Confirmed users
377
edits
m (Interim Edit) |
(Minor edits) |
||
Line 1: | Line 1: | ||
{{draft}} | {{draft}} | ||
__NOTOC__ | __NOTOC__ | ||
= Summary of Incidents | This page lists recent (March-May 2024) bugs involving Entrust. The list of issues might not be comprehensive, and it will be updated by Mozilla as more information becomes available, but please do not edit this page yourself. If you have proposed changes, post them to the Mozilla dev-security-policy list or email them to certificates@mozilla.org. | ||
= Summary of Entrust Incidents - March-May 2024 = | |||
== A. Incidents related to Missing CPS URI in EV Certificates == | == A. Incidents related to Missing CPS URI in EV Certificates == | ||
Line 65: | Line 67: | ||
----------------------------------------------------------- | ----------------------------------------------------------- | ||
== B. | == B. Certificates without serverAuth EKU and Delayed Revocation == | ||
=== 1. clientAuth TLS Certificates without serverAuth EKU - === | === 1. clientAuth TLS Certificates without serverAuth EKU - === | ||
Line 102: | Line 104: | ||
https://bugzilla.mozilla.org/show_bug.cgi?id=1890898 | https://bugzilla.mozilla.org/show_bug.cgi?id=1890898 | ||
This is related to [https://bugzilla.mozilla.org/show_bug.cgi?id=1890896 bug #1890896] above. | This is related to [https://bugzilla.mozilla.org/show_bug.cgi?id=1890896 bug #1890896] above. The error and correction involved the CPS, not the certificates themselves, and re-issuing would result in similar certificates with new issuance dates. The error was discovered and corrected on March 26 with the posting of CPS version 3.20. However, community members have raised concerns about Entrust’s commitment to compliance with Baseline Requirements, its assertion of exceptional conditions, and the deviation from revocation timelines set forth in the Baseline Requirements. | ||
'''Issues:''' Delayed Revocation | '''Issues:''' Delayed Revocation |