CA/Incident Dashboard: Difference between revisions
< CA
Jump to navigation
Jump to search
(→Open CA Compliance Bugs: update query to remove auditor compliance) |
m (Updated link) |
||
Line 5: | Line 5: | ||
Anyone may create a CA Compliance bug as follows: | Anyone may create a CA Compliance bug as follows: | ||
* https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificate%20Compliance | * https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificate%20Compliance&version=other | ||
* Whiteboard = [ca-compliance] | * Whiteboard = [ca-compliance] | ||
Revision as of 20:39, 6 November 2019
Open CA Bugs in Bugzilla
Open CA Compliance Bugs
A CA compliance bug relates to a concern about a CA's certificates failing to comply with Mozilla's CA Certificate Policy and/or the CA/Browser Forum's Baseline Requirements, and is determined to not be an imminent security concern.
Anyone may create a CA Compliance bug as follows:
- https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificate%20Compliance&version=other
- Whiteboard = [ca-compliance]
ID | Summary | Status | Assigned to | Whiteboard | Last change time |
---|---|---|---|---|---|
1872738 | Buypass: Delayed revocation of TLS certificates | ASSIGNED | Mads Henriksveen | [ca-compliance] [leaf-revocation-delay] Next update 2024-09-15 | 2024-09-18T21:22:58Z |
1877388 | Telekom Security: Revocation delay for TLS certificates with basicConstraints not marked as critical | ASSIGNED | Arnold Essing | [ca-compliance] [leaf-revocation-delay] Next update 2024-10-01 | 2024-09-13T16:16:36Z |
1879845 | Asseco DS / Certum: S/MIME certificates with error in subjectAlternativeName | ASSIGNED | Kateryna Aleksieieva | [ca-compliance] [smime-misissuance] Next update 2024-10-01 | 2024-09-19T18:20:21Z |
1883493 | Izenpe: Failure to Submit Annual CCADB Self-Assessment | ASSIGNED | David | [ca-compliance] [disclosure-failure] [external] | 2024-08-26T16:07:19Z |
1884568 | TWCA: Revocation delay for EV TLS certificates with invalid subject attribute order | ASSIGNED | Hao-Chun Li | [ca-compliance] [leaf-revocation-delay] Next update 2024-10-01 | 2024-09-09T15:32:53Z |
1885568 | VikingCloud: Delayed revocation of TLS certificates in connection to bug #1883779 | ASSIGNED | Andrea Holland | [ca-compliance] [ov-misissuance] [leaf-revocation-delay] Next update 2024-10-23 | 2024-08-16T18:58:11Z |
1886110 | TWCA: Revocation delay for TLS certificates with non-critical basicConstraints | ASSIGNED | chtsai | [ca-compliance] [ov-misissuance] [leaf-revocation-delay] | 2024-09-18T21:21:54Z |
1886135 | CFCA: certificate basicConstraints extension not marked as critical | ASSIGNED | Gao Fei | [ca-compliance] [ov-misissuance] | 2024-09-18T21:19:46Z |
1886532 | Entrust: Delayed revocation of EV TLS certificates with missing cPSuri | ASSIGNED | Paul van Brouwershaven | [ca-compliance] [leaf-revocation-delay] Next update 2024-09-30 | 2024-08-13T17:18:47Z |
1886665 | Hongkong Post: Delayed revocation of TLS certificates with Certificate Policies extension problem | ASSIGNED | Man Ho | [ca-compliance] [leaf-revocation-delay] | 2024-08-01T20:05:04Z |
1887110 | Microsec: Delayed revocation of the misissued certificates | ASSIGNED | dr. Sándor SZŐKE | [ca-compliance] [leaf-revocation-delay] | 2024-08-31T20:11:28Z |
1887888 | Hongkong Post: Delayed revocation of TLS certificates with basicConstraints not marked as critical | ASSIGNED | Man Ho | [ca-compliance] [leaf-revocation-delay] | 2024-08-01T20:05:04Z |
1888060 | GDCA: Issuance of SSL/TLS certificates with Non-critical Basic Constraints | ASSIGNED | capoc | [ca-compliance] [ov-misissuance] | 2024-09-20T01:31:38Z |
1888689 | Asseco DS / Certum: CRL non-conformance with the TLS BRs | ASSIGNED | Kateryna Aleksieieva | [ca-compliance] [crl-failure] [external] Next update 2024-10-01 | 2024-09-19T18:21:57Z |
1888881 | CFCA: Failure to respond to a CPR in a complete and/or timely manner | ASSIGNED | Gao Fei | [ca-compliance] [policy-failure] | 2024-09-12T18:01:32Z |
1888882 | CFCA: Delayed revocation of TLS certificates(basicConstraints extension not marked as critical) | ASSIGNED | Gao Fei | [ca-compliance] [leaf-revocation-delay] | 2024-09-18T21:16:15Z |
1889062 | GDCA: Delayed revocation of SSL/TLS certificates with Non-critical Basic Constraints | ASSIGNED | capoc | [ca-compliance] [leaf-revocation-delay] | 2024-09-20T01:32:41Z |
1890685 | Entrust: Failure to revoke EV TLS certificates issued before CPS update | ASSIGNED | Bruce Morton | [ca-compliance] [policy-failure] [leaf-revocation-delay] Next update 2024-09-30 | 2024-08-30T16:01:31Z |
1891331 | NETLOCK: Policy Qualifiers other than id-qt-cps is included in TLS certificates - delayed revocation | ASSIGNED | Tamás Horváth | [ca-compliance] [leaf-revocation-delay] | 2024-08-01T20:05:04Z |
1892419 | Chunghwa Telecom: Delayed Revocation Due to GTLSCA EKU Misissuance | ASSIGNED | Leo Fang | [ca-compliance] [leaf-revocation-delay] | 2024-09-06T11:14:45Z |
1894111 | Entrust: Not updating CPR Problem Reporting Mechanism fields in CCADB | ASSIGNED | Bruce Morton | [ca-compliance] [policy-failure] Next update 2024-10-31 | 2024-08-30T16:10:46Z |
1896053 | Digicert: Delayed Revocation for bug 1894560 | ASSIGNED | Tim Hollebeek | [ca-compliance] [leaf-revocation-delay] Next update 2024-10-01 | 2024-09-09T15:38:42Z |
1896190 | D-Trust: Issuance of an EV certificate containing a mixup of the Subject's postalCode and localityName | ASSIGNED | Enrico Entschew | [ca-compliance] [ev-misissuance] Next update 2024-10-21 | 2024-09-06T15:32:07Z |
1896553 | Telia: Delayed revocation of seven (7) certificates related to incident 1896108 | ASSIGNED | Antti Backman | [ca-compliance] [leaf-revocation-delay] Next update 2024-10-01 | 2024-09-16T05:07:58Z |
1898848 | Entrust: Delayed revocation of certificates affected by Jurisdiction issue in some EV TLS & Code Signing certificates | ASSIGNED | ngook.kong | [ca-compliance] [leaf-revocation-delay] Next update 2024-09-30 | 2024-08-30T16:01:01Z |
1901270 | Entrust: Action Items from June 2024 Report | ASSIGNED | Ben Wilson | [ca-compliance] [meta] Next update 2024-10-31 | 2024-09-09T18:18:47Z |
1903066 | Chunghwa Telecom: Delayed Revocation with Controversial Extension (2.5.29.9, SubjectDirectoryAttributes) | ASSIGNED | Leo Fang | [ca-compliance] [leaf-revocation-delay] | 2024-09-06T11:14:46Z |
1904038 | Chunghwa Telecom: “Test Website - Valid" URL disclosed to CCADB is expired | ASSIGNED | Tsung-Min Kuo | [ca-compliance] [policy-failure] | 2024-09-06T11:14:46Z |
1904041 | NETLOCK: Intermediate CA Certificate not disclosed to CCADB | ASSIGNED | Nikolett | [ca-compliance] [policy-failure] [disclosure-failure] | 2024-08-30T16:07:55Z |
1904402 | CommScope: Incomplete Incident Report | ASSIGNED | Nicol So | [ca-compliance] [policy-failure] | 2024-09-18T19:31:54Z |
1904748 | GoDaddy : CAA checks did not properly handle issuewild tag allowing FQDN SANs to be added to wildcard certs | ASSIGNED | [:nickname] Star | [ca-compliance] [ov-misissuance] [dv-misissuance] | 2024-09-20T21:18:19Z |
1904749 | GoDaddy : CAA checks passed when records contained incorrect variants of godaddy.com or starfieldtech.com | ASSIGNED | [:nickname] Star | [ca-compliance] [dv-misissuance] [ov-misissuance] [ev-misissuance] | 2024-09-20T21:17:59Z |
1905419 | GoDaddy: Intermittent unauthorized OCSP response when certificate is freshly issued | ASSIGNED | [:nickname] Star | [ca-compliance] [ocsp-failure] | 2024-08-23T18:01:43Z |
1905446 | IdenTrust: Unauthorized OCSP response on a Timestamp certificate | ASSIGNED | IdenTrust | [ca-compliance] [ocsp-failure] Next update 2024-10-15 | 2024-08-30T22:20:28Z |
1905509 | NETLOCK: CPR was not responded to in 24 hours | ASSIGNED | Nikolett | [ca-compliance] [policy-failure] | 2024-09-05T17:30:54Z |
1906467 | Entrust: S/MIME mailbox address not in subjectAltName | ASSIGNED | Bruce Morton | [ca-compliance] [smime-misissuance] Next update 2024-10-31 | 2024-08-30T16:14:58Z |
1906470 | Entrust: S/MIME mailbox address case mismatch between subject and subjectAltName | ASSIGNED | Bruce Morton | [ca-compliance] [smime-misissuance] Next update 2024-10-31 | 2024-08-30T16:21:07Z |
1906690 | Actalis: CRL distribution point with ldap scheme | ASSIGNED | Marco Menonna | [ca-compliance] [crl-failure] | 2024-09-03T15:59:27Z |
1909948 | GoDaddy: Edge Case for Data Reuse Outside of Timeframes | ASSIGNED | [:nickname] Star | [ca-compliance] [dv-misissuance] | 2024-08-05T16:25:38Z |
1910237 | Entrust: Delayed Revocation for S/MIME certificates | ASSIGNED | Bruce Morton | [ca-compliance] [leaf-revocation-delay] Next update 2024-10-31 | 2024-08-30T16:14:29Z |
1910258 | DigiCert: Typo in TLS Org Name | ASSIGNED | Martin Sullivan | [ca-compliance] [ov-misissuance] | 2024-09-20T18:12:06Z |
1910322 | DigiCert: Random value in CNAME without underscore prefix | ASSIGNED | Jeremy Rowley | [ca-compliance] [dv-misissuance] [ov-misissuance] [ev-misissuance] | 2024-09-20T18:04:21Z |
1910512 | CommScope: Certificates not logged in CT logs as stated in CP/CPS | ASSIGNED | Nicol So | [ca-compliance] [policy-failure] | 2024-09-20T17:04:15Z |
1910805 | DigiCert: Delayed revocation of 1910322 | ASSIGNED | Tim Hollebeek | [ca-compliance] [leaf-revocation-delay] Next update 2024-10-01 | 2024-09-23T06:41:28Z |
1911183 | [meta] Delayed Revocation | ASSIGNED | Ben Wilson | [ca-compliance] [meta] [leaf-revocation-delay] | 2024-09-03T16:06:09Z |
1911335 | PKIoverheid: Delayed S/MIME audit report for MoD PKIoverheid G3 CA | ASSIGNED | Jochem van den Berge | [ca-compliance] [audit-delay] | 2024-08-29T14:36:38Z |
1912225 | Sectigo: HTML encoded characters in subject attribute values | ASSIGNED | Martijn Katerbarg | [ca-compliance] [ov-misissuance] | 2024-09-18T19:51:12Z |
1914023 | SwissSign: S/MIME LCP not-permitted key usage | ASSIGNED | Sandy Balzer | [ca-compliance] [smime-misissuance] Next update 2024-10-15 | 2024-09-18T19:24:37Z |
1914065 | Entrust: S/MIME certificates lacking OU verification | ASSIGNED | Bruce Morton | [ca-compliance] [smime-misissuance] Next update 2024-09-30 | 2024-08-30T16:05:20Z |
