CA/Incident Dashboard: Difference between revisions
(→Open CA Compliance Bugs: update query to remove auditor compliance) |
m (→Open CA Compliance Bugs: Minor edit) |
||
(18 intermediate revisions by 5 users not shown) | |||
Line 2: | Line 2: | ||
== Open CA Compliance Bugs == | == Open CA Compliance Bugs == | ||
A CA compliance bug relates to a concern about a CA's certificates failing to comply with [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/ Mozilla's CA Certificate Policy] and/or | A CA compliance bug relates to a concern about a CA's certificates failing to comply with [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/ Mozilla's CA Certificate Policy] and/or a [https://cabforum.org/ CA/Browser Forum] requirement, and is determined to not be an [https://www.mozilla.org/en-US/security/#For_Developers imminent security concern]. A CA's response to a CA compliance bug includes providing an [[CA/Responding_To_An_Incident#Incident_Report|Incident Report]] in the bug. | ||
Anyone may create a CA Compliance bug as follows: | Anyone may create a CA Compliance bug as follows: | ||
* https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificate%20Compliance | * https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificate%20Compliance&version=other | ||
* Whiteboard = [ca-compliance] | * Whiteboard = [ca-compliance] | ||
** If the issue is due to mandated restrictions regarding COVID-19, use Whiteboard = [ca-compliance][covid-19] | |||
<bugzilla> | <bugzilla> | ||
Line 12: | Line 13: | ||
"component":"CA Certificate Compliance", | "component":"CA Certificate Compliance", | ||
"status":["UNCONFIRMED", "NEW", "ASSIGNED", "REOPENED"], | "status":["UNCONFIRMED", "NEW", "ASSIGNED", "REOPENED"], | ||
" | "f1": "OP", | ||
" | "j1": "AND", | ||
"include_fields": | "f2": "status_whiteboard", | ||
"o2": "allwordssubstr", | |||
"v2": "ca-compliance", | |||
"f3": "status_whiteboard", | |||
"o3": "nowordssubstr", | |||
"v3": "leaf-revocation-delay", | |||
"f4": "status_whiteboard", | |||
"o4": "nowordssubstr", | |||
"v4": "audit-delay", | |||
"include_fields": "summary, id, status, assigned_to, whiteboard, last_change_time, creation_time", | |||
"order": "short_desc ASC" | |||
} | |||
</bugzilla> | |||
== Audit Delays == | |||
The compliance bug's whiteboard field is tagged with [audit-delay] whenever a CA is unable to deliver audit statements to Mozilla [[CA/Audit_Statements|when they are due]]. Such bugs should be reported as [[CA/Bug_Triage#Compliance_Problems_and_Incidents|CA compliance issues]], with the following whiteboard tags as described [https://wiki.mozilla.org/CA/Audit_Statements#Audit_Delay here]. | |||
*Whiteboard = [ca-compliance][audit-delay] | |||
*For audit delays due to mandated restrictions regarding COVID-19, use Whiteboard = [ca-compliance][audit-delay][covid-19] | |||
<bugzilla> | |||
{ | |||
"component":"CA Certificate Compliance", | |||
"status":["UNCONFIRMED", "NEW", "ASSIGNED", "REOPENED"], | |||
"f1": "OP", | |||
"j1": "AND", | |||
"f2": "status_whiteboard", | |||
"o2": "allwordssubstr", | |||
"v2": "ca-compliance", | |||
"f3": "status_whiteboard", | |||
"o3": "allwordssubstr", | |||
"v3": "audit-delay", | |||
"include_fields": "summary, id, status, assigned_to, whiteboard, last_change_time, creation_time", | |||
"order": "short_desc ASC" | |||
} | |||
</bugzilla> | |||
== Revocation Delays == | |||
The compliance bug's whiteboard field is tagged with [ca-revocation-delay] or [leaf-revocation-delay] whenever a CA fails to abide by Mozilla's requirement to revoke certificates in a timely fashion. As discussed in [[CA/Responding_To_An_Incident#Revocation]], Mozilla recognizes that there may be *exceptional* situations that cause a CA to not abide by the Baseline Requirements, which should be accompanied by an [[CA/Responding_To_An_Incident#Incident_Report|Incident Report]]. | |||
Such bugs should be reported as [[CA/Bug_Triage#Compliance_Problems_and_Incidents|CA compliance issues]], and will be categorized appropriately during triage. | |||
<bugzilla> | |||
{ | |||
"component":"CA Certificate Compliance", | |||
"status":["UNCONFIRMED", "NEW", "ASSIGNED", "REOPENED"], | |||
"f1": "OP", | |||
"j1": "AND", | |||
"f2": "status_whiteboard", | |||
"o2": "allwordssubstr", | |||
"v2": "ca-compliance", | |||
"f3": "status_whiteboard", | |||
"o3": "allwordssubstr", | |||
"v3": "leaf-revocation-delay", | |||
"include_fields": "summary, id, status, assigned_to, whiteboard, last_change_time, creation_time", | |||
"order": "short_desc ASC" | |||
} | } | ||
</bugzilla> | </bugzilla> |
Latest revision as of 22:48, 2 February 2024
Open CA Bugs in Bugzilla
Open CA Compliance Bugs
A CA compliance bug relates to a concern about a CA's certificates failing to comply with Mozilla's CA Certificate Policy and/or a CA/Browser Forum requirement, and is determined to not be an imminent security concern. A CA's response to a CA compliance bug includes providing an Incident Report in the bug.
Anyone may create a CA Compliance bug as follows:
- https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificate%20Compliance&version=other
- Whiteboard = [ca-compliance]
- If the issue is due to mandated restrictions regarding COVID-19, use Whiteboard = [ca-compliance][covid-19]
Summary | ID | Status | Assigned to | Whiteboard | Last change time | Creation time |
---|---|---|---|---|---|---|
Actalis: CRL distribution point with ldap scheme | 1906690 | ASSIGNED | Marco Menonna | [ca-compliance] [crl-failure] | 2024-09-03T15:59:27Z | 2024-07-08T15:44:42Z |
Actalis: Use of CRLReason Code in Certificate Revocation | 1914419 | ASSIGNED | Marco Menonna | [ca-compliance] [crl-failure] | 2024-09-12T14:47:35Z | 2024-08-22T15:13:31Z |
Asseco DS / Certum: CRL non-conformance with the TLS BRs | 1888689 | ASSIGNED | Kateryna Aleksieieva | [ca-compliance] [crl-failure] [external] Next update 2024-10-01 | 2024-09-19T18:21:57Z | 2024-03-29T17:37:14Z |
Asseco DS / Certum: Organization Identifier and Country field discrepancies | 1917571 | ASSIGNED | Kateryna Aleksieieva | [ca-compliance] [smime-misissuance] | 2024-09-20T14:39:52Z | 2024-09-09T11:32:46Z |
Asseco DS / Certum: S/MIME certificates with error in subjectAlternativeName | 1879845 | ASSIGNED | Kateryna Aleksieieva | [ca-compliance] [smime-misissuance] Next update 2024-10-01 | 2024-09-19T18:20:21Z | 2024-02-12T13:22:11Z |
CFCA: certificate basicConstraints extension not marked as critical | 1886135 | ASSIGNED | Gao Fei | [ca-compliance] [ov-misissuance] | 2024-09-18T21:19:46Z | 2024-03-19T10:57:32Z |
CFCA: Failure to respond to a CPR in a complete and/or timely manner | 1888881 | ASSIGNED | Gao Fei | [ca-compliance] [policy-failure] | 2024-09-12T18:01:32Z | 2024-04-01T07:17:16Z |
Chunghwa Telecom: “Test Website - Valid" URL disclosed to CCADB is expired | 1904038 | ASSIGNED | Tsung-Min Kuo | [ca-compliance] [policy-failure] | 2024-09-06T11:14:46Z | 2024-06-21T12:48:21Z |
Chunghwa Telecom: TLS Certificates Contains two LocalityName Values in SubjectDN by GTLSCA | 1916392 | ASSIGNED | Leo Fang | [ca-compliance] [ov-misissuance] | 2024-09-20T02:08:28Z | 2024-09-03T10:00:29Z |
CommScope: Certificates not logged in CT logs as stated in CP/CPS | 1910512 | ASSIGNED | Nicol So | [ca-compliance] [policy-failure] | 2024-09-20T17:04:15Z | 2024-07-30T00:10:18Z |
CommScope: Incomplete Incident Report | 1904402 | ASSIGNED | Nicol So | [ca-compliance] [policy-failure] | 2024-09-18T19:31:54Z | 2024-06-24T18:20:49Z |
D-Trust: Issuance of an EV certificate containing a mixup of the Subject's postalCode and localityName | 1896190 | ASSIGNED | Enrico Entschew | [ca-compliance] [ev-misissuance] Next update 2024-10-21 | 2024-09-06T15:32:07Z | 2024-05-10T19:14:04Z |
D-Trust: Non-compliance of issued root and intermediate S/MIME certificates | 1918427 | ASSIGNED | Enrico Entschew | [ca-compliance] [uncategorized] | 2024-09-23T05:58:24Z | 2024-09-12T14:14:23Z |
DigiCert: Random value in CNAME without underscore prefix | 1910322 | ASSIGNED | Jeremy Rowley | [ca-compliance] [dv-misissuance] [ov-misissuance] [ev-misissuance] | 2024-09-20T18:04:21Z | 2024-07-29T02:17:59Z |
DigiCert: Typo in TLS Org Name | 1910258 | ASSIGNED | Martin Sullivan | [ca-compliance] [ov-misissuance] | 2024-09-20T18:12:06Z | 2024-07-27T20:48:42Z |
DigiCert: Unclear Disclosure of CAA Issuer Domain Names | 1914911 | ASSIGNED | Tim Hollebeek | [ca-compliance] [policy-failure] [external] | 2024-09-18T20:46:18Z | 2024-08-26T13:21:22Z |
emSign PKI Services : OCSP Responder Time Inconsistency | 1917459 | ASSIGNED | Naveen Kumar ML | [ca-compliance] [ocsp-failure] | 2024-09-09T15:49:06Z | 2024-09-08T09:06:01Z |
Entrust: Action Items from June 2024 Report | 1901270 | ASSIGNED | Ben Wilson | [ca-compliance] [meta] Next update 2024-10-31 | 2024-09-09T18:18:47Z | 2024-06-07T16:50:41Z |
Entrust: Business Entity not permitted in CPS | 1918380 | ASSIGNED | Bruce Morton | [ca-compliance] [policy-failure] | 2024-09-19T15:44:39Z | 2024-09-12T12:19:49Z |
Entrust: Not updating CPR Problem Reporting Mechanism fields in CCADB | 1894111 | ASSIGNED | Bruce Morton | [ca-compliance] [policy-failure] Next update 2024-10-31 | 2024-08-30T16:10:46Z | 2024-04-29T21:37:24Z |
Entrust: S/MIME certificates lacking OU verification | 1914065 | ASSIGNED | Bruce Morton | [ca-compliance] [smime-misissuance] Next update 2024-09-30 | 2024-08-30T16:05:20Z | 2024-08-20T21:35:45Z |
Entrust: S/MIME mailbox address case mismatch between subject and subjectAltName | 1906470 | ASSIGNED | Bruce Morton | [ca-compliance] [smime-misissuance] Next update 2024-10-31 | 2024-08-30T16:21:07Z | 2024-07-05T18:24:44Z |
Entrust: S/MIME mailbox address not in subjectAltName | 1906467 | ASSIGNED | Bruce Morton | [ca-compliance] [smime-misissuance] Next update 2024-10-31 | 2024-08-30T16:14:58Z | 2024-07-05T18:16:34Z |
Entrust: S/MIME OrgID Country not matching C field | 1914999 | ASSIGNED | Bruce Morton | [ca-compliance] [smime-misissuance] Next update 2024-10-01 | 2024-09-06T15:42:41Z | 2024-08-26T17:57:09Z |
GDCA: Issuance of SSL/TLS certificates with Non-critical Basic Constraints | 1888060 | ASSIGNED | capoc | [ca-compliance] [ov-misissuance] | 2024-09-20T01:31:38Z | 2024-03-27T06:15:29Z |
GlobalSign: Caching headers inaccurate for subset of CRLs | 1919304 | ASSIGNED | Christophe Bonjean | [ca-compliance] [crl-failure] | 2024-09-18T19:34:52Z | 2024-09-17T14:16:40Z |
GlobalSign: Incorrect whois information for TLD | 1917896 | ASSIGNED | Christophe Bonjean | [ca-compliance] [uncategorized] | 2024-09-20T03:43:45Z | 2024-09-10T17:05:08Z |
GoDaddy : CAA checks did not properly handle issuewild tag allowing FQDN SANs to be added to wildcard certs | 1904748 | ASSIGNED | [:nickname] Star | [ca-compliance] [ov-misissuance] [dv-misissuance] | 2024-09-20T21:18:19Z | 2024-06-26T02:12:50Z |
GoDaddy : CAA checks passed when records contained incorrect variants of godaddy.com or starfieldtech.com | 1904749 | ASSIGNED | [:nickname] Star | [ca-compliance] [dv-misissuance] [ov-misissuance] [ev-misissuance] | 2024-09-20T21:17:59Z | 2024-06-26T02:14:20Z |
GoDaddy: Edge Case for Data Reuse Outside of Timeframes | 1909948 | ASSIGNED | [:nickname] Star | [ca-compliance] [dv-misissuance] | 2024-08-05T16:25:38Z | 2024-07-25T17:47:50Z |
GoDaddy: Intermittent unauthorized OCSP response when certificate is freshly issued | 1905419 | ASSIGNED | [:nickname] Star | [ca-compliance] [ocsp-failure] | 2024-08-23T18:01:43Z | 2024-06-28T19:25:10Z |
IdenTrust: Expired CRLs | 1914067 | ASSIGNED | IdenTrust | [ca-compliance] [crl-failure] | 2024-09-03T21:48:11Z | 2024-08-20T21:50:05Z |
IdenTrust: TLS Certificates with outdated certificate profile | 1919162 | ASSIGNED | IdenTrust | [ca-compliance] [ov-misissuance] | 2024-09-18T20:07:48Z | 2024-09-16T22:13:02Z |
IdenTrust: Unauthorized OCSP response on a Timestamp certificate | 1905446 | ASSIGNED | IdenTrust | [ca-compliance] [ocsp-failure] Next update 2024-10-15 | 2024-08-30T22:20:28Z | 2024-06-28T22:11:23Z |
Izenpe: Failure to Submit Annual CCADB Self-Assessment | 1883493 | ASSIGNED | David | [ca-compliance] [disclosure-failure] [external] | 2024-08-26T16:07:19Z | 2024-03-04T20:36:07Z |
NETLOCK: CPR was not responded to in 24 hours | 1905509 | ASSIGNED | Nikolett | [ca-compliance] [policy-failure] | 2024-09-05T17:30:54Z | 2024-06-29T19:45:26Z |
NETLOCK: Findings in 2024 Audit - initial report | 1917046 | ASSIGNED | Nikolett | [ca-compliance] [audit-finding] | 2024-09-19T17:02:25Z | 2024-09-05T17:25:24Z |
NETLOCK: Intermediate CA Certificate not disclosed to CCADB | 1904041 | ASSIGNED | Nikolett | [ca-compliance] [policy-failure] [disclosure-failure] | 2024-08-30T16:07:55Z | 2024-06-21T13:01:09Z |
QuoVadis: Findings in 2024 ETSI Audit of QuoVadis Qualified Web ICA G2 | 1918467 | ASSIGNED | Stephen Davidson | [ca-compliance] [audit-finding] | 2024-09-20T20:46:54Z | 2024-09-12T16:22:31Z |
Sectigo: HTML encoded characters in subject attribute values | 1912225 | ASSIGNED | Martijn Katerbarg | [ca-compliance] [ov-misissuance] | 2024-09-18T19:51:12Z | 2024-08-08T09:16:17Z |
Sectigo: Missing data in cabfOrganizationIdentifier | 1915883 | ASSIGNED | Martijn Katerbarg | [ca-compliance] [ev-misissuance] | 2024-09-19T15:18:32Z | 2024-08-30T15:11:31Z |
Sectigo: S/MIME OV Mis-issuance | 1917405 | ASSIGNED | Martijn Katerbarg | [ca-compliance] [smime-misissuance] [external] | 2024-09-17T22:34:08Z | 2024-09-07T09:34:22Z |
SHECA: CRLReason code usage error | 1914365 | ASSIGNED | Alvin.Wang | [ca-compliance] [crl-failure] | 2024-08-27T05:59:45Z | 2024-08-22T11:43:31Z |
SwissSign: LDAP URL still in CRL distribution point (CDP) | 1916489 | ASSIGNED | Sandy Balzer | [ca-compliance] [crl-failure] | 2024-09-19T15:00:02Z | 2024-09-03T16:00:28Z |
SwissSign: S/MIME LCP not-permitted key usage | 1914023 | ASSIGNED | Sandy Balzer | [ca-compliance] [smime-misissuance] Next update 2024-10-15 | 2024-09-18T19:24:37Z | 2024-08-20T18:42:01Z |
Telekom Security: CRL-Entries with wrong CRL Reason Codes | 1914383 | ASSIGNED | Arnold Essing | [ca-compliance] [crl-failure] | 2024-09-16T07:39:25Z | 2024-08-22T12:56:33Z |
46 Total; 46 Open (100%); 0 Resolved (0%); 0 Verified (0%);
Audit Delays
The compliance bug's whiteboard field is tagged with [audit-delay] whenever a CA is unable to deliver audit statements to Mozilla when they are due. Such bugs should be reported as CA compliance issues, with the following whiteboard tags as described here.
- Whiteboard = [ca-compliance][audit-delay]
- For audit delays due to mandated restrictions regarding COVID-19, use Whiteboard = [ca-compliance][audit-delay][covid-19]
Summary | ID | Status | Assigned to | Whiteboard | Last change time | Creation time |
---|---|---|---|---|---|---|
Chunghwa Telecom:Delayed Annual Audit Report 2024 | 1917224 | ASSIGNED | Li-Chun CHEN | [ca-compliance] [audit-delay] | 2024-09-10T09:55:32Z | 2024-09-06T12:29:32Z |
PKIoverheid: Delayed S/MIME audit report for MoD PKIoverheid G3 CA | 1911335 | ASSIGNED | Jochem van den Berge | [ca-compliance] [audit-delay] | 2024-08-29T14:36:38Z | 2024-08-02T15:40:40Z |
2 Total; 2 Open (100%); 0 Resolved (0%); 0 Verified (0%);
Revocation Delays
The compliance bug's whiteboard field is tagged with [ca-revocation-delay] or [leaf-revocation-delay] whenever a CA fails to abide by Mozilla's requirement to revoke certificates in a timely fashion. As discussed in CA/Responding_To_An_Incident#Revocation, Mozilla recognizes that there may be *exceptional* situations that cause a CA to not abide by the Baseline Requirements, which should be accompanied by an Incident Report.
Such bugs should be reported as CA compliance issues, and will be categorized appropriately during triage.
Summary | ID | Status | Assigned to | Whiteboard | Last change time | Creation time |
---|---|---|---|---|---|---|
[meta] Delayed Revocation | 1911183 | ASSIGNED | Ben Wilson | [ca-compliance] [meta] [leaf-revocation-delay] | 2024-09-03T16:06:09Z | 2024-08-01T20:05:04Z |
Buypass: Delayed revocation of TLS certificates | 1872738 | ASSIGNED | Mads Henriksveen | [ca-compliance] [leaf-revocation-delay] Next update 2024-09-15 | 2024-09-18T21:22:58Z | 2024-01-02T19:18:17Z |
CFCA: Delayed revocation of TLS certificates(basicConstraints extension not marked as critical) | 1888882 | ASSIGNED | Gao Fei | [ca-compliance] [leaf-revocation-delay] | 2024-09-18T21:16:15Z | 2024-04-01T07:19:09Z |
Chunghwa Telecom: Delayed Revocation Due to GTLSCA EKU Misissuance | 1892419 | ASSIGNED | Leo Fang | [ca-compliance] [leaf-revocation-delay] | 2024-09-06T11:14:45Z | 2024-04-19T10:55:40Z |
Chunghwa Telecom: Delayed Revocation with Controversial Extension (2.5.29.9, SubjectDirectoryAttributes) | 1903066 | ASSIGNED | Leo Fang | [ca-compliance] [leaf-revocation-delay] | 2024-09-06T11:14:46Z | 2024-06-17T14:31:08Z |
Digicert: Delayed Revocation for bug 1894560 | 1896053 | ASSIGNED | Tim Hollebeek | [ca-compliance] [leaf-revocation-delay] Next update 2024-10-01 | 2024-09-09T15:38:42Z | 2024-05-10T05:00:07Z |
DigiCert: Delayed revocation of 1910322 | 1910805 | ASSIGNED | Tim Hollebeek | [ca-compliance] [leaf-revocation-delay] Next update 2024-10-01 | 2024-09-23T06:41:28Z | 2024-07-31T00:45:12Z |
emSign PKI Services: Delayed Revocation of SSL/TLS Certificates | 1916478 | ASSIGNED | Naveen Kumar ML | [ca-compliance] [leaf-revocation-delay] | 2024-09-07T15:39:46Z | 2024-09-03T15:24:26Z |
Entrust: Delayed Revocation for S/MIME certificates | 1910237 | ASSIGNED | Bruce Morton | [ca-compliance] [leaf-revocation-delay] Next update 2024-10-31 | 2024-08-30T16:14:29Z | 2024-07-27T15:07:49Z |
Entrust: Delayed revocation of certificates affected by Jurisdiction issue in some EV TLS & Code Signing certificates | 1898848 | ASSIGNED | ngook.kong | [ca-compliance] [leaf-revocation-delay] Next update 2024-09-30 | 2024-08-30T16:01:01Z | 2024-05-25T03:48:12Z |
Entrust: Delayed revocation of EV TLS certificates with missing cPSuri | 1886532 | ASSIGNED | Paul van Brouwershaven | [ca-compliance] [leaf-revocation-delay] Next update 2024-09-30 | 2024-08-13T17:18:47Z | 2024-03-20T17:22:26Z |
Entrust: Failure to revoke EV TLS certificates issued before CPS update | 1890685 | ASSIGNED | Bruce Morton | [ca-compliance] [policy-failure] [leaf-revocation-delay] Next update 2024-09-30 | 2024-08-30T16:01:31Z | 2024-04-09T23:40:57Z |
GDCA: Delayed revocation of SSL/TLS certificates with Non-critical Basic Constraints | 1889062 | ASSIGNED | capoc | [ca-compliance] [leaf-revocation-delay] | 2024-09-20T01:32:41Z | 2024-04-02T09:18:52Z |
Hongkong Post: Delayed revocation of TLS certificates with basicConstraints not marked as critical | 1887888 | ASSIGNED | Man Ho | [ca-compliance] [leaf-revocation-delay] | 2024-08-01T20:05:04Z | 2024-03-26T14:39:37Z |
Hongkong Post: Delayed revocation of TLS certificates with Certificate Policies extension problem | 1886665 | ASSIGNED | Man Ho | [ca-compliance] [leaf-revocation-delay] | 2024-08-01T20:05:04Z | 2024-03-21T04:30:30Z |
Microsec: Delayed revocation of the misissued certificates | 1887110 | ASSIGNED | dr. Sándor SZŐKE | [ca-compliance] [leaf-revocation-delay] | 2024-08-31T20:11:28Z | 2024-03-22T18:00:56Z |
NETLOCK: Policy Qualifiers other than id-qt-cps is included in TLS certificates - delayed revocation | 1891331 | ASSIGNED | Tamás Horváth | [ca-compliance] [leaf-revocation-delay] | 2024-08-01T20:05:04Z | 2024-04-13T22:07:56Z |
Telekom Security: Revocation delay for TLS certificates with basicConstraints not marked as critical | 1877388 | ASSIGNED | Arnold Essing | [ca-compliance] [leaf-revocation-delay] Next update 2024-10-01 | 2024-09-13T16:16:36Z | 2024-01-30T07:52:58Z |
Telia: Delayed revocation of seven (7) certificates related to incident 1896108 | 1896553 | ASSIGNED | Antti Backman | [ca-compliance] [leaf-revocation-delay] Next update 2024-10-01 | 2024-09-16T05:07:58Z | 2024-05-14T04:48:55Z |
TWCA: Revocation delay for EV TLS certificates with invalid subject attribute order | 1884568 | ASSIGNED | Hao-Chun Li | [ca-compliance] [leaf-revocation-delay] Next update 2024-10-01 | 2024-09-09T15:32:53Z | 2024-03-10T12:44:57Z |
TWCA: Revocation delay for TLS certificates with non-critical basicConstraints | 1886110 | ASSIGNED | chtsai | [ca-compliance] [ov-misissuance] [leaf-revocation-delay] | 2024-09-18T21:21:54Z | 2024-03-19T07:42:18Z |
VikingCloud: Delayed revocation of TLS certificates in connection to bug #1883779 | 1885568 | ASSIGNED | Andrea Holland | [ca-compliance] [ov-misissuance] [leaf-revocation-delay] Next update 2024-10-23 | 2024-08-16T18:58:11Z | 2024-03-15T16:20:17Z |
22 Total; 22 Open (100%); 0 Resolved (0%); 0 Verified (0%);
Closed CA Bugs
Closed CA Compliance Bugs
A historical view of past CA compliance bugs may be found here: