CA/Incident Dashboard: Difference between revisions
< CA
Jump to navigation
Jump to search
(Moved Closed bugs section to separate wiki page) |
(Bugzilla component changed from CA Certificate Mis-issuance to CA Certificate Compliance) |
||
| Line 7: | Line 7: | ||
<bugzilla> | <bugzilla> | ||
{ | { | ||
"component":"CA Certificate | "component":"CA Certificate Compliance", | ||
"status":["UNCONFIRMED", "NEW", "ASSIGNED", "REOPENED"], | "status":["UNCONFIRMED", "NEW", "ASSIGNED", "REOPENED"], | ||
"whiteboard":"ca-investigation", | "whiteboard":"ca-investigation", | ||
| Line 19: | Line 19: | ||
<bugzilla> | <bugzilla> | ||
{ | { | ||
"component":"CA Certificate | "component":"CA Certificate Compliance", | ||
"status":["UNCONFIRMED", "NEW", "ASSIGNED", "REOPENED"], | "status":["UNCONFIRMED", "NEW", "ASSIGNED", "REOPENED"], | ||
"whiteboard":"ca-incident", | "whiteboard":"ca-incident", | ||
| Line 31: | Line 31: | ||
Anyone may create a CA Compliance bug as follows: | Anyone may create a CA Compliance bug as follows: | ||
* https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificate% | * https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificate%20Compliance | ||
* Whiteboard = [ca-compliance] | * Whiteboard = [ca-compliance] | ||
<bugzilla> | <bugzilla> | ||
{ | { | ||
"component":"CA Certificate | "component":"CA Certificate Compliance", | ||
"status":["UNCONFIRMED", "NEW", "ASSIGNED", "REOPENED"], | "status":["UNCONFIRMED", "NEW", "ASSIGNED", "REOPENED"], | ||
"whiteboard":"compliance", | "whiteboard":"compliance", | ||
Revision as of 21:38, 13 November 2018
Open CA Bugs in Bugzilla
Open Incident Related Bugs
Investigation or Discussion
Concern has been raised about certificates that a CA has issued. Investigation and/or discussion in progress.
No results.
0 Total; 0 Open (0%); 0 Resolved (0%); 0 Verified (0%);
Resulting CA Action Items
The concern about a CA's certificates has been confirmed, and the CA has follow-up action items.
No results.
0 Total; 0 Open (0%); 0 Resolved (0%); 0 Verified (0%);
Open CA Compliance Bugs
A CA compliance bug relates to a concern about a CA's certificates failing to comply with Mozilla's CA Certificate Policy and/or the CA/Browser Forum's Baseline Requirements, and is determined to not be an imminent security concern.
Anyone may create a CA Compliance bug as follows:
- https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificate%20Compliance
- Whiteboard = [ca-compliance]
| ID | Summary | Status | Assigned to | Whiteboard | Last change time |
|---|---|---|---|---|---|
| 1885568 | VikingCloud: Delayed revocation of TLS certificates in connection to bug #1883779 | ASSIGNED | VikingCloud CA | [ca-compliance] [ov-misissuance] [leaf-revocation-delay] | 2025-05-22T20:30:28Z |
| 1904041 | NETLOCK: Intermediate CA Certificate not disclosed to CCADB | ASSIGNED | Nikolett | [ca-compliance] [policy-failure] [disclosure-failure] | 2025-05-30T15:33:05Z |
| 1910805 | DigiCert: Delayed revocation of 1910322 | ASSIGNED | DigiCert | [ca-compliance] [leaf-revocation-delay] Next update 2025-05-30 | 2025-05-28T21:16:18Z |
| 1911183 | [meta] Delayed Revocation | ASSIGNED | Ben Wilson | [ca-compliance] [meta] [leaf-revocation-delay] | 2024-11-20T16:01:15Z |
| 1911335 | PKIoverheid: Delayed S/MIME audit report for MoD PKIoverheid G3 CA | ASSIGNED | Jochem van den Berge | [ca-compliance] [audit-delay] | 2025-05-16T18:48:14Z |
| 1924385 | D-Trust: Missed Revocation of TLS certificates affected by Bugzilla 1884714 | ASSIGNED | Enrico Entschew | [ca-compliance] [leaf-revocation-delay] Next update 2025-06-01 | 2025-05-31T21:53:31Z |
| 1925106 | DigiCert: Incorrect CP listed in CCADB | ASSIGNED | DigiCert | [ca-compliance] [disclosure-failure] Next update 2025-07-01 | 2025-05-29T20:18:54Z |
| 1927532 | SSL.com: Issuance of certificates using keys previously reported as compromised | ASSIGNED | Rebecca Kelley | [ca-compliance] [dv-misissuance] Next update 2025-06-13 | 2025-05-30T19:26:48Z |
| 1929189 | SwissSign: S/MIME certificates deviate from CPR | ASSIGNED | Mike Guenther | [ca-compliance] [smime-misissuance] Next update 2025-06-17 | 2025-05-28T17:24:27Z |
| 1938167 | NETLOCK: CRL not published in DER Encoded Format | ASSIGNED | Nikolett | [ca-compliance] [crl-failure] | 2025-05-30T07:56:19Z |
| 1940957 | Telia: TLS OV certificate with subject countryName and localityName mismatch | ASSIGNED | Antti Backman | [ca-compliance] [ov-misissuance] Next update 2025-06-13 | 2025-05-23T16:15:36Z |
| 1945536 | DigiCert: Outdated CPS for 13 Roots in CCADB | REOPENED | DigiCert | [close on 2025-05-30] [ca-compliance] [policy-failure] [disclosure-failure] | 2025-05-30T19:19:50Z |
| 1947691 | NETLOCK: Bug 1891331 replacement - delayed revocation - | ASSIGNED | Nikolett | [ca-compliance] [leaf-revocation-delay] | 2025-05-30T11:31:33Z |
| 1948600 | IZENPE: Outdated CPS for Izenpe Root | ASSIGNED | David | [ca-compliance] [disclosure-failure] | 2025-05-30T12:34:54Z |
| 1950574 | SECOM: S/MIME CA Modified Opinion Report of Cybertrust Japan (CTJ) | ASSIGNED | ONO Fumiaki | [ca-compliance] [audit-finding] Next update 2025-09-01 | 2025-02-28T15:35:46Z |
| 1952635 | Entrust: Missing or Inconsistent Disclosure of S/MIME BR Audits | ASSIGNED | Bruce Morton | [ca-compliance] [audit-failure] Next update 2025-06-02 | 2025-05-27T17:36:45Z |
| 1955721 | Let's Encrypt: Failure to Document Analysis of Detected Vulnerabilities | ASSIGNED | Phil Porada | [ca-compliance] [policy-failure] | 2025-05-19T17:27:29Z |
| 1957140 | SSL.com: "unknown" OCSP response for issued certificates | ASSIGNED | SSL.com | [ca-compliance] [ocsp-failure] Next update 2025-06-12 | 2025-05-29T22:02:12Z |
| 1957474 | Netlock: Failure to Provide Weekly Updates | ASSIGNED | Nikolett | [ca-compliance] [policy-failure] [external] | 2025-05-30T14:20:14Z |
| 1957499 | DigiCert: Persistent failure to answer questions in a timely manner | ASSIGNED | DigiCert | [ca-compliance] [disclosure-failure] [external] | 2025-05-28T21:16:53Z |
| 1958645 | Asseco DS / Certum: DNS service outage | ASSIGNED | Kateryna Aleksieieva | [ca-compliance] [uncategorized] | 2025-05-27T01:32:13Z |
| 1959278 | Chunghwa telecom: delayed revocation for bug 1951415 | ASSIGNED | Tsung-Min Kuo | [ca-compliance] [leaf-revocation-delay] | 2025-05-27T10:05:56Z |
| 1959721 | Lawtrust: The S/MIME CA’s policy identifiers did not align with the CA/Browser Forum Requirements. | ASSIGNED | Marcile De Waal | [ca-compliance] [policy-failure] | 2025-05-15T13:03:23Z |
| 1959733 | CFCA: Failed to respond a Certificate Problem Report within 24 hours which violates Section 4.9.5 of the TLS BRs | ASSIGNED | Michael | [ca-compliance] [policy-failure] Next update 2025-06-30 | 2025-05-25T18:34:57Z |
| 1959867 | Google Trust Services: Inconsistent MPCAA secondary perspective logging | ASSIGNED | Google Trust Services | [ca-compliance] [policy-failure] | 2025-05-29T15:05:14Z |
| 1961406 | SSL.com: DCV bypass and issue fake certificates for any MX hostname | ASSIGNED | Rebecca Kelley | [ca-compliance] [dv-misissuance] [external] | 2025-05-23T16:43:40Z |
| 1962426 | NETLOCK: CA/Browser Forum TLS BR Non-compliance | ASSIGNED | Nikolett | [ca-compliance] [policy-failure] | 2025-05-30T14:28:00Z |
| 1962809 | SSL.com: Expired certificate for a “Valid” Test Website | ASSIGNED | Rebecca Kelley | [ca-compliance] [policy-failure] Next update 2025-06-06 | 2025-05-22T16:01:34Z |
| 1962829 | Microsoft PKI Services: Policy document bug | ASSIGNED | Microsoft PKI Services | [ca-compliance] [policy-failure] | 2025-05-31T00:32:55Z |
| 1962830 | Microsoft PKI Services: Subscriber certificate change made that was not compliant with CPS | ASSIGNED | Microsoft PKI Services | [ca-compliance] [policy-failure] | 2025-05-31T00:37:51Z |
| 1963456 | GoDaddy: CA Certificates with HTTPS URL in AIA Field | ASSIGNED | Steven Deitte | [ca-compliance] [ca-misissuance] | 2025-05-28T22:55:25Z |
| 1963629 | HARICA: One of the two Certificate Problem Report email aliases not working | ASSIGNED | Dimitris Zacharopoulos | [ca-compliance] [policy-failure] Next update 2025-06-27 | 2025-05-23T16:05:46Z |
| 1963663 | Certigna: Multiple Reserved Certificate Policy Identifiers in CA certificates | ASSIGNED | Josselin Allemandou | [ca-compliance] [ca-misissuance] | 2025-05-19T11:35:00Z |
| 1963778 | FNMT: CP/CPS, Revocation Requests Mechanism, Certificate Problem Report, CRL and OCSP disruption | ASSIGNED | Amaya Espinosa | [ca-compliance] [policy-failure] | 2025-05-15T11:55:11Z |
| 1964167 | VikingCloud: Missing CRL in CCADB | ASSIGNED | VikingCloud CA | [ca-compliance] [disclosure-failure] | 2025-05-29T21:59:14Z |
| 1964866 | SHECA: OCSP service response error | ASSIGNED | Alvin.Wang | [ca-compliance] [ocsp-failure] | 2025-05-29T14:36:17Z |
| 1965459 | Telia: S/MIME Misissuance incorrect AIA id-ca-caIssuer http:URI | ASSIGNED | Antti Backman | [ca-compliance] [smime-misissuance] | 2025-05-30T05:05:11Z |
| 1965559 | eMudhra: Delayed Publication of Issuing CA Certificates In CCADB | ASSIGNED | Naveen Kumar ML | [ca-compliance] [disclosure-failure] | 2025-05-26T09:19:39Z |
| 1965612 | Microsoft PKI Services: Failure to Revoke in 5 Days for 1962829 | ASSIGNED | Microsoft PKI Services | [ca-compliance] [leaf-revocation-delay] | 2025-05-31T02:59:31Z |
| 1965804 | certSIGN: Findings in 2025 ETSI Audit - Audit Incident Report #1 – Improve clarity in CPS | ASSIGNED | Gabriel PETCU | [ca-compliance] [audit-finding] | 2025-05-19T08:06:05Z |
| 1965805 | certSIGN: Findings in 2025 ETSI Audit - Audit Incident Report #2 – Add test certificates in CPS | ASSIGNED | Gabriel PETCU | [ca-compliance] [audit-finding] | 2025-05-29T10:46:33Z |
| 1965806 | certSIGN: Findings in 2025 ETSI Audit - Audit Incident Report #3 – Missing certSIGN OID on Terms and Conditions | ASSIGNED | Gabriel PETCU | [ca-compliance] [audit-finding] | 2025-05-19T08:59:08Z |
| 1965807 | certSIGN: Findings in 2025 ETSI Audit - Audit Incident Report #4 – Expired cert with bad order of attributes | ASSIGNED | Gabriel PETCU | [ca-compliance] [audit-finding] | 2025-05-19T14:16:04Z |
| 1965808 | certSIGN: Findings in 2025 ETSI Audit - Audit Incident Report #5 – Conflicting info in CPS | ASSIGNED | Gabriel PETCU | [ca-compliance] [audit-finding] | 2025-05-19T09:37:06Z |
| 1965828 | SwissSign: OCSP outage | ASSIGNED | Roman Fischer | [ca-compliance] [ocsp-failure] | 2025-05-30T05:45:44Z |
| 1966006 | KIR: Intermediate CA - SZAFIR Trusted CA3 - revocation status not changed in CCADB | ASSIGNED | Waldemar Brzozowski | [ca-compliance] [disclosure-failure] | 2025-05-21T21:56:55Z |
| 1966515 | Let's Encrypt: Issuance for Invalid Internationalized Domain Name | ASSIGNED | Aaron Gable | [close on 2025-06-03] [ca-compliance] [uncategorized] | 2025-05-28T17:32:29Z |
| 1967929 | KIR: Failed to respond a Certificate Problem Report within 24 hours | ASSIGNED | Piotr Grabowski | [ca-compliance] [policy-failure] | 2025-05-29T15:54:34Z |
| 1967951 | FNMT: Delayed Disclosure of Updated Policy Documents in the CCADB | ASSIGNED | Amaya Espinosa | [ca-compliance] [disclosure-failure] | 2025-05-22T14:47:09Z |
| 1968246 | Entrust: Incomplete privileged access removal within 24 hours | ASSIGNED | Bruce Morton | [ca-compliance] [policy-failure] | 2025-05-23T15:59:13Z |
| 1968836 | Certainly: Sample Websites Unavailable | ASSIGNED | Daniel Jeffery | [ca-compliance] [policy-failure] | 2025-05-29T16:28:03Z |
| 1969036 | Telia: TLS incorrect AIA caIssuer URI and incorrect CDP | ASSIGNED | Antti Backman | [ca-compliance] [ov-misissuance] | 2025-05-29T16:29:06Z |
| 1969296 | GoDaddy: Certificates with invalid embedded SCT signatures | ASSIGNED | Steven Deitte | [ca-compliance] [dv-misissuance] | 2025-06-01T16:00:36Z |
53 Total; 53 Open (100%); 0 Resolved (0%); 0 Verified (0%);
Closed CA Bugs
Closed CA Compliance Bugs
A historical view of past CA compliance bugs may be found here: