<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
<p>Hello Li-Chun,</p>
<p>from the ETSI View the Certification Policy EN 319 411-1 defines
the Level LCP and NCP(+) that are applicable for S/MIME "Signing"
certs.<br>
You can download the latest version at<br>
<a class="moz-txt-link-freetext" href="https://portal.etsi.org/TB-SiteMap/ESI/Trust-Service-Providers">https://portal.etsi.org/TB-SiteMap/ESI/Trust-Service-Providers</a></p>
<p>The Certification Audit Body and the Auditor has to be confirmed
as "qualified" as described by Mozilla and in the BR<br>
</p>
<p>Best regards</p>
<p>Arno Fiedler</p>
<p><br>
</p>
<div class="moz-cite-prefix">Am 22.10.2020 um 08:45 schrieb Dimitris
Zacharopoulos (HARICA) via Smcwg-public:<br>
</div>
<blockquote type="cite" cite="mid:bd60e782-fe5d-e117-ee35-b564720082fd@harica.gr">
<br>
Li-Chun,<br>
<br>
The applicable audit requirements for S/MIME Issuing CAs are
described in the various Root Program sites. Check out the
following for Mozilla and Microsoft:<br>
<ul>
<li><a class="moz-txt-link-freetext" href="https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fmozilla%2Fpkipolicy%2Fblob%2F2.7%2Frootstore%2Fpolicy.md%23312-required-audits&data=04%7C01%7C%7Cd8439e9cd9b4495f2fa808d876560e61%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637389459276855818%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=YFvrhdfbovGFIKBDKO%2BeU7b3vT1VNVqRPEAEunROf5M%3D&reserved=0" originalsrc="https://github.com/mozilla/pkipolicy/blob/2.7/rootstore/policy.md#312-required-audits" shash="qRYRWFxqUlLOT7ZOp2FrSmFDh8mU70OQ+KCN5X9i9RCFJaDjd22vLOzDBuyoZvbAqsSrW/18W3yRkH6fVtkibMLEiKHaQQOZ7zafzinN5k/KqrwqeFNncNlQSpP7G41+DdX6xwq3w7rqkEAyMObK+fay/JJv/Xr0cujjs/pQCi4=" moz-do-not-send="true">https://github.com/mozilla/pkipolicy/blob/2.7/rootstore/policy.md#312-required-audits</a></li>
<li><a class="moz-txt-link-freetext" href="https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fsecurity%2Ftrusted-root%2Faudit-requirements%23a-webtrust-audits&data=04%7C01%7C%7Cd8439e9cd9b4495f2fa808d876560e61%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637389459276855818%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=uSpKtWP2OkV%2BJKyE0Tjlk7s1Gh39%2Byk0Qbva6M83ghM%3D&reserved=0" originalsrc="https://docs.microsoft.com/en-us/security/trusted-root/audit-requirements#a-webtrust-audits" shash="de3/ICPhUVO/4F/pUQYGbp5rsy1oX1DddCdwEbiAAtJuB2yrdPncswgL6qtNOUGFf0dCL4KU/j6eT2qoZwWV8U4OMF4yDaV25lYl/WZfRD3V/S0mOlX5xWUGoO7JNXH2m32QFj2vMRE0ggL1W1tN80GtxBoSyu70FiflFofFONA=" moz-do-not-send="true">https://docs.microsoft.com/en-us/security/trusted-root/audit-requirements#a-webtrust-audits</a></li>
</ul>
Hope this helps.<br>
<br>
<br>
Dimitris.<br>
<br>
<div class="moz-cite-prefix">On 2020-10-22 4:17 π.μ., 陳立群 via
Smcwg-public wrote:<br>
</div>
<blockquote type="cite" cite="mid:018601d6a811$32144d30$963ce790$@cht.com.tw">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]-->
<style><!--
/* Font Definitions */
@font-face
{font-family:新細明體;
panose-1:2 2 5 0 0 0 0 0 0 0;}
@font-face
{font-family:"MS Gothic";
panose-1:2 11 6 9 7 2 5 8 2 4;}
@font-face
{font-family:細明體;
panose-1:2 2 5 9 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"\@新細明體";
panose-1:2 1 6 1 0 1 1 1 1 1;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"Malgun Gothic";
panose-1:2 11 5 3 2 0 0 2 0 4;}
@font-face
{font-family:"\@Malgun Gothic";}
@font-face
{font-family:"\@MS Gothic";
panose-1:2 11 6 9 7 2 5 8 2 4;}
@font-face
{font-family:"Trebuchet MS";
panose-1:2 11 6 3 2 2 2 2 2 4;}
@font-face
{font-family:"\@細明體";
panose-1:2 1 6 9 0 1 1 1 1 1;}
@font-face
{font-family:trebuchet;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"新細明體",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"新細明體",serif;}
pre
{mso-style-priority:99;
mso-style-link:"HTML 預設格式 字元";
margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:細明體;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"新細明體",serif;}
span.baec5a81-e4d6-4674-97f3-e9220f0136c1
{mso-style-name:baec5a81-e4d6-4674-97f3-e9220f0136c1;}
p.xmsonormal, li.xmsonormal, div.xmsonormal
{mso-style-name:x_msonormal;
margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"新細明體",serif;}
span.EmailStyle23
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.HTML
{mso-style-name:"HTML 預設格式 字元";
mso-style-priority:99;
mso-style-link:"HTML 預設格式";
font-family:細明體;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:#1F497D" lang="EN-US"><o:p> </o:p></span></p>
<pre style="text-indent:30.0pt"><span style="font-family:"Calibri",sans-serif" lang="EN-US">if we setup a new intermediate S/MIME CA chains up to our Root with EKU such as Secured Email, Client Authentication, Server Authentication. The S/MIME CA’s CA certificate and EE Certificates will contain an id-kp-emailProtection and Client authentication Extended Key Usage (EKU) extension. From RFC 5280, this CA will not has the ability to issue SSL/TLS certs. Besides Web Trust for CA , will this new intermediate S/MIME CA need to pass the Principles 4 of WebTurst for CA-SSL BR with Network Security Audit (It corresponds to NETWORK AND CERTIFICATE SYSTEMSECURITY REQUIREMENTS )? For Google or Mozilla, they use EKU Chaining and from Mozilla</span><span style="font-size:10.5pt;font-family:"Trebuchet MS",sans-serif" lang="EN-US"> policy 3.1.2.1, the n</span><span style="font-family:"Calibri",sans-serif" lang="EN-US">ew intermediate S/MIME CA</span><span style="font-size:10.5pt;font-family:"Trebuchet MS",sans-serif" lang="EN-US"> need not </span><span style="font-family:"Calibri",sans-serif" lang="EN-US"> pass the Principles 4 of WebTurst for CA-SSL BR with Network Security Audit . But It is not clear in Apple’s Root Program Policy. Does CISCO support S/MIME trust bit/EKU? <o:p></o:p></span></pre>
<pre><span style="font-family:"Calibri",sans-serif" lang="EN-US"><o:p> </o:p></span></pre>
<pre style="text-indent:18.0pt"><span style="font-family:"Calibri",sans-serif" lang="EN-US">But from Page 1 of these Network and Certificate System Security Requirements (Requirements) , it said “it apply to all publicly trusted Certification Authorities (CAs). Or Network and Certificate System Security Requirements (Requirements) only apples to SSL CA. Principles 4 of WebTurst for CA-SSL BR with Network Security Audit only applies to an intermediate CA with CA certificates that contained anyEKU or without EKU but those intermediate CA doesn’t issue SSL/TLS certificates.<o:p></o:p></span></pre>
<pre style="text-indent:18.0pt"><span style="font-family:"Calibri",sans-serif" lang="EN-US"><o:p> </o:p></span></pre>
<pre><span style="font-family:"Calibri",sans-serif" lang="EN-US"><o:p> </o:p></span></pre>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:#1F497D" lang="EN-US"> </span><span style="font-family:"Calibri",sans-serif" lang="EN-US"> Li-Chun Chen</span><span style="font-family:"Calibri",sans-serif;color:#1F497D" lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:#1F497D" lang="EN-US"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:#1F497D" lang="EN-US"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif" lang="EN-US">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif" lang="EN-US"> Jeff Ward <a class="moz-txt-link-rfc2396E" href="mailto:jward@bdo.com" moz-do-not-send="true"><jward@bdo.com></a>
<br>
<b>Sent:</b> Sunday, August 23, 2020 4:59 AM<br>
<b>To:</b> </span><span style="font-size:11.0pt">陳立群</span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif" lang="EN-US"> <a class="moz-txt-link-rfc2396E" href="mailto:realsky@cht.com.tw" moz-do-not-send="true"><realsky@cht.com.tw></a>;
'SMIME Certificate Working Group' <a class="moz-txt-link-rfc2396E" href="mailto:smcwg-public@cabforum.org" moz-do-not-send="true"><smcwg-public@cabforum.org></a><br>
<b>Subject:</b> [</span><span style="font-size:11.0pt">外部郵件</span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif" lang="EN-US">] Re: [Smcwg-public] Audit Schem of a
S/MIME CA<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:black" lang="EN-US">If the CA either issues or has the ability
to issue SSL/TLS certs, baseline requirements apply. <o:p></o:p></span></p>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:black" lang="EN-US"><o:p> </o:p></span></p>
</div>
<div id="Signature">
<div>
<div id="divtagdefaultwrapper">
<div>
<p style="background:white"><b><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:#404040" lang="EN-US">Jeff Ward, CPA, CGMA, CITP, CISA,
CISSP, CEH<o:p></o:p></span></b></p>
<p style="background:white"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:#404040" lang="EN-US">National Managing Partner Third
Party Attestation</span><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:black" lang="EN-US"><o:p></o:p></span></p>
<p style="background:white"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:#404040" lang="EN-US">(SOC/WebTrust/Cybersecurity)</span><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:black" lang="EN-US"><o:p></o:p></span></p>
<p style="background:white"><span class="baec5a81-e4d6-4674-97f3-e9220f0136c1"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:#404040" lang="EN-US">314-889-1220<span style="color:blue"><img style="width:.1666in;height:.1666in" id="_x0000_i1025" src="cid:part6.5838BFE7.4CD64827@outlook.com" class="" width="16" height="16"></span></span></span><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:#404040" lang="EN-US"> (Direct) 347-1220 (Internal)<o:p></o:p></span></p>
<p style="background:white"><span class="baec5a81-e4d6-4674-97f3-e9220f0136c1"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:#ED1A3B" lang="EN-US"><a href="mailto:jward@bdo.com" moz-do-not-send="true">jward@bdo.com</a> </span></span><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:#404040" lang="EN-US"><o:p></o:p></span></p>
<p style="background:white"><b><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:#404040" lang="EN-US">BDO<o:p></o:p></span></b></p>
<p style="background:white"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:#404040" lang="EN-US">101 S Hanley Rd, #800<o:p></o:p></span></p>
<p style="background:white"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:#404040" lang="EN-US">St. Louis, MO 63105<o:p></o:p></span></p>
<p style="background:white"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:#404040" lang="EN-US">UNITED STATES<o:p></o:p></span></p>
<p style="background:white"><span class="baec5a81-e4d6-4674-97f3-e9220f0136c1"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:#404040" lang="EN-US">314-889-1100<span style="color:blue"><img style="width:.1666in;height:.1666in" id="_x0000_i1026" src="cid:part6.5838BFE7.4CD64827@outlook.com" class="" width="16" height="16" border="0"></span></span></span><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:#404040" lang="EN-US"><o:p></o:p></span></p>
<p style="background:white"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:#ED1A3B" lang="EN-US"><a href="https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.bdo.com%2F&data=04%7C01%7C%7Cd8439e9cd9b4495f2fa808d876560e61%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637389459276865812%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=JF%2FRjdJnRdwtq1ik8zg37o0JTXtPGJqviBTvFQkg%2BLE%3D&reserved=0" originalsrc="http://www.bdo.com/" shash="e5I58UkuWR+NIQ4UAYgVjp2n3bzh9Bvzf7NVNK+wN2bqlo4W5OzCb5O3KHZnSvfTJJzNXtHgBvqUUc33+dBo6xnalZXHboIvAi0eVFwQRb7b8Py1HfEV638UmbLwzP64oL0FtUUsEQv52thpY7KUFzJ/XXqrrVO4K7KnMLO25AE=" moz-do-not-send="true">www.bdo.com</a><o:p></o:p></span></p>
<p style="background:white"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:#1BC237" lang="EN-US">Please consider the environment
before printing this e-mail<o:p></o:p></span></p>
</div>
</div>
</div>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:black" lang="EN-US"><o:p> </o:p></span></p>
</div>
<div class="MsoNormal" style="text-align:center" align="center"><span lang="EN-US">
<hr width="98%" size="2" align="center"></span></div>
<div id="divRplyFwdMsg">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black" lang="EN-US">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black" lang="EN-US"> </span><span style="font-size:11.0pt;color:black">陳立群</span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black" lang="EN-US"> <<a href="mailto:realsky@cht.com.tw" moz-do-not-send="true">realsky@cht.com.tw</a>><br>
<b>Sent:</b> Friday, August 21, 2020 6:59 AM<br>
<b>To:</b> Jeff Ward <<a href="mailto:jward@bdo.com" moz-do-not-send="true">jward@bdo.com</a>>;
'SMIME Certificate Working Group' <<a href="mailto:smcwg-public@cabforum.org" moz-do-not-send="true">smcwg-public@cabforum.org</a>><br>
<b>Subject:</b> RE: [Smcwg-public] Audit Schem of a
S/MIME CA</span><span lang="EN-US"> <o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-US"> <o:p></o:p></span></p>
</div>
</div>
<div>
<div style="border:solid black 1.5pt;padding:0cm 0cm 0cm
0cm;margin-bottom:24.0pt">
<p style="background:lightgreen"><span lang="EN-US">Attention:
This email was sent from someone outside of BDO USA.
Always use caution when opening attachments or
clicking links from unknown senders or when
receiving unexpected emails.<o:p></o:p></span></p>
</div>
<div>
<div>
<p class="xmsonormal"><span style="color:#1F497D" lang="EN-US">Dear Jeff,</span><span lang="EN-US"><o:p></o:p></span></p>
<p class="xmsonormal"><span style="color:#1F497D" lang="EN-US"> </span><span lang="EN-US"><o:p></o:p></span></p>
<p class="xmsonormal"><span style="color:#1F497D" lang="EN-US"> Thank you very much for your
information.</span><span lang="EN-US"><o:p></o:p></span></p>
<p class="xmsonormal"><span style="color:#1F497D" lang="EN-US"> </span><span lang="EN-US"><o:p></o:p></span></p>
<p class="xmsonormal"><span style="color:#1F497D" lang="EN-US"> In the example diagram, issuing
CA 2 would need to receive a Webtrust for CA based
on Microsoft Audit Requirements of Microsoft
Trusted Root Certificate Program. Issuing CA 2
need not to receive the Network Security
Requirements (Principle 4). Right?</span><span lang="EN-US"><o:p></o:p></span></p>
<p class="xmsonormal"><span style="color:#1F497D" lang="EN-US"> </span><span lang="EN-US"><o:p></o:p></span></p>
<p class="xmsonormal"><span style="color:#1F497D" lang="EN-US"> <a href="https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fsecurity%2Ftrusted-root%2Faudit-requirements&data=04%7C01%7C%7Cd8439e9cd9b4495f2fa808d876560e61%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637389459276865812%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=%2BmRF2%2BPuXM%2BAm%2FbnAxI%2B%2FBkdJ%2F17J%2BHj3HUqOyKWNLY%3D&reserved=0" originalsrc="https://docs.microsoft.com/en-us/security/trusted-root/audit-requirements" shash="bJX1C7c/dd/97MJq6vD1aekm8/0bO1M280zbMGFbLIalkbmXCct/KUJ/BGbrV36O080XbBH3d5oQKjknKOG7CYKuuj8tolIoZJvAQq0GoyPgwBzF4lNgN5yTj03qdgL3XKun09dcObtCUL/8IUDI3B/2K8T+0i2rAdPRcJb0lsM=" moz-do-not-send="true">https://docs.microsoft.com/en-us/security/trusted-root/audit-requirements</a></span><span lang="EN-US"><o:p></o:p></span></p>
<p class="xmsonormal"><span style="color:#1F497D" lang="EN-US"> </span><span lang="EN-US"><o:p></o:p></span></p>
<p class="xmsonormal"><span style="color:#1F497D" lang="EN-US"><img style="width:10.2604in;height:8.625in" id="x_圖片_x0020_1" src="cid:part14.1C2E8E65.6F51F5DA@outlook.com" class="" width="985" height="828" border="0"></span><span lang="EN-US"><o:p></o:p></span></p>
<p class="xmsonormal"><span style="color:#1F497D" lang="EN-US"> </span><span lang="EN-US"><o:p></o:p></span></p>
<p class="xmsonormal"><span style="color:#1F497D" lang="EN-US"> </span><span lang="EN-US"><o:p></o:p></span></p>
<p class="xmsonormal"><span style="color:#1F497D" lang="EN-US"> It is not clear about audit
scheme for S/MIME CA from Apple</span><span style="color:#1F497D">’<span lang="EN-US">s root
program webpage <a href="https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.apple.com%2Fcertificateauthority%2Fca_program.html&data=04%7C01%7C%7Cd8439e9cd9b4495f2fa808d876560e61%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637389459276875809%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=nuT6zjRLSFBx3IQ2vNjYejT0HAcJSNhP9rEPZl9xMlc%3D&reserved=0" originalsrc="https://www.apple.com/certificateauthority/ca_program.html" shash="R7QfIm8Gk8q9Esk8kZ6+NVWJAHRn6XBWFOwagexCuOXgHouHJHdUwi+FBFYI8ejhg3v7RX2m8KCa/rfRCp47ZiI4RcTpxyq/lE6nybpjxIsRglzleGB9LSHz8QsK6bVPdnvmRrQaEIA232954hAhSspaE7/Uvnx2fsoF4Ito8oA=" moz-do-not-send="true">https://www.apple.com/certificateauthority/ca_program.html</a>
and Chrome</span>’<span lang="EN-US">s Root
Certificate Policy <a href="https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsites.google.com%2Fa%2Fchromium.org%2Fdev%2FHome%2Fchromium-security%2Froot-ca-policy&data=04%7C01%7C%7Cd8439e9cd9b4495f2fa808d876560e61%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637389459276875809%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=hQ1UQhz4AhjGHLvloR5EqFIGSNZEwmi9e9JUxQuDF5I%3D&reserved=0" originalsrc="https://sites.google.com/a/chromium.org/dev/Home/chromium-security/root-ca-policy" shash="FSnNEI1IUSQR+eyiL4Jq/3DiDlK8oirhPSbhVBNFj2SO9lQ4AthuQsQ9D+Hs4l1+DTaAFmFqn9442uVmxmPm1540b98QY0sa6cyXOZVrt4iM+yz5EX/jbu2/iwe+qxUU4PtfW1M4peq+mVtAeB4xTj7VRLs0KzNASsz9tPDrFtQ=" moz-do-not-send="true">https://sites.google.com/a/chromium.org/dev/Home/chromium-security/root-ca-policy</a>
.</span></span><span lang="EN-US"><o:p></o:p></span></p>
<p class="xmsonormal"><span style="color:#1F497D" lang="EN-US"> </span><span lang="EN-US"><o:p></o:p></span></p>
<p class="xmsonormal"><span style="color:#1F497D" lang="EN-US"> </span><span lang="EN-US"><o:p></o:p></span></p>
<p class="xmsonormal"><span style="color:#1F497D" lang="EN-US"> Li-Chun Chen</span><span lang="EN-US"><o:p></o:p></span></p>
<p class="xmsonormal"><span style="color:#1F497D" lang="EN-US"> Chunghwa Telecom </span><span lang="EN-US"><o:p></o:p></span></p>
<p class="xmsonormal"><span style="color:#1F497D" lang="EN-US"> </span><span lang="EN-US"><o:p></o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="xmsonormal"><b><span lang="EN-US">From:</span></b><span lang="EN-US"> Jeff Ward <<a href="mailto:jward@bdo.com" moz-do-not-send="true">jward@bdo.com</a>>
<br>
<b>Sent:</b> Thursday, August 20, 2020 10:26
PM<br>
<b>To:</b> </span>陳立群<span lang="EN-US"> <<a href="mailto:realsky@cht.com.tw" moz-do-not-send="true">realsky@cht.com.tw</a>>;
SMIME Certificate Working Group <<a href="mailto:smcwg-public@cabforum.org" moz-do-not-send="true">smcwg-public@cabforum.org</a>><br>
<b>Subject:</b> [</span>外部郵件<span lang="EN-US">]
RE: [Smcwg-public] Audit Schem of a S/MIME CA<o:p></o:p></span></p>
</div>
</div>
<p class="xmsonormal"><span lang="EN-US"> <o:p></o:p></span></p>
<p class="xmsonormal"><span style="font-size:10.5pt;font-family:"Trebuchet
MS",sans-serif" lang="EN-US">In the example
diagram, Issuing CA 2 would need to receive a
WebTrust for CA based on Mozilla policy 3.1.2.1. </span><span lang="EN-US"><o:p></o:p></span></p>
<p class="xmsonormal"><span style="font-size:10.5pt;font-family:"Trebuchet
MS",sans-serif" lang="EN-US"> </span><span lang="EN-US"><o:p></o:p></span></p>
<p class="xmsonormal"><span lang="EN-US"><img style="width:8.0416in;height:4.1979in" id="x_Picture_x0020_1" src="cid:part20.22326F9A.89999489@outlook.com" class="" width="772" height="403" border="0"><o:p></o:p></span></p>
<p class="xmsonormal"><span style="font-size:10.5pt;font-family:"Trebuchet
MS",sans-serif" lang="EN-US"> </span><span lang="EN-US"><o:p></o:p></span></p>
<p class="xmsonormal"><b><span style="font-size:10.0pt;font-family:"Trebuchet
MS",sans-serif;color:#404040" lang="EN-US">Jeff
Ward, CPA, CGMA, CITP, CISA, CISSP, CEH</span></b><span style="font-size:10.0pt;font-family:"Trebuchet
MS",sans-serif;color:#404040" lang="EN-US"><br>
National Managing Partner Third Party Attestation
(SOC/WebTrust/Cybersecurity)<br>
314-889-1220 (Direct) 347-1220 (Internal)<br>
314-387-0189 (Mobile)</span><span lang="EN-US"><br>
</span><span style="font-size:10.0pt;font-family:"Trebuchet
MS",sans-serif;color:#ED1A3B" lang="EN-US"><a href="mailto:jward@bdo.com" moz-do-not-send="true"><span style="color:#ED1A3B">jward@bdo.com</span></a></span><span lang="EN-US"><br>
<br>
</span><b><span style="font-size:10.0pt;font-family:"Trebuchet
MS",sans-serif;color:#404040" lang="EN-US">BDO</span></b><span lang="EN-US"><br>
</span><span style="font-size:10.0pt;font-family:"Trebuchet
MS",sans-serif;color:#404040" lang="EN-US">101
S Hanley Rd, Suite 800<br>
St. Louis, MO 63105 <br>
UNITED STATES<br>
314-889-1100</span><span lang="EN-US"><br>
</span><u><span style="font-size:10.0pt;font-family:"Trebuchet
MS",sans-serif;color:#ED1A3B" lang="EN-US"><a href="https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.bdo.com%2F&data=04%7C01%7C%7Cd8439e9cd9b4495f2fa808d876560e61%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637389459276885801%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=yaK9er8bp%2FQGDzB8j0WJsgCKwWesATGkiH%2Fahee%2F8RI%3D&reserved=0" originalsrc="http://www.bdo.com/" shash="klOhet7oBYDB94bqhrU4wgLiu7NYZHcnNaRE9sqkFagB8pr3gBE5LxmBJXmrOfgrkgLtIB6p5SUZ62+wQGkKocwGcUX86mn9/PmOxt6a4Eq6bJyOK4WYs96TDwXmGi7KcDFG8jjLZe9c1LiwJfqn1Sjp8pY9opJ9f3UOIF+EzwY=" moz-do-not-send="true"><span style="color:#ED1A3B">www.bdo.com</span></a></span></u><span lang="EN-US"><br>
<br>
</span><u><span style="font-size:10.0pt;font-family:"Trebuchet
MS",sans-serif;color:#ED1A3B" lang="EN-US"><a href="https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffileexchange.bdo.com%2F&data=04%7C01%7C%7Cd8439e9cd9b4495f2fa808d876560e61%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637389459276885801%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=L8NFz%2Bd4z46LLyhWfSQpKDjXrjSgwK1px9FBNrkWRAU%3D&reserved=0" originalsrc="https://fileexchange.bdo.com/" shash="o3yt/t2WTi2FPA5SYCwL8VslnygsOX5A+mCatZyrRMpr6x/dAWlONW9jTZ2362WXBh12MJ/zl8zo+96LWvypt7/TCR4DHOUuP/tjxdklCr2N3ZwW2MuYo9c1ORCMhoTAY4gmUn2eZUUyuYqz93cLlR7fqYgbuL3HFAjWoTnarqc=" target="_blank" moz-do-not-send="true"><span style="color:#ED1A3B">BDO File Exchange
(secure file sharing)</span></a></span></u><span lang="EN-US"><br>
<br>
</span><i><span style="font-size:10.0pt;font-family:trebuchet;color:green" lang="EN-US">Please consider the environment
before printing this e-mail</span></i><span lang="EN-US"><br>
<br>
<a href="https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.bdo.com%2Fresource-centers%2Funderstanding-the-business-impacts-of-covid-19&data=04%7C01%7C%7Cd8439e9cd9b4495f2fa808d876560e61%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637389459276895798%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=s3BkcfPIrBPkmwHlkyhzH%2B1Lap7wP626wNOEAbwOcfo%3D&reserved=0" originalsrc="https://www.bdo.com/resource-centers/understanding-the-business-impacts-of-covid-19" shash="Y1X9m/0QQXTexI5xJ2ecDvKWvbceZw4GQo4WiOt3tejJ7/p1OatnQ9rP6WHAulJKFAutHta6AADTRUi8m/UyDOEP6WM4XhKcvu2mx7srxxDN//LDyCI17RIHbNElzl/WlFANkvTDVyVCx5F2pxbGrxVP6izYppPJYjoyeu0kmQc=" moz-do-not-send="true"><span style="text-decoration:none"><img style="width:2.6041in;height:.427in" id="x__x005f_x0000_i1026" src="https://bdousprodintwebappssta.blob.core.windows.net/osd/Icons/covid.jpg" alt="covid-19" moz-do-not-send="true" width="250" height="41" border="0"></span></a><o:p></o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="xmsonormal"><b><span lang="EN-US">From:</span></b><span lang="EN-US"> Smcwg-public <<a href="mailto:smcwg-public-bounces@cabforum.org" moz-do-not-send="true">smcwg-public-bounces@cabforum.org</a>>
<b>On Behalf Of </b>??? via Smcwg-public<br>
<b>Sent:</b> Wednesday, August 19, 2020 9:29
PM<br>
<b>To:</b> 'SMIME Certificate Working Group'
<<a href="mailto:smcwg-public@cabforum.org" moz-do-not-send="true">smcwg-public@cabforum.org</a>><br>
<b>Subject:</b> Re: [Smcwg-public] Audit Schem
of a S/MIME CA<o:p></o:p></span></p>
</div>
</div>
<p class="xmsonormal"><span lang="EN-US"> <o:p></o:p></span></p>
<div style="border:solid black 1.5pt;padding:0cm 0cm
0cm 0cm;margin-bottom:24.0pt">
<p style="background:lightgreen"><span lang="EN-US">Attention:
This email was sent from someone outside of BDO
USA. Always use caution when opening attachments
or clicking links from unknown senders or when
receiving unexpected emails.<o:p></o:p></span></p>
</div>
<div>
<p class="xmsonormal"><span style="color:#1F497D" lang="EN-US">There are some typo in previous
e-mail, such as </span><span style="color:#1F497D">“<span lang="EN-US">audit
schema</span>”<span lang="EN-US"> should be </span>“<span lang="EN-US">audit scheme</span>”<span lang="EN-US">, </span>“<span lang="EN-US">I
wonder to know certificate consumers member
and CPA Canada</span>’<span lang="EN-US">s
opinion.</span>”<span lang="EN-US"> should be
</span>“<span lang="EN-US">I wonder to know
certificate consumers members</span>’<span lang="EN-US"> and CPA Canada WebTrust Task
Force</span>’<span lang="EN-US">s opinion.</span>”</span><span lang="EN-US"><o:p></o:p></span></p>
<p class="xmsonormal"><span style="color:#1F497D" lang="EN-US"> </span><span lang="EN-US"><o:p></o:p></span></p>
<p class="xmsonormal"><span style="color:#1F497D" lang="EN-US">Thanks. </span><span lang="EN-US"><o:p></o:p></span></p>
<p class="xmsonormal" style="text-indent:24.0pt"><span style="color:#1F497D" lang="EN-US"> </span><span lang="EN-US"><o:p></o:p></span></p>
<p class="xmsonormal"><span style="color:#1F497D" lang="EN-US"> Li-Chun</span><span lang="EN-US"><o:p></o:p></span></p>
<p class="xmsonormal"><span style="color:#1F497D" lang="EN-US"> </span><span lang="EN-US"><o:p></o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="xmsonormal"><b><span lang="EN-US">From:</span></b><span lang="EN-US"> Smcwg-public <<a href="mailto:smcwg-public-bounces@cabforum.org" moz-do-not-send="true">smcwg-public-bounces@cabforum.org</a>>
<b>On Behalf Of </b></span>陳立群<span lang="EN-US"> via Smcwg-public<br>
<b>Sent:</b> Thursday, August 20, 2020 8:59
AM<br>
<b>To:</b> 'SMIME Certificate Working Group'
<<a href="mailto:smcwg-public@cabforum.org" moz-do-not-send="true">smcwg-public@cabforum.org</a>><br>
<b>Subject:</b> [</span>外部郵件<span lang="EN-US">] [Smcwg-public] Audit Schem of
a S/MIME CA<o:p></o:p></span></p>
</div>
</div>
<p class="xmsonormal"><span lang="EN-US"> <o:p></o:p></span></p>
<p class="xmsonormal" style="text-indent:16.5pt"><span lang="EN-US">I wonder the audit schema of an
issuing CA issue S/MIME certificate as the
issuing CA 2 (S/MIME Certificates) in upper
diagram of page 10 of WebTrust for CA 2.2<span style="color:#1F497D"> (<a href="https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.cpacanada.ca%2F-%2Fmedia%2Fsite%2Foperational%2Fms-member-services%2Fdocs%2Fwebtrust%2Fwebtrust-for-ca-22.pdf%3Fla%3Den%26hash%3D76D4C1F8363D563CE7FC09031E54ACA2EBFE3E3A&data=04%7C01%7C%7Cd8439e9cd9b4495f2fa808d876560e61%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637389459276895798%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=QUcML7xQ2E%2FIJ4oiEmucoWnBn2ajZ2%2FwzykvLkykdk8%3D&reserved=0" originalsrc="https://www.cpacanada.ca/-/media/site/operational/ms-member-services/docs/webtrust/webtrust-for-ca-22.pdf?la=en&hash=76D4C1F8363D563CE7FC09031E54ACA2EBFE3E3A" shash="hh43HIFUTU6HQKDFM3j4Vou5NVgShvqGqqXlEWD3B/by4vXYicKyAtSG/84MviMDt3+kdC8CDmKiaYwQWp3c+hhJwvC0kpDk5P2PMPcRBz3SY26ih55JyH+tg6smFNX7U1COWMcA3yGyc9dqmvoKUhOUPF3sjGjTNSEegjaWkYc=" moz-do-not-send="true">https://www.cpacanada.ca/-/media/site/operational/ms-member-services/docs/webtrust/webtrust-for-ca-22.pdf?la=en&hash=76D4C1F8363D563CE7FC09031E54ACA2EBFE3E3A</a>)
.</span><o:p></o:p></span></p>
<p class="xmsonormal"><span style="color:#1F497D" lang="EN-US"> </span><span lang="EN-US"><o:p></o:p></span></p>
<p class="xmsonormal" style="text-indent:16.5pt"><span lang="EN-US">From the WebTrust for Certification
Authorities - Audit Applicability Matrix<span style="color:#1F497D"> (</span><a href="https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.cpacanada.ca%2Fen%2Fbusiness-and-accounting-resources%2Faudit-and-assurance%2Foverview-of-webtrust-services%2Fprinciples-and-criteria&data=04%7C01%7C%7Cd8439e9cd9b4495f2fa808d876560e61%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637389459276905789%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=tgq5wLU7KS4joUe3%2BiMPUkmQE62kKv%2Bd4PN5NZw1IGI%3D&reserved=0" originalsrc="https://www.cpacanada.ca/en/business-and-accounting-resources/audit-and-assurance/overview-of-webtrust-services/principles-and-criteria" shash="Yh2fdJol+CfijG++1rQjMMRia01awDXPwDusSJQIxFFQ727qRbL0kTMXE4qw8CdydtSTC0P7XiC70oiqzezcOH03I4aPI5icgOKkh4QTLdKHLs5ypchnmOOGC9Y8huBNfr+9t+qlXjCdkUL27ggTiJcQeFDGZyw1IRcTySeqvjo=" moz-do-not-send="true">https://www.cpacanada.ca/en/business-and-accounting-resources/audit-and-assurance/overview-of-webtrust-services/principles-and-criteria</a>
) or as attached file, this issuing CA2 (S/MIME
Certificates) belong to </span>“<span lang="EN-US">Publicly-Trusted Commercial PKI -
All other uses</span>”<span lang="EN-US"> or </span>“<span lang="EN-US">Publicly-Trusted Government PKI -
All other uses</span>”<span lang="EN-US"> , so
the audit scheme should be RKGC, Key Protection
and WebTrust.<o:p></o:p></span></p>
<p class="xmsonormal"><span style="color:#1F497D" lang="EN-US"> </span><span lang="EN-US"><o:p></o:p></span></p>
<p class="xmsonormal" style="text-indent:16.5pt;text-autospace:none"><span lang="EN-US">But someone may argue as the Root
CA in upper diagram of page 10 of WebTrust for
CA 2.2 has website and e-mail trust bits. The
issuing CA 2 (S/MIME Certificates should pass
WebTurst for CA-SSL BR with Network Security
Audit Criteria Principles 4. I see <a href="https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.cpacanada.ca%2F-%2Fmedia%2Fsite%2Foperational%2Fms-member-services%2Fdocs%2Fwebtrust%2Fwtbr-241-final--ssl-baseline-with-network-security-june-30-2019.pdf%3Fla%3Den%26hash%3D15117D0B4FB70FB113C7D1D88802A26FE820FB60&data=04%7C01%7C%7Cd8439e9cd9b4495f2fa808d876560e61%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637389459276905789%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=dPPZsnEiypD24mmjshIcfERXH%2B5uzp2ft2VZGRSeCpM%3D&reserved=0" originalsrc="https://www.cpacanada.ca/-/media/site/operational/ms-member-services/docs/webtrust/wtbr-241-final--ssl-baseline-with-network-security-june-30-2019.pdf?la=en&hash=15117D0B4FB70FB113C7D1D88802A26FE820FB60" shash="xq+6pQdPA/vnZeoxj4zFFFFKjU+Lw8auoB3hei1JhO0jKBCc2GIDxtv0CodxWxkQ5r2TQM0Edxnq32G/AQW4nyYc4WvpnJdbHrHFwSecxUTJx3QJqMUm6YtR8kkdB8j1uQ9HCr3ZIREvjz7VOtozUl8QNcGRH7x+NcKk8rjqjA0=" moz-do-not-send="true"><span style="color:windowtext;text-decoration:none">WebTrust
Principles and Criteria for Certification
Authorities </span><span style="color:windowtext;text-decoration:none" lang="EN-US"><span lang="EN-US">– SSL
Baseline with Network Security </span></span><span style="color:windowtext;text-decoration:none" lang="EN-US"><span lang="EN-US">– Version 2.4.1</span></span></a>
page 3. It said that </span>“<span lang="EN-US">However, the Network Security
Requirements (Principle 4) would apply to all
CAs </span>–<span lang="EN-US"> Root CA, CA 1,
CA 2, CA 3, and CA 4.</span>”<span lang="EN-US">.
Note that CA-3 is a S/MIME CA. <o:p></o:p></span></p>
<p class="xmsonormal"><span lang="EN-US">
<o:p></o:p></span></p>
<p class="xmsonormal"><span lang="EN-US"> I
wonder to know certificate consumers member and
CPA Canada</span>’<span lang="EN-US">s opinion.
<o:p></o:p></span></p>
<p class="xmsonormal"><span lang="EN-US"> <o:p></o:p></span></p>
<p class="xmsonormal"><span lang="EN-US"> Thanks.<o:p></o:p></span></p>
<p class="xmsonormal"><span lang="EN-US"> <o:p></o:p></span></p>
<p class="xmsonormal"><span lang="EN-US">
Li-Chun Chen <o:p></o:p></span></p>
<p class="xmsonormal"><span lang="EN-US"> Chunghwa
Telecom <o:p></o:p></span></p>
<p class="xmsonormal"><span lang="EN-US"> <o:p></o:p></span></p>
<div>
<div>
<p class="xmsonormal">本信件可能包含中華電信股份有限公司機密資訊<span lang="EN-US">,</span>非指定之收件者<span lang="EN-US">,</span>請勿蒐集、處理或利用本信件內容<span lang="EN-US">,</span>並請銷毀此信件<span lang="EN-US">. </span>如為指定收件者<span lang="EN-US">,</span>應確實保護郵件中本公司之營業機密及個人資料<span lang="EN-US">,</span>不得任意傳佈或揭露<span lang="EN-US">,</span>並應自行確認本郵件之附檔與超連結之安全性<span lang="EN-US">,</span>以共同善盡資訊安全與個資保護責任<span lang="EN-US">. <o:p></o:p></span></p>
</div>
<div>
<p class="xmsonormal"><span lang="EN-US">Please
be advised that this email message
(including any attachments) contains
confidential information and may be legally
privileged. If you are not the intended
recipient, please destroy this message and
all attachments from your system and do not
further collect, process, or use them.
Chunghwa Telecom and all its subsidiaries
and associated companies shall not be liable
for the improper or incomplete transmission
of the information contained in this email
nor for any delay in its receipt or damage
to your system. If you are the intended
recipient, please protect the confidential
and/or personal information contained in
this email with due care. Any unauthorized
use, disclosure or distribution of this
message in whole or in part is strictly
prohibited. Also, please self-inspect
attachments and hyperlinks contained in this
email to ensure the information security and
to protect personal information.<o:p></o:p></span></p>
</div>
</div>
<div>
<p class="xmsonormal"><span lang="EN-US"> <o:p></o:p></span></p>
</div>
<div>
<p class="xmsonormal"><span lang="EN-US"> <o:p></o:p></span></p>
</div>
<p class="xmsonormal"><span lang="EN-US"> <o:p></o:p></span></p>
<div>
<div>
<p class="xmsonormal"><span style="font-family:"MS Gothic"">本信件可能包含中華電信股份有限公司機密資訊</span><span lang="EN-US">,</span><span style="font-family:"MS Gothic"">非指定之收件者</span><span lang="EN-US">,</span><span style="font-family:"MS Gothic"">請勿蒐集、處理或利用本信件</span><span style="font-family:"Malgun
Gothic",sans-serif">內容</span><span lang="EN-US">,</span><span style="font-family:"MS Gothic"">並請銷毀此信件</span><span lang="EN-US">. </span><span style="font-family:"MS Gothic"">如為指定收件者</span><span lang="EN-US">,</span><span style="font-family:"MS Gothic"">應確實保護郵件中本公司之營業機密及個人資料</span><span lang="EN-US">,</span><span style="font-family:"MS Gothic"">不得任意傳佈或揭露</span><span lang="EN-US">,</span><span style="font-family:"MS Gothic"">並應自行確認本郵件之附檔與超連結之安全性</span><span lang="EN-US">,</span><span style="font-family:"MS Gothic"">以共同善盡資訊安全與個資保護責任</span><span lang="EN-US">. <o:p></o:p></span></p>
</div>
<div>
<p class="xmsonormal"><span lang="EN-US">Please
be advised that this email message
(including any attachments) contains
confidential information and may be legally
privileged. If you are not the intended
recipient, please destroy this message and
all attachments from your system and do not
further collect, process, or use them.
Chunghwa Telecom and all its subsidiaries
and associated companies shall not be liable
for the improper or incomplete transmission
of the information contained in this email
nor for any delay in its receipt or damage
to your system. If you are the intended
recipient, please protect the confidential
and/or personal information contained in
this email with due care. Any unauthorized
use, disclosure or distribution of this
message in whole or in part is strictly
prohibited. Also, please self-inspect
attachments and hyperlinks contained in this
email to ensure the information security and
to protect personal information.<o:p></o:p></span></p>
</div>
</div>
<div>
<p class="xmsonormal"><span lang="EN-US"> <o:p></o:p></span></p>
</div>
<div>
<p class="xmsonormal"><span lang="EN-US"> <o:p></o:p></span></p>
</div>
</div>
<p class="xmsonormal" style="margin-bottom:12.0pt"><span lang="EN-US"><br>
<br>
</span><em><b><span style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black" lang="EN-US">The health and safety of our
people and communities is our top priority, as
we all do our part to help stop the spread of
COVID-19. All BDO USA offices will be closed
until further notice. While we will be working
from home, our already-flexible work
environment enables us to make this transition
seamlessly and we have the technology in place
to continue to provide the same excellent
level of service our clients are accustomed
to. We are here if you need us, just as
before, and if we can be helpful as you
navigate the uncertainty, we stand ready. </span></b></em><b><i><span style="font-size:10.0pt;color:black" lang="EN-US"><br>
<br>
</span></i></b><em><b><span style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black" lang="EN-US">BDO USA, LLP, a Delaware limited
liability partnership, is the U.S. member of
BDO International Limited, a UK company
limited by guarantee, and forms part of the
international BDO network of independent
member firms. </span></b></em><b><i><span style="font-size:10.0pt;color:black" lang="EN-US"><br>
<br>
</span></i></b><em><b><span style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black" lang="EN-US">BDO is the brand name for the BDO
network and for each of the BDO Member Firms.</span></b></em><b><i><span style="font-size:10.0pt;color:black" lang="EN-US"><br>
<br>
</span></i></b><em><b><span style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black" lang="EN-US">IMPORTANT NOTICES</span></b></em><b><i><span style="font-size:10.0pt;color:black" lang="EN-US"><br>
<br>
</span></i></b><em><b><span style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black" lang="EN-US">The contents of this email and
any attachments to it may contain privileged
and confidential information from BDO USA,
LLP. This information is only for the viewing
or use of the intended recipient. If you are
not the intended recipient, you are hereby
notified that any disclosure, copying,
distribution or use of, or the taking of any
action in reliance upon, the information
contained in this e-mail, or any of the
attachments to this e-mail, is strictly
prohibited and that this e-mail and all of the
attachments to this e-mail, if any, must be
immediately returned to BDO USA, LLP or
destroyed and, in either case, this e-mail and
all attachments to this e-mail must be
immediately deleted from your computer without
making any copies hereof. If you have received
this e-mail in error, please notify BDO USA,
LLP by e-mail immediately.</span></b></em><span lang="EN-US"><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<div>
<div>
<p class="MsoNormal">本信件可能包含中華電信股份有限公司機密資訊<span lang="EN-US">,</span>非指定之收件者<span lang="EN-US">,</span>請勿蒐集、處理或利用本信件內容<span lang="EN-US">,</span>並請銷毀此信件<span lang="EN-US">.
</span>如為指定收件者<span lang="EN-US">,</span>應確實保護郵件中本公司之營業機密及個人資料<span lang="EN-US">,</span>不得任意傳佈或揭露<span lang="EN-US">,</span>並應自行確認本郵件之附檔與超連結之安全性<span lang="EN-US">,</span>以共同善盡資訊安全與個資保護責任<span lang="EN-US">. <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US">Please be
advised that this email message (including any
attachments) contains confidential information
and may be legally privileged. If you are not
the intended recipient, please destroy this
message and all attachments from your system and
do not further collect, process, or use them.
Chunghwa Telecom and all its subsidiaries and
associated companies shall not be liable for the
improper or incomplete transmission of the
information contained in this email nor for any
delay in its receipt or damage to your system.
If you are the intended recipient, please
protect the confidential and/or personal
information contained in this email with due
care. Any unauthorized use, disclosure or
distribution of this message in whole or in part
is strictly prohibited. Also, please
self-inspect attachments and hyperlinks
contained in this email to ensure the
information security and to protect personal
information.<o:p></o:p></span></p>
</div>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
</div>
</div>
</div>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span lang="EN-US"><br>
<br>
</span><em><b><span style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US" lang="EN-US">The health and safety of our people and
communities is our top priority, as we all do our part
to help stop the spread of COVID-19. All BDO USA
offices will be closed until further notice. While we
will be working from home, our already-flexible work
environment enables us to make this transition
seamlessly and we have the technology in place to
continue to provide the same excellent level of
service our clients are accustomed to. We are here if
you need us, just as before, and if we can be helpful
as you navigate the uncertainty, we stand ready. </span></b></em><b><i><span style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:EN-US" lang="EN-US"><br>
<br>
<em><span style="font-family:"Calibri",sans-serif">BDO
USA, LLP, a Delaware limited liability
partnership, is the U.S. member of BDO
International Limited, a UK company limited by
guarantee, and forms part of the international BDO
network of independent member firms. </span></em><br>
<br>
<em><span style="font-family:"Calibri",sans-serif">BDO
is the brand name for the BDO network and for each
of the BDO Member Firms.</span></em><br>
<br>
<em><span style="font-family:"Calibri",sans-serif">IMPORTANT
NOTICES</span></em><br>
<br>
<em><span style="font-family:"Calibri",sans-serif">The
contents of this email and any attachments to it
may contain privileged and confidential
information from BDO USA, LLP. This information is
only for the viewing or use of the intended
recipient. If you are not the intended recipient,
you are hereby notified that any disclosure,
copying, distribution or use of, or the taking of
any action in reliance upon, the information
contained in this e-mail, or any of the
attachments to this e-mail, is strictly prohibited
and that this e-mail and all of the attachments to
this e-mail, if any, must be immediately returned
to BDO USA, LLP or destroyed and, in either case,
this e-mail and all attachments to this e-mail
must be immediately deleted from your computer
without making any copies hereof. If you have
received this e-mail in error, please notify BDO
USA, LLP by e-mail immediately.</span></em></span></i></b><span lang="EN-US"><o:p></o:p></span></p>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Smcwg-public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Smcwg-public@cabforum.org" moz-do-not-send="true">Smcwg-public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cabforum.org%2Fmailman%2Flistinfo%2Fsmcwg-public&data=04%7C01%7C%7Cd8439e9cd9b4495f2fa808d876560e61%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637389459276915783%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=pFnT52aSrAcEgV5T4fctQ6h3CYNny1dkrEEgEAKU7O0%3D&reserved=0" originalsrc="https://lists.cabforum.org/mailman/listinfo/smcwg-public" shash="U34Xsujk/miJ266Iu9omib6ZxCnuxFG5tOXIo1Pdso5pRVUPK9vt5y9MVCJSOpztwjZ9r2HaD7y+zwtq237gYKRM0hhH/hthDbGryY0YzcghvbdozBBeMyJ/M2puvGastCF3gBR0YAVulJJnR4OlOqA0Iu6jj6v91VwRhgVIi1U=" moz-do-not-send="true">https://lists.cabforum.org/mailman/listinfo/smcwg-public</a></pre>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Smcwg-public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Smcwg-public@cabforum.org">Smcwg-public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cabforum.org%2Fmailman%2Flistinfo%2Fsmcwg-public&data=04%7C01%7C%7Cd8439e9cd9b4495f2fa808d876560e61%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637389459276945765%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=T9tKKWXd%2Fyy2YSCm8NWI4mLZgJgzqFbAqADnaP2sDiw%3D&reserved=0">https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cabforum.org%2Fmailman%2Flistinfo%2Fsmcwg-public&data=04%7C01%7C%7Cd8439e9cd9b4495f2fa808d876560e61%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637389459276945765%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=T9tKKWXd%2Fyy2YSCm8NWI4mLZgJgzqFbAqADnaP2sDiw%3D&reserved=0</a>
</pre>
</blockquote>
</body>
</html>