[cabfpub] I can't read Some CAs's Audit Report and Management's Assertion

陳立群 realsky at cht.com.tw
Thu Nov 24 23:51:39 MST 2016


In previous mail
(https://cabforum.org/pipermail/public/2016-November/008986.html) , there
was a typo , PFD should be PDF.

 

I correct as below:

 

2.I find  the SSL BR & Network Security 2.0  Audit Report and Management's
Assertion of Taiwan Government PKI

https://cert.webtrust.org/SealFile?seal=2051
<https://cert.webtrust.org/SealFile?seal=2051&file=pdf> &file=pdf  

             It appears a Yukon Department of Education PDF test file as
attached print screen file .(file name: cpa-2051-bug)

       

          Li-Chun Chen

 

From: 陳立群 [mailto:realsky at cht.com.tw] 
Sent: Friday, November 25, 2016 11:02 AM
To: 'Dean Coclin'; 'CA/Browser Forum Public Discussion List'
Cc: 'Kirk Hall'
Subject: Re: [cabfpub] I can't read Some CAs's Audit Report and Management's
Assertion

 

 

1.       when I was at home two hours before, I read the mail from Dean and
Kirk, and saw Entrust’s, Digicert’s and Amazon’s links were fixed.

 

But our company’s ePKI two links are still unavailable as attached two
print screen files (file names: cpa-2128-bug.jpg &  cpa-2129-bug.jpg ), you
can see the time in bottom right is around AM 7:21 (UTC+8) and AM 7:54
(UTC+8) of Nov.,25. And now I check these two links are still unavailable by
my office computer. https://cert.webtrust.org/SealFile?seal=2129
<https://cert.webtrust.org/SealFile?seal=2129&file=pdf> &file=pdf 

 

&

 

https://cert.webtrust.org/SealFile?seal=2128
<https://cert.webtrust.org/SealFile?seal=2128&file=pdf> &file=pdf

 

     I told our company’s ePKI auditor SUNRISE CPAS' FIRM, MEMBER OF DFK
INTERNATIONAL to contact CPA to fix the problem as soon as possible. As the
problem lasts for three days. And in CPS, we tell the replying party that
the external audit report and management's assertions can be viewed by click
on the WebTrust for CA seals in CA web site.

 

2.      I find  the SSL BR & Network Security 2.0  Audit Report and
Management's Assertion of Taiwan Government PKI

https://cert.webtrust.org/SealFile?seal=2051
<https://cert.webtrust.org/SealFile?seal=2051&file=pdf> &file=pdf  

             It appears a Yukon Education PFD TEST file as attached file
.(file name: cpa-2051-bug)

 

   As for Trust Service for CA 2.0 Audit Report and Management's Assertion
of Taiwan Government PKI, https://cert.webtrust.org/SealFile?seal=2050
<https://cert.webtrust.org/SealFile?seal=2050&file=pdf> &file=pdf , it
appears 

Apache Tomcat/4.0.6 - HTTP Status 500 - Internal Server Error message as
attached print screen file .

 

I told the PM of GPKI to tell the auditor –KPMG, Taiwan to contact CPA to
fix the problem this morning.

 

3.      I suggest CA representatives of the forum to check your CAs's Audit
Report and Management's Assertion links.

 

 

Li-Chun Chen

Chunghwa Telecom 

 

From: Dean Coclin [mailto:Dean_Coclin at symantec.com] 
Sent: Friday, November 25, 2016 1:36 AM
To: CA/Browser Forum Public Discussion List
Cc: realsky(CHT); Kirk Hall
Subject: [外部郵件] Re: [cabfpub] I can't read Some CAs's Audit Report and
Management's Assertions and a problem for Audit Report and Management's Asse
rtions published in Entrust homepage

 

AICPA said the Entrust links were fixed yesterday. 

Sent from my iPhone


On Nov 24, 2016, at 12:22 PM, Kirk Hall via Public <public at cabforum.org>
wrote:

Li-Chun - I can't explain the images you sent.  Here are the images that I
get for Entrust, which are different:

 

https://www.entrust.com/

 

<image001.jpg>

 

https://entrust.webtrust.org/ViewSeal?id=328

 

<image002.jpg>

 

https://entrust.webtrust.org/SealFile?seal=328
<https://entrust.webtrust.org/SealFile?seal=328&file=pdf> &file=pdf

 

<image003.jpg>

 

 

-----Original Message-----
From: Public [mailto:public-bounces at cabforum.org] On Behalf Of realsky(CHT)
via Public
Sent: Tuesday, November 22, 2016 8:42 AM
To: public <public at cabforum.org>
Cc: realsky(CHT) <realsky at cht.com.tw>
Subject: [cabfpub] I can't read Some CAs's Audit Report and Management's
Assertions and a problem for Audit Report and Management's Asse rtions
published in Entrust homepage

 

If you click some CAs' WebTrust for CA seal and want to see Audit Report and
Management's Assertions. then it will appear error message such as attached
print screen files.

