CA/Entrust Issues: Difference between revisions

Jump to navigation Jump to search

CA/Entrust Issues (view source)

Revision as of 21:53, 5 May 2024

355 bytes added ,  5 May
Minor edits
m (Interim Edit)
(Minor edits)
Line 1: Line 1:
{{draft}}
{{draft}}
__NOTOC__
__NOTOC__
= Summary of Incidents for Entrust - March-May 2024 =
This page lists recent (March-May 2024) bugs involving Entrust. The list of issues might not be comprehensive, and it will be updated by Mozilla as more information becomes available, but please do not edit this page yourself. If you have proposed changes, post them to the Mozilla dev-security-policy list or email them to certificates@mozilla.org.
 
= Summary of Entrust Incidents - March-May 2024 =
== A. Incidents related to Missing CPS URI in EV Certificates ==
== A. Incidents related to Missing CPS URI in EV Certificates ==


Line 65: Line 67:
-----------------------------------------------------------  
-----------------------------------------------------------  


== B. Revocation of Certificates without serverAuth EKU ==
== B. Certificates without serverAuth EKU and Delayed Revocation ==


=== 1. clientAuth TLS Certificates without serverAuth EKU - ===
=== 1. clientAuth TLS Certificates without serverAuth EKU - ===
Line 102: Line 104:
https://bugzilla.mozilla.org/show_bug.cgi?id=1890898
https://bugzilla.mozilla.org/show_bug.cgi?id=1890898


This is related to [https://bugzilla.mozilla.org/show_bug.cgi?id=1890896 bug #1890896] above. The error and correction involved the CPS, not the certificates themselves, and re-issuing would result in similar certificates with new issuance dates. The error was discovered and corrected on March 26 with the posting of CPS version 3.20. However, community members have raised concerns about Entrust’s commitment to compliance with Baseline Requirements, its assertion of exceptional conditions, and the deviation from revocation timelines set forth in the Baseline Requirements.
This is related to [https://bugzilla.mozilla.org/show_bug.cgi?id=1890896 bug #1890896] above. The error and correction involved the CPS, not the certificates themselves, and re-issuing would result in similar certificates with new issuance dates. The error was discovered and corrected on March 26 with the posting of CPS version 3.20. However, community members have raised concerns about Entrust’s commitment to compliance with Baseline Requirements, its assertion of exceptional conditions, and the deviation from revocation timelines set forth in the Baseline Requirements.


'''Issues:'''  Delayed Revocation
'''Issues:'''  Delayed Revocation
Bwilson
Confirmed users
377

edits

Retrieved from "https://dev.wikimo.nonprod.webservices.mozgcp.net/Special:MobileDiff/1250707"

Navigation menu