lcche...@gmail.com於 2019年3月1日星期五 UTC+8上午12時48分27秒寫道:
> 7. List of steps your CA is taking to resolve the situation and ensure such
> issuance will not be repeated in the future, accompanied with a timeline of
> when your CA expects to accomplish these things.
>
> Ans:
> To avoid making the same mistakes, the following steps will newly be
> introduced:
>
> Step 1. Implementation of a two-stage manual verification by different RAOs.
> Effective 26/02/2019.
>
> Step 2. Implementation of an automatic FQDN-checking function prior to
> issuing certificates. Effective 30/03/2019.
>
> Step 3. Implementation of a scheduling program to periodically and
> automatically check the newly-issued certificates from our repository.
> Effective 30/05/2019.
>
The scheduling program that can periodically and automatically check the
newly-issued certificates from our repository has been implemented on May 6th.
To avoid the same problem happened in those previously-issued certificates, we
scanned the whole repository and found that some FQDNs in the issued
certificates are inaccurate due to a change to domain’s ownership, or a
relevant licensing or services agreement between the Domain Name Registrar and
our customers has terminated. For the former case, we have revoked the certs
immediately according to the provisions in Section 4.9.1 of our CP/CPS. For the
latter case, we have asked our customers who still want to have the certificate
to renew their certificates; otherwise, we will revoke these certs within 5
days according to the provisions in Section 4.9.1 of our CP/CPS.
Li-Chun Chen
Chunghwa Telecom
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