 

It appears

 

Apache Tomcat/4.0.6 - HTTP Status 500 - Internal Server Error.

 

type: Exception report

 

message: Internal Server Error

 

description The server encountered an internal error (Internal Server Error)
that prevented it from fulfilling this request.

 

 

 

for below three links:

 

1.Chunghwa Telecom's SSL BR & Network Security 2.0 Audit Report and
Management's Assertions

 

 <https://cert.webtrust.org/SealFile?seal=2129&file=pdf>
https://cert.webtrust.org/SealFile?seal=2129&file=pdf

(please see attached file 

 

 

2.DigiCert's Trust Service for CA 2.0 Audit Report and Management's
Assertions  <https://cert.webtrust.org/SealFile?seal=2129&file=pdf>
https://cert.webtrust.org/SealFile?seal=2129&file=pdf 

 

 

3.Amazon' Trust Service for CA 2.0 Audit Report and Management's Assertions
<https://cert.webtrust.org/SealFile?seal=1998&file=pdf>
https://cert.webtrust.org/SealFile?seal=1998&file=pdf

 

I hope CPA can fix the problem as soon as possible. I found the problem here
yesterday morning.

 

 

There is another problem for Entrust's web site, maybe Bruce can ask for
your website designer to fix it. I connect to  <https://www.entrust.com/>
https://www.entrust.com/, and click the webtrust for CA seal by Deloitte as
attached file entrust-homepage.jpg and connect to
<https://entrust.webtrust.org/ViewSeal?id=328>
https://entrust.webtrust.org/ViewSeal?id=328, then I click the link to Audit
Report and Management's Assertions of Entrust
<https://entrust.webtrust.org/SealFile?seal=328&file=pdf>
https://entrust.webtrust.org/SealFile?seal=328&file=pdf, I can read the
Audit Report and Management's Assertions during the audit period from March
1 2013 through 28 February 2014 as attached file entrust-seal.jpg. I think
Entrust should have a renewal audit report and Management's Assertions and
new URL to update the link of your website seal. 

 

Sincerely Yours,

 

 

   Li-Chun Chen

   Chunghwa Telecom Co. Ltd.    

 

本信件可能包含中華電信股份有限公司機密資訊,非指定之收件者,請勿蒐集、處理或利
用本信件內容,並請銷毀此信件. 如為指定收件者,應確實保護郵件中本公司之營業機密
及個人資料,不得任意傳佈或揭露,並應自行確認本郵件之附檔與超連結之安全性,以共
同善盡資訊安全與個資保護責任.

Please be advised that this email message (including any attachments)
contains confidential information and may be legally privileged. If you are
not the intended recipient, please destroy this message and all attachments
from your system and do not further collect, process, or use them. Chunghwa
Telecom and all its subsidiaries and associated companies shall not be
liable for the improper or incomplete transmission of the information
contained in this email nor for any delay in its receipt or damage to your
system. If you are the intended recipient, please protect the confidential
and/or personal information contained in this email with due care. Any
unauthorized use, disclosure or distribution of this message in whole or in
part is strictly prohibited. Also, please self-inspect attachments and
hyperlinks contained in this email to ensure the information security and to
protect personal information.

 

 

_______________________________________________
Public mailing list
Public at cabforum.org
https://cabforum.org/mailman/listinfo/public



本信件可能包含中華電信股份有限公司機密資訊,非指定之收件者,請勿蒐集、處理或利用本信件內容,並請銷毀此信件. 如為指定收件者,應確實保護郵件中本公司之營業機密及個人資料,不得任意傳佈或揭露,並應自行確認本郵件之附檔與超連結之安全性,以共同善盡資訊安全與個資保護責任. 
Please be advised that this email message (including any attachments) contains confidential information and may be legally privileged. If you are not the intended recipient, please destroy this message and all attachments from your system and do not further collect, process, or use them. Chunghwa Telecom and all its subsidiaries and associated companies shall not be liable for the improper or incomplete transmission of the information contained in this email nor for any delay in its receipt or damage to your system. If you are the intended recipient, please protect the confidential and/or personal information contained in this email with due care. Any unauthorized use, disclosure or distribution of this message in whole or in part is strictly prohibited. Also, please self-inspect attachments and hyperlinks contained in this email to ensure the information security and to protect personal information.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20161125/d94a1702/attachment-0001.html>


More information about the Public mailing list