Confirmed users
377
edits
m (→1. CPS typographical (text placement) error -: edit sentence) |
(→5. EV Certificate missing Issuer’s EV Policy OID -: edited based on comment from Mike Shaver) |
||
Line 43: | Line 43: | ||
https://bugzilla.mozilla.org/show_bug.cgi?id=1888714 | https://bugzilla.mozilla.org/show_bug.cgi?id=1888714 | ||
Entrust issued 1,963 EV TLS certificates September 11-22, 2023, without including an EV TLS CP OID. Root Causes were the misinterpretation of the EV Guidelines and the TLS BRs and a failure to recognize the overriding requirements of the EV Guidelines. (A misinterpretation of standards led to non-compliant certificates, and linting failed to detect the issue.) | Entrust issued 1,963 EV TLS certificates September 11-22, 2023, without including an EV TLS CP OID. Root Causes were the misinterpretation of the EV Guidelines and the TLS BRs and a failure to recognize the overriding requirements of the EV Guidelines. (A misinterpretation of standards led to non-compliant certificates, and linting failed to detect the issue.) Entrust also failed to provide its list of affected certificates or its incident report by a promised date, and did not give an explanation for that delay. | ||
'''Issues:''' Misinterpretation of Requirements; Policy/Procedure Failure; Certificate Mis-issuance | As remediation, since April 11, 2024, Entrust has used pkilint as a post-issuance linter to detect similar issues. (Mis-issued certificates are a subset of the certificates disclosed and being revoked under [https://bugzilla.mozilla.org/show_bug.cgi?id=1883843 bug #1883843]. Status of revocation is listed in [https://bugzilla.mozilla.org/show_bug.cgi?id=1886532 bug #1886532].) | ||
'''Issues:''' Misinterpretation of Requirements; Policy/Procedure Failure; Certificate Mis-issuance; Incident Handling; Incident Response | |||
=== 6. Delay in Updating CPS - === | === 6. Delay in Updating CPS - === |