Per - https://bugzilla.mozilla.org/show_bug.cgi?id=1891438#c15:
"In the interest of transparency, Mozilla received a formal request from Taiwan’s Ministry of Digital Affairs (MODA), dated March 15, 2025, requesting that we *delay the removal of the “websites” trust bit* for Chunghwa Telecom’s *ePKI Root CA*, which is currently scheduled to occur on or about April 15, 2025, in accordance with Mozilla’s Root CA Lifecycles Transition Schedule <https://wiki.mozilla.org/CA/Root_CA_Lifecycles#Transition_Schedule>. MODA explained that the requested delay is intended to support the ongoing transition of government websites away from certificates issued by CHT’s *GTLSCA-G1 subordinate CA*. As we understand it, MODA is already implementing a short-term migration plan involving the dual issuance of approximately *12,000 new certificates* for government websites—one from Chunghwa Telecom and one from *Taiwan CA (TWCA)*—to ensure continued availability of government services and minimize user disruption. While we have not yet finalized a decision, we are currently contemplating: - Postponing the removal of the “websites” trust bit; - Implementing a distrust-after date; or - Taking other actions consistent with Mozilla Root Store Policy and ecosystem risk management. We note that: - The ePKI Root CA uses a 4096-bit RSA key, which provides stronger security than other similarly aged root certificates. - Any extension under consideration would be *strictly time-bounded* (e.g., not to exceed *August 1, 2025*), reflecting a *short-term accommodation*, not a change in long-term policy direction. - Mozilla would retain the right to remove or revoke trust *at any time*, based on new information or evolving risk factors. We welcome feedback on any of these approaches." Thanks, Ben -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaZrLz-4NCSwYaX0q4XVLxbh0HboKcc3MsQ11FVdbzHJQQ%40mail.gmail.com.
