrust has impacted public access to essential services.

To balance user security and service continuity, we're adopting and implementing a "distrust-after" setting for this root and distrusting certificates issued after April 15, 2025, that chain up to it.

Thanks for your information, I will sync with CHT CA team and MODA.

You need to log in before you can comment on or make changes to this bug.