CA/Incident Dashboard

From MozillaWiki
< CA
Jump to: navigation, search

Open CA Bugs in Bugzilla

Open CA Compliance Bugs

A CA compliance bug relates to a concern about a CA's certificates failing to comply with Mozilla's CA Certificate Policy and/or the CA/Browser Forum's Baseline Requirements, and is determined to not be an imminent security concern. A CA's response to CA compliance bug includes providing an Incident Report in the bug.

Anyone may create a CA Compliance bug as follows:

Full Query
Summary ID Status Assigned to Whiteboard Last change time Creation time
Asseco DS / Certum: TLS EV certificates with incorrect Subject attribute order 1865080 ASSIGNED Aleksandra Kurosz [ca-compliance] [ev-misissuance] 2023-12-09T05:48:13Z 2023-11-16T14:02:36Z
Buypass: Domain validation using externally operated DNS tools 1839305 ASSIGNED Mads Henriksveen [ca-compliance] [dv-misissuance] [ov-misissuance] Next update 2024-01-12 2023-12-04T15:56:59Z 2023-06-20T08:08:51Z
Buypass: Domain validation using not allowed domain contact 1838421 ASSIGNED Mads Henriksveen [ca-compliance] [dv-misissuance] Next update 2023-12-04 2023-12-04T15:50:21Z 2023-06-14T12:44:32Z
Buypass: TLS certificates not revoked within 5 days 1865368 ASSIGNED Mads Henriksveen [ca-compliance] [leaf-revocation-delay] 2023-12-04T16:01:48Z 2023-11-17T15:55:56Z
Buypass: TLS certificates with incorrect Subject attribute order 1864204 ASSIGNED Mads Henriksveen [ca-compliance] [ov-misissuance] [ev-misissuance] 2023-12-04T16:03:07Z 2023-11-10T16:21:34Z
CFCA: certificate with an incorrect OrganizationName 1838371 ASSIGNED Gao Fei [ca-compliance] [ov-misissuance] 2023-11-06T03:16:37Z 2023-06-14T06:33:13Z
CFCA: CRL Error 1863122 ASSIGNED Gao Fei [ca-compliance] [crl-failure] 2023-11-07T09:05:21Z 2023-11-04T08:09:41Z
CommScope: Certificate not revoked as it was supposed to be 1859812 ASSIGNED Nicol So [ca-compliance] [policy-failure] 2023-11-06T16:12:04Z 2023-10-18T15:41:23Z
D-Trust: Delay beyond 5 days in revoking misissued certificate 1862082 ASSIGNED Enrico Entschew [ca-compliance] [leaf-revocation-delay] 2023-12-09T04:53:54Z 2023-10-30T22:37:09Z
D-Trust: Issuance of 15 DV certificates containing ‘serialNumber’ field within subject 1861069 ASSIGNED Enrico Entschew [ca-compliance] [dv-misissuance] 2023-12-07T11:12:11Z 2023-10-25T14:25:07Z
DigiCert: Certificates issued inconsistent with S/MIME BR v1.0.1 1860697 ASSIGNED Martin Sullivan [ca-compliance] [smime-misissuance] Next update 2023-12-21 2023-11-08T16:31:13Z 2023-10-24T01:40:42Z
e-commerce monitoring GmbH: Delayed revocation 1862004 ASSIGNED Daniel Zens [ca-compliance] [leaf-revocation-delay] 2023-10-31T15:52:01Z 2023-10-30T15:06:09Z
e-commerce monitoring GmbH: SCT in precertificate 1815534 ASSIGNED Daniel Zens [ca-compliance] [ov-misissuance] 2023-11-05T15:40:26Z 2023-02-07T19:33:26Z
Entrust - Postal Code used a Jurisdiction City in EV Certificate 1867130 ASSIGNED Bruce Morton [ca-compliance] [ev-misissuance] 2023-12-06T18:43:09Z 2023-11-28T21:11:24Z
GlobalSign: S/MIME Sponsor validated certificates with CommonName value equal to OrganizationName 1866806 ASSIGNED Christophe Bonjean [ca-compliance] [smime-misissuance] 2023-12-04T09:50:44Z 2023-11-27T15:09:35Z
IdenTrust: Delay beyond 5 days in revoking misissued certificates 1851710 ASSIGNED IdenTrust [ca-compliance] [leaf-revocation-delay] 2023-11-30T15:50:27Z 2023-09-05T22:28:06Z
IdenTrust: S/MIME certificates issued in violation of New S/MIME Baseline Requirements v1.0 1853783 ASSIGNED IdenTrust [ca-compliance] [smime-misissuance] Next update 30-Nov-2023 2023-11-30T21:11:55Z 2023-09-18T21:07:16Z
Microsec: Findings in 2023 Audit 1865880 REOPENED dr. Sándor SZŐKE [ca-compliance] [audit-finding] 2023-12-07T10:38:17Z 2023-11-21T17:11:36Z
NAVER Cloud Trust Services: DV Certificate issued with improperly validated 1866448 ASSIGNED Han Yong, Park [ca-compliance] [dv-misissuance] 2023-12-09T05:03:14Z 2023-11-24T10:14:40Z
PKIoverheid: Delayed audit statements for intermediate CAs 1843265 REOPENED Jochem van den Berge [ca-compliance] [audit-delay] 2023-11-27T10:18:46Z 2023-07-13T11:05:00Z
Sectigo: Inadequate vulnerability scanning and patching 1869056 ASSIGNED Martijn Katerbarg [ca-compliance] [policy-failure] 2023-12-09T05:28:49Z 2023-12-08T21:15:16Z
Sectigo: Late termination of privileged access to Certificate Systems 1830088 REOPENED Martijn Katerbarg [ca-compliance] [policy-failure] Next update 2024-01-31 2023-10-08T19:53:44Z 2023-04-26T14:27:21Z
SSL.com: Findings in 2023 audit 1867851 ASSIGNED Thomas Zermeno [ca-compliance] [audit-finding] 2023-12-05T22:41:01Z 2023-12-01T19:23:02Z
SSL.com: subCA/Reseller Issues 1832570 ASSIGNED Thomas Zermeno [ca-compliance] [policy-failure] Next update 2023-12-01 2023-12-01T18:55:03Z 2023-05-11T13:53:25Z
SwissSign: EV JurisdictionStateOrProvinceName - one certificate not selected for revocation 1866091 ASSIGNED Roman Fischer [ca-compliance] [ev-misissuance] 2023-12-06T15:50:26Z 2023-11-22T15:57:14Z
SwissSign: S/MIME LCP: CN with values other than email address 1848854 ASSIGNED Mike Guenther [ca-compliance] [smime-misissuance] Next update 2023-12-29 2023-11-30T15:57:46Z 2023-08-15T19:36:22Z
Telia: S/MIME certificates issued in violation of S/MIME BR v1.0.1 1856591 ASSIGNED Antti Backman [ca-compliance] [smime-misissuance] Next update at 29.12.2023 2023-11-29T11:32:20Z 2023-10-03T11:35:40Z
Telia: TLS certificates issued in violation of TLS BR v2.0.1 1859314 ASSIGNED Antti Backman [ca-compliance] [ov-misissuance] Next update at 29.12.2023 2023-12-11T05:55:10Z 2023-10-16T14:37:28Z
VikingCloud: Incorrect OCSP Response 1858965 ASSIGNED Andrea Holland [ca-compliance] [ocsp-failure] Next update 2024-01-02 2023-11-02T16:06:50Z 2023-10-13T13:49:21Z

29 Total; 29 Open (100%); 0 Resolved (0%); 0 Verified (0%);


Audit Delays

The compliance bug's whiteboard field is tagged with [audit-delay] whenever a CA is unable to deliver audit statements to Mozilla when they are due. Such bugs should be reported as CA compliance issues, with the following whiteboard tags as described here.

  • Whiteboard = [ca-compliance][audit-delay]
  • For audit delays due to mandated restrictions regarding COVID-19, use Whiteboard = [ca-compliance][audit-delay][covid-19]
Full Query
Summary ID Status Assigned to Whiteboard Last change time Creation time
PKIoverheid: Delayed audit statements for intermediate CAs 1843265 REOPENED Jochem van den Berge [ca-compliance] [audit-delay] 2023-11-27T10:18:46Z 2023-07-13T11:05:00Z

1 Total; 1 Open (100%); 0 Resolved (0%); 0 Verified (0%);


Revocation Delays

The compliance bug's whiteboard field is tagged with [delayed-revocation-ca] or [delayed-revocation-leaf] whenever a CA fails to abide by Mozilla's requirement to revoke certificates in a timely fashion. As discussed in CA/Responding_To_An_Incident#Revocation, Mozilla recognizes that there may be *exceptional* situations that cause a CA to not abide by the Baseline Requirements, which should be accompanied by an Incident Report.

Such bugs should be reported as CA compliance issues, and will be categorized appropriately during triage.

No results.

0 Total; 0 Open (0%); 0 Resolved (0%); 0 Verified (0%);


Closed CA Bugs

Closed CA Compliance Bugs

A historical view of past CA compliance bugs may be found here: