CA/Incident Dashboard: Difference between revisions
< CA
Jump to navigation
Jump to search
(→Open CA Compliance Bugs: update query to remove auditor compliance) |
m (Updated link) |
||
| Line 5: | Line 5: | ||
Anyone may create a CA Compliance bug as follows: | Anyone may create a CA Compliance bug as follows: | ||
* https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificate%20Compliance | * https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificate%20Compliance&version=other | ||
* Whiteboard = [ca-compliance] | * Whiteboard = [ca-compliance] | ||
Revision as of 20:39, 6 November 2019
Open CA Bugs in Bugzilla
Open CA Compliance Bugs
A CA compliance bug relates to a concern about a CA's certificates failing to comply with Mozilla's CA Certificate Policy and/or the CA/Browser Forum's Baseline Requirements, and is determined to not be an imminent security concern.
Anyone may create a CA Compliance bug as follows:
- https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificate%20Compliance&version=other
- Whiteboard = [ca-compliance]
| ID | Summary | Status | Assigned to | Whiteboard | Last change time |
|---|---|---|---|---|---|
| 1885568 | VikingCloud: Delayed revocation of TLS certificates in connection to bug #1883779 | ASSIGNED | VikingCloud CA | [ca-compliance] [ov-misissuance] [leaf-revocation-delay] Next update 2025-07-15 | 2025-06-03T17:09:45Z |
| 1904041 | NETLOCK: Intermediate CA Certificate not disclosed to CCADB | ASSIGNED | Nikolett | [ca-compliance] [policy-failure] [disclosure-failure] | 2025-06-21T19:57:54Z |
| 1911183 | [meta] Delayed Revocation | ASSIGNED | Ben Wilson | [ca-compliance] [meta] [leaf-revocation-delay] | 2025-06-10T20:05:50Z |
| 1911335 | PKIoverheid: Delayed S/MIME audit report for MoD PKIoverheid G3 CA | ASSIGNED | Jochem van den Berge | [ca-compliance] [audit-delay] | 2025-06-04T20:38:46Z |
| 1924385 | D-Trust: Missed Revocation of TLS certificates affected by Bugzilla 1884714 | ASSIGNED | Enrico Entschew | [ca-compliance] [leaf-revocation-delay] Next update 2025-06-30 | 2025-06-02T14:31:56Z |
| 1925106 | DigiCert: Incorrect CP listed in CCADB | ASSIGNED | DigiCert | [ca-compliance] [disclosure-failure] Next update 2025-07-01 | 2025-06-20T16:39:54Z |
| 1927532 | SSL.com: Issuance of certificates using keys previously reported as compromised | ASSIGNED | Rebecca Kelley | [ca-compliance] [dv-misissuance] Next update 2025-06-25 | 2025-06-14T19:06:36Z |
| 1929189 | SwissSign: S/MIME certificates deviate from CPR | ASSIGNED | Mike Guenther | [ca-compliance] [smime-misissuance] | 2025-06-18T15:16:41Z |
| 1947691 | NETLOCK: Bug 1891331 replacement - delayed revocation - | ASSIGNED | Nikolett | [ca-compliance] [leaf-revocation-delay] | 2025-06-18T15:25:48Z |
| 1948600 | IZENPE: Outdated CPS for Izenpe Root | ASSIGNED | David | [ca-compliance] [disclosure-failure] | 2025-06-12T09:58:04Z |
| 1950574 | SECOM: S/MIME CA Modified Opinion Report of Cybertrust Japan (CTJ) | ASSIGNED | ONO Fumiaki | [ca-compliance] [audit-finding] Next update 2025-09-01 | 2025-02-28T15:35:46Z |
| 1952635 | Entrust: Missing or Inconsistent Disclosure of S/MIME BR Audits | ASSIGNED | Bruce Morton | [close on 2025-06-17] [ca-compliance] [audit-failure] | 2025-06-18T15:21:19Z |
| 1957140 | SSL.com: "unknown" OCSP response for issued certificates | ASSIGNED | SSL.com | [ca-compliance] [ocsp-failure] Next update 2025-06-26 | 2025-06-18T15:22:17Z |
| 1957499 | DigiCert: Persistent failure to answer questions in a timely manner | ASSIGNED | DigiCert | [ca-compliance] [disclosure-failure] [external] | 2025-06-21T20:45:32Z |
| 1959733 | CFCA: Failed to respond a Certificate Problem Report within 24 hours which violates Section 4.9.5 of the TLS BRs | ASSIGNED | Michael | [ca-compliance] [policy-failure] Next update 2025-06-30 | 2025-05-25T18:34:57Z |
| 1961406 | SSL.com: DCV bypass and issue fake certificates for any MX hostname | ASSIGNED | Rebecca Kelley | [ca-compliance] [dv-misissuance] [external] | 2025-06-18T15:51:48Z |
| 1962426 | NETLOCK: CA/Browser Forum TLS BR Non-compliance | ASSIGNED | Nikolett | [ca-compliance] [policy-failure] | 2025-06-20T13:07:42Z |
| 1962809 | SSL.com: Expired certificate for a “Valid” Test Website | ASSIGNED | Rebecca Kelley | [ca-compliance] [policy-failure] Next update 2025-07-03 | 2025-06-21T19:57:16Z |
| 1962829 | Microsoft PKI Services: Policy document bug | ASSIGNED | Microsoft PKI Services | [ca-compliance] [policy-failure] Next update 2025-06-27 | 2025-06-20T21:41:25Z |
| 1963456 | GoDaddy: CA Certificates with HTTPS URL in AIA Field | ASSIGNED | Steven Deitte | [ca-compliance] [ca-misissuance] | 2025-06-16T12:23:10Z |
| 1963629 | HARICA: One of the two Certificate Problem Report email aliases not working | ASSIGNED | Dimitris Zacharopoulos | [ca-compliance] [policy-failure] Next update 2025-06-27 | 2025-06-19T16:56:53Z |
| 1963778 | FNMT: CP/CPS, Revocation Requests Mechanism, Certificate Problem Report, CRL and OCSP disruption | ASSIGNED | Amaya Espinosa | [ca-compliance] [policy-failure] | 2025-06-19T21:50:29Z |
| 1964866 | SHECA: OCSP service response error | ASSIGNED | SHECA | [ca-compliance] [ocsp-failure] | 2025-06-05T01:43:26Z |
| 1965459 | Telia: S/MIME Misissuance incorrect AIA id-ca-caIssuer http:URI | ASSIGNED | Antti Backman | [ca-compliance] [smime-misissuance] | 2025-06-19T05:06:28Z |
| 1965559 | eMudhra: Delayed Publication of Issuing CA Certificates In CCADB | ASSIGNED | Naveen Kumar ML | [ca-compliance] [disclosure-failure] | 2025-06-16T04:51:53Z |
| 1965612 | Microsoft PKI Services: Failure to Revoke in 5 Days for 1962829 | ASSIGNED | Microsoft PKI Services | [ca-compliance] [leaf-revocation-delay] | 2025-06-20T23:38:17Z |
| 1965828 | SwissSign: OCSP outage | ASSIGNED | Roman Fischer | [ca-compliance] [ocsp-failure] Next update 2025-07-18 | 2025-06-20T17:33:24Z |
| 1966006 | KIR: Intermediate CA - SZAFIR Trusted CA3 - revocation status not changed in CCADB | ASSIGNED | Waldemar Brzozowski | [ca-compliance] [disclosure-failure] | 2025-06-16T15:11:41Z |
| 1967929 | KIR: Failed to respond a Certificate Problem Report within 24 hours | ASSIGNED | Piotr Grabowski | [ca-compliance] [policy-failure] | 2025-06-19T14:28:44Z |
| 1967951 | FNMT: Delayed Disclosure of Updated Policy Documents in the CCADB | ASSIGNED | Amaya Espinosa | [ca-compliance] [disclosure-failure] | 2025-06-16T15:12:58Z |
| 1968246 | Entrust: Incomplete privileged access removal within 24 hours | ASSIGNED | Bruce Morton | [ca-compliance] [policy-failure] | 2025-06-17T14:46:17Z |
| 1968836 | Certainly: Sample Websites Unavailable | ASSIGNED | Daniel Jeffery | [ca-compliance] [policy-failure] | 2025-06-16T22:53:30Z |
| 1969036 | Telia: TLS incorrect AIA caIssuer URI and incorrect CDP | ASSIGNED | Antti Backman | [ca-compliance] [ov-misissuance] Next update 2025-06-27 | 2025-06-14T19:34:33Z |
| 1969296 | GoDaddy: Certificates with invalid embedded SCT signatures | ASSIGNED | Steven Deitte | [ca-compliance] [dv-misissuance] | 2025-06-19T17:38:32Z |
| 1969842 | ANF AC: Finding #1 ETSI Audit - Missing log retention period in Terms and Conditions v1.9 | ASSIGNED | Pablo Díaz | [ca-compliance] [audit-finding] | 2025-06-03T14:50:47Z |
| 1970259 | GoDaddy: Precertificates incorrectly logged to DigiCert SCT Logs | ASSIGNED | Steven Deitte | [ca-compliance] [uncategorized] | 2025-06-19T19:38:09Z |
| 1970559 | ANF AC: Finding #3 ETSI Audit - Improve documental explanation revocation request >24h on CPS | ASSIGNED | Pablo Díaz | [ca-compliance] [audit-finding] | 2025-06-05T15:35:39Z |
| 1970565 | ANF AC: Finding #2 ETSI Audit - Information security policy not updated on the website | ASSIGNED | Yulier Nuñez | [ca-compliance] [audit-finding] | 2025-06-05T15:34:42Z |
| 1970567 | ANF AC: Finding #4 ETSI Audit - Missing one Revocation circumstance on CPS | ASSIGNED | Yulier Nuñez | [ca-compliance] [audit-finding] | 2025-06-05T15:33:58Z |
| 1970727 | eMudhra: Failure to respond to a Problem Report within 24 hours | ASSIGNED | Naveen Kumar ML | [ca-compliance] [policy-failure] | 2025-06-16T09:15:27Z |
| 1970728 | eMudhra: Invalid CRL signatures | ASSIGNED | Naveen Kumar ML | [ca-compliance] [crl-failure] [external] | 2025-06-20T17:30:30Z |
| 1970968 | Microsoft PKI Services: Incorrect Revocation Reason Code | ASSIGNED | Microsoft PKI Services | [ca-compliance] [crl-failure] | 2025-06-20T21:53:49Z |
| 1972158 | Sectigo: Lack of documentation for vulnerability NVD rating adjustment | ASSIGNED | Martijn Katerbarg | [ca-compliance] [policy-failure] | 2025-06-15T22:42:20Z |
| 1972547 | Sectigo: Lack of technical controls for multiparty control access to Secure Zone | ASSIGNED | Martijn Katerbarg | [ca-compliance] [policy-failure] | 2025-06-17T14:48:00Z |
| 1972745 | Let's Encrypt: Deployed Unreviewed Boulder Code | ASSIGNED | Jacob Hoffman-Andrews | [ca-compliance] [policy-failure] | 2025-06-19T16:26:14Z |
| 1972887 | A-Trust: TLS non-compliance detected during linter implementation | ASSIGNED | Ramin Sabet | [ca-compliance] [ov-misissuance] | 2025-06-21T15:34:59Z |
| 1973027 | Certigna: Finding #1 ETSI Audit – French translation missing from S/MIME CP/CPS | ASSIGNED | Josselin Allemandou | [ca-compliance] [audit-finding] | 2025-06-19T20:58:38Z |
| 1973032 | Certigna: Finding #2 ETSI Audit - Risks regarding the certification of device not described | ASSIGNED | Josselin Allemandou | [ca-compliance] [audit-finding] | 2025-06-19T20:59:15Z |
| 1973034 | Certigna: Finding #3 ETSI Audit – Event log protection beyond seven years shall be improved | ASSIGNED | Josselin Allemandou | [ca-compliance] [audit-finding] | 2025-06-19T20:59:43Z |
| 1973236 | ANF AC: Delayed Disclosure of Updated Policy Documents in CCADB | ASSIGNED | Pablo Díaz | [ca-compliance] [disclosure-failure] | 2025-06-20T17:24:24Z |
| 1973238 | Actalis: incorrect CP/S Last Update date in CCADB | ASSIGNED | Adriano Santoni | [ca-compliance] [disclosure-failure] | 2025-06-20T17:22:04Z |
| 1973341 | eMudhra emSign PKI Services :Policy Document Inconsistency | ASSIGNED | Naveen Kumar ML | [ca-compliance] [uncategorized] | 2025-06-21T19:50:05Z |
52 Total; 52 Open (100%); 0 Resolved (0%); 0 Verified (0%);
Closed CA Bugs
Closed CA Compliance Bugs
A historical view of past CA compliance bugs may be found here: