CA/Incident Dashboard

From MozillaWiki
< CA
Jump to: navigation, search

Open CA Bugs in Bugzilla

Open Incident Related Bugs

Investigation or Discussion

Concern has been raised about certificates that a CA has issued. Investigation and/or discussion in progress.

No results.

0 Total; 0 Open (0%); 0 Resolved (0%); 0 Verified (0%);


Resulting CA Action Items

The concern about a CA's certificates has been confirmed, and the CA has follow-up action items.

No results.

0 Total; 0 Open (0%); 0 Resolved (0%); 0 Verified (0%);


Open CA Compliance Bugs

A CA compliance bug relates to a concern about a CA's certificates failing to comply with Mozilla's CA Certificate Policy and/or the CA/Browser Forum's Baseline Requirements, and is determined to not be an imminent security concern.

Anyone may create a CA Compliance bug as follows:

Full Query
ID Summary Status Assigned to Whiteboard Last change time
1029147 [meta] Bug for Tracking BR Compliance Issues NEW Kathleen Wilson [ca-compliance] -- tracking bug for BR Compliance issues 2017-11-01T15:34:03Z
1304895 DigiCert: TI Trust Technologies Global CA issued certificate with no subject alternative name extension NEW Ben Wilson [ca-compliance] 2017-10-18T21:04:18Z
1335132 DigiCert: Verizon mis-issued test certificates NEW Jeremy [ca-compliance] 2017-10-17T16:23:01Z
1374381 SwissSign: BRs require full annual audits NEW Reinhard Dietrich [ca-compliance] [remediation-accepted] Next Update - 2017-12-01 2017-10-26T00:11:12Z
1390977 Camerfirma: Non-BR-Compliant Certificate Issuance NEW Ramiro Muñoz Muñoz [ca-compliance] 2017-09-09T16:42:16Z
1390978 Certinomis: Non-BR-Compliant Certificate Issuance NEW Franck Leroy [ca-compliance] 2017-10-25T13:28:45Z
1390981 Comodo: Non-BR-Compliant Certificate Issuance NEW Rob Stradling [ca-compliance] 2017-10-24T23:39:27Z
1390988 Consorci AOC: Non-BR-Compliant Certificate Issuance NEW Francesc Ferrer [ca-compliance] 2017-10-16T17:59:05Z
1390990 D-TRUST: Non-BR-Compliant Certificate Issuance NEW Arno Fiedler [ca-compliance] [remediation-accepted] Next Action: 2017-11-03 2017-11-03T07:40:17Z
1390991 Disig: Non-BR-Compliant Certificate Issuance NEW Peter Miskovic [ca-compliance] [remediation-accepted] Next Update - 2017-10 2017-10-13T18:00:38Z
1390994 DocuSign/Keynectis: Non-BR-Compliant Certificate Issuance NEW Erwann Abalea [ca-compliance] 2017-10-19T01:49:23Z
1390996 Entrust: Non-BR-Compliant Certificate Issuance NEW Kirk Hall [ca-compliance] [remediation-accepted] Next Update - 2017-11 2017-11-14T15:32:50Z
1391054 Izenpe: Non-BR-Compliant Certificate Issuance NEW o-garcia [ca-compliance] 2017-11-08T15:46:26Z
1391055 Microsec e-Szigno: Non-BR-Compliant Certificate Issuance NEW dr. Sándor SZŐKE [ca-compliance] 2017-10-11T15:07:58Z
1391056 NetLock: Non-BR-Compliant Certificate Issuance NEW Varga Viktor [ca-compliance] 2017-11-02T14:41:00Z
1391063 QuoVadis: Non-BR-Compliant Certificate Issuance NEW Stephen Davidson [ca-compliance] [remediation-accepted] Next Update - 2017-09-30 2017-11-03T15:50:47Z
1391064 SECOM: Non-BR-Compliant Certificate Issuance NEW Hisashi Kamo [ca-compliance] 2017-10-24T10:18:40Z
1391066 SwissSign: Non-BR-Compliant Certificate Issuance NEW Corneia Enke [ca-compliance] [remediation-accepted] Next Update - 2017-11-04 2017-11-06T12:10:32Z
1391067 Symantec: Non-BR-Compliant Certificate Issuance NEW Steven Medin [ca-compliance] 2017-11-16T03:31:38Z
1391068 Taiwan-CA: Non-BR-Compliant Certificate Issuance NEW Robin Lin [ca-compliance] 2017-10-16T01:36:50Z
1391074 T-Systems: Non-BR-Compliant Certificate Issuance NEW Lothar Eickholt [ca-compliance] 2017-10-20T08:37:10Z
1391087 Visa: Non-BR-Compliant Certificate Issuance NEW Marcelo B. Silva [ca-compliance] 2017-11-08T15:49:39Z
1391089 WISeKey: Non-BR-Compliant Certificate Issuance NEW Pedro Fuentes [ca-compliance] 2017-10-16T11:17:28Z
1391429 GoDaddy: Non-BR-Compliant Certificate Issuance NEW Wayne Thayer [ca-compliance] [remediation-accepted] Next Update - 2017-11-30 2017-09-01T00:12:29Z
1393555 GlobalSign: Non-BR-Compliant Certificate Issuance -- double-dots in dnsName NEW Linus Hallberg [ca-compliance] 2017-10-13T12:42:31Z
1393557 GlobalSign: Non-BR-Compliant Certificate Issuance -- RSA key smaller than 2048 bits NEW Linus Hallberg [ca-compliance] 2017-11-21T19:06:41Z
1397832 GRCA: Signing SHA-1 OCSP responses with unconstrained certificate UNCONFIRMED National Development Council [ca-compliance] 2017-10-17T20:06:23Z
1397957 DigiCert / CTJ: Metadata in OU fields, Reserved IP Address NEW Jeremy [ca-compliance] 2017-10-17T21:43:06Z
1397960 DigiCert / Telecom Italia: Several Problems NEW Jeremy [ca-compliance] 2017-10-24T21:48:49Z
1397961 DigiCert / Justica: Invalid DNS names NEW Jeremy [ca-compliance] 2017-10-18T21:30:33Z
1397963 DigiCert / Wells Fargo: Invalid DNS names NEW Jeremy [ca-compliance] 2017-10-17T16:25:06Z
1397969 DigiCert / Inteso San Paulo: Double dot characters NEW Jeremy [ca-compliance] 2017-10-17T21:33:27Z
1398233 Sertifitseerimiskeskuse: Non-BR-Compliant OCSP Responders NEW Mihkel Tammsalu [ca-compliance] 2017-10-23T06:04:43Z
1398240 Firmaprofesional: Non-BR-Compliant OCSP Responders NEW chemalogo [ca-compliance] 2017-10-18T17:15:04Z
1398242 Disig: Non-BR-Compliant OCSP Responders NEW Peter Miskovic [ca-compliance] 2017-10-13T21:26:22Z
1398243 certSIGN: Non-BR-Compliant OCSP Responders NEW Cristian Garabet [ca-compliance] 2017-10-31T16:49:48Z
1398246 Consorci AOC: Non-BR-Compliant OCSP Responders NEW Francesc Ferrer [ca-compliance] 2017-10-18T12:47:17Z
1398247 DocuSign/Keynectis: Non-BR-Compliant OCSP Responders NEW Erwann Abalea [ca-compliance] 2017-10-18T23:31:02Z
1398251 Staat der Nederlandend / PKIoverheid: Non-BR-Compliant OCSP Responders NEW Mark Janssen [ca-compliance] 2017-10-16T13:49:27Z
1398255 IdenTrust: Non-BR-Compliant OCSP Responders NEW Vishvas Patel [ca-compliance] 2017-10-13T16:02:34Z
1398259 SECOM: Non-BR-Compliant OCSP Responders NEW Hisashi Kamo [ca-compliance] 2017-11-01T08:44:47Z
1398261 Visa: Non-BR-Compliant OCSP Responders NEW Marcelo B. Silva [ca-compliance] 2017-10-16T23:27:02Z
1398269 DigiCert: Non-BR-Compliant OCSP Responders NEW Jeremy [ca-compliance] 2017-10-18T16:56:38Z
1401407 DigiCert Mis-Issuance: Rekey certificates UNCONFIRMED Jeremy [ca-compliance] 2017-10-19T22:21:58Z
1401486 T-Systems/DFN-PKI cablint findings, follow up to T-Systems Bug 1391074 UNCONFIRMED Lothar Eickholt [ca-compliance] 2017-10-27T14:08:35Z
1405817 Actalis: Certs issued with same issuer and serial number NEW ADRIANO SANTONI [ca-compliance] 2017-10-11T07:58:37Z
1409735 RapidSSL CAA Mis-Issuance: Lookup failure on DNSSEC-signed zone UNCONFIRMED Steven Medin [ca-compliance] 2017-11-16T04:52:44Z
1409760 StartCom: CAA Mis-Issuance on CNAME pointing directly to restrictive CAA record UNCONFIRMED Iñigo [ca-compliance] 2017-11-09T11:17:54Z
1409764 Certum: CAA mis-issuance on critical flag and unknown CAA tag UNCONFIRMED Arkadiusz Ławniczak [ca-compliance] 2017-10-23T09:42:28Z
1409766 Certum: CAA Mis-Issuance on CNAME pointing directly to restrictive CAA record UNCONFIRMED Arkadiusz Ławniczak [ca-compliance] 2017-10-23T09:42:25Z
1409859 Startcom CAA Mis-Issuance: Lookup failure on DNSSEC-signed zone UNCONFIRMED Iñigo [ca-compliance] 2017-11-09T11:17:18Z
1410834 Comodo: CAA Mis-Issuance on basic test case UNCONFIRMED Robin Alden [ca-compliance] 2017-11-15T00:14:25Z
1412950 Firmaprofesional: Insufficient Audit Statements NEW Oscar Conesa [ca-compliance] 2017-11-16T11:16:28Z
1413761 Digicert/Symantec: EV JOI Issue UNCONFIRMED Jeremy [ca-compliance] 2017-11-17T00:47:14Z
1417771 DigiCert: Symantec non-constrained/non-disclosed intermediates UNCONFIRMED Jeremy [ca-compliance] 2017-11-18T22:05:58Z
1417777 DigiCert: Insufficient entropy in serial numbers UNCONFIRMED Jeremy [ca-compliance] 2017-11-18T22:06:41Z

56 Total; 56 Open (100%); 0 Resolved (0%); 0 Verified (0%);