中文網
  • 繁體
  • 简体
    •
  • My account
  • Sign in
  • Sign up
    •
    Trending
    CONNECT WITH US
    Home Tech Communications

    Firefox agrees trust transition for Chunghwa Telecom eCAs

    Chong Jing, Taipei; Rodney Chan, DIGITIMES Asia 0

    Credit: DIGITIMES

    Following Google Chrome's decision to stop trusting new TLS (transport layer security) website certificates issued by Chunghwa Telecom (CHT) starting from August 1, 2025, the Taiwanese Internet service provider (ISP) has been said to be facing similar actions from Mozilla Firefox.

    Some recent discussions on social media have claimed that Firefox had already completed a process of "gradual distrust" of CHT CA (certificate authority) on June 26. But such a description of Firefox's action is not entirely accurate.

    Discussions on the Bugzilla forum noted that Firefox was adjusting the trust settings for CHT's old ePKI Root Certification Authority (eCA), instead of completely distrusting CHT as a CA.

    The eCAs said to be affected by the Firefox decision were issued by CHT in 2004 with validity lasting until 2034. The eCAs have been widely used in HTTPS encrypted connections for Taiwan's government websites, academic institutions, and some legal entities.

    Firefox sets distrust-after date

    Although there should still be years until the eCAs expire, mainstream browsers regularly review and eliminate certificates that show a lack of compliance. Firefox originally planned to remove the default trust for eCAs on April 15, 2025, meaning visitors to websites with eCAs after that date would get security warnings, affecting their browsing.

    However, since a high proportion of government websites in Taiwan still rely on the eCAs, CHT and the Ministry of Digital Affairs (MODA) managed to convince Firefox that had the plan been implemented as scheduled, a lot of the government's online services would have been disrupted, denying people their rights. MODA also proposed a dual-certificate mechanism as a transitional solution to let government websites use CHT's eCAs and other certificates (such as TWCA) at the same time in order to gain a bigger buffer for their CA migration.

    Firefox finally agreed that instead of distrusting all eCAs, it would set a distrust-after date: 23:59:59 on April 15, 2025 (UTC time zone).

    In other words, eCAs issued before the deadline are still trusted for now, and only new certificates issued after that date are distrusted, giving time for system replacements and upgrades to reduce the risk of service interruption.

    Article edited by Jack Wu

    Related stories
    China rolls out AI chip design system 'Qimeng' to cut reliance on US EDA tools
    Behind the trust breach: How Chunghwa Telecom lost Chrome’s confidence
    Google cuts trust in Chunghwa Telecom's certificates: What's at stake for internet security chain?
    Show more
    Categories
    Mobile + telecom Telecom service, infrastructure
    Tags
    2025 Chrome CHT Firefox Google government MODA security Taiwan
    Companies
    Related topics
    Global supply chain: Advanced economies
    Global supply chain: Mobile, telecom, computing
    Research Report Database
    BIZ FOCUS
    Jun 30, 16:14
    Vietnam's new crypto law sets global standard for token regulation and licensing
    Monday 30 June 2025
    Why age verification online is facing more scrutiny in 2025
    Monday 30 June 2025
    How technology powers cross-border digital entertainment platforms
    Friday 27 June 2025
    Hyundai Exter: Why this micro-SUV perfect choice for city driving