1914067 | IdenTrust: Expired CRLs | ASSIGNED | IdenTrust | [ca-compliance] [crl-failure] | 2024-09-03T21:48:11Z |
1914365 | SHECA: CRLReason code usage error | ASSIGNED | Alvin.Wang | [ca-compliance] [crl-failure] | 2024-08-27T05:59:45Z |
1914383 | Telekom Security: CRL-Entries with wrong CRL Reason Codes | ASSIGNED | Arnold Essing | [ca-compliance] [crl-failure] | 2024-09-23T10:02:52Z |
1914419 | Actalis: Use of CRLReason Code in Certificate Revocation | ASSIGNED | Marco Menonna | [ca-compliance] [crl-failure] | 2024-09-12T14:47:35Z |
1914911 | DigiCert: Unclear Disclosure of CAA Issuer Domain Names | ASSIGNED | Tim Hollebeek | [ca-compliance] [policy-failure] [external] | 2024-09-18T20:46:18Z |
1914999 | Entrust: S/MIME OrgID Country not matching C field | ASSIGNED | Bruce Morton | [ca-compliance] [smime-misissuance] Next update 2024-10-01 | 2024-09-06T15:42:41Z |
1915883 | Sectigo: Missing data in cabfOrganizationIdentifier | ASSIGNED | Martijn Katerbarg | [ca-compliance] [ev-misissuance] | 2024-09-19T15:18:32Z |
1916392 | Chunghwa Telecom: TLS Certificates Contains two LocalityName Values in SubjectDN by GTLSCA | ASSIGNED | Leo Fang | [ca-compliance] [ov-misissuance] | 2024-09-20T02:08:28Z |
1916478 | emSign PKI Services: Delayed Revocation of SSL/TLS Certificates | ASSIGNED | Naveen Kumar ML | [ca-compliance] [leaf-revocation-delay] | 2024-09-07T15:39:46Z |
1916489 | SwissSign: LDAP URL still in CRL distribution point (CDP) | ASSIGNED | Sandy Balzer | [ca-compliance] [crl-failure] | 2024-09-19T15:00:02Z |
1917046 | NETLOCK: Findings in 2024 Audit - initial report | ASSIGNED | Nikolett | [ca-compliance] [audit-finding] | 2024-09-19T17:02:25Z |
1917224 | Chunghwa Telecom:Delayed Annual Audit Report 2024 | ASSIGNED | Li-Chun CHEN | [ca-compliance] [audit-delay] | 2024-09-10T09:55:32Z |
1917405 | Sectigo: S/MIME OV Mis-issuance | ASSIGNED | Martijn Katerbarg | [ca-compliance] [smime-misissuance] [external] | 2024-09-17T22:34:08Z |
1917459 | emSign PKI Services : OCSP Responder Time Inconsistency | ASSIGNED | Naveen Kumar ML | [ca-compliance] [ocsp-failure] | 2024-09-09T15:49:06Z |
1917571 | Asseco DS / Certum: Organization Identifier and Country field discrepancies | ASSIGNED | Kateryna Aleksieieva | [ca-compliance] [smime-misissuance] | 2024-09-20T14:39:52Z |
1917896 | GlobalSign: Incorrect whois information for TLD | ASSIGNED | Christophe Bonjean | [ca-compliance] [uncategorized] | 2024-09-20T03:43:45Z |
1918380 | Entrust: Business Entity not permitted in CPS | ASSIGNED | Bruce Morton | [ca-compliance] [policy-failure] | 2024-09-19T15:44:39Z |
1918427 | D-Trust: Non-compliance of issued root and intermediate S/MIME certificates | ASSIGNED | Enrico Entschew | [ca-compliance] [uncategorized] | 2024-09-23T05:58:24Z |
1918467 | QuoVadis: Findings in 2024 ETSI Audit of QuoVadis Qualified Web ICA G2 | ASSIGNED | Stephen Davidson | [ca-compliance] [audit-finding] | 2024-09-20T20:46:54Z |
1919162 | IdenTrust: TLS Certificates with outdated certificate profile | ASSIGNED | IdenTrust | [ca-compliance] [ov-misissuance] | 2024-09-18T20:07:48Z |
1919304 | GlobalSign: Caching headers inaccurate for subset of CRLs | ASSIGNED | Christophe Bonjean | [ca-compliance] [crl-failure] | 2024-09-18T19:34:52Z |
70 Total; 70 Open (100%); 0 Resolved (0%); 0 Verified (0%);
Closed CA Bugs
Closed CA Compliance Bugs
A historical view of past CA compliance bugs may be found here: