CA/Incident Dashboard

From MozillaWiki
< CA
Jump to: navigation, search

Open CA Bugs in Bugzilla

Open Incident Related Bugs

Investigation or Discussion

Concern has been raised about certificates that a CA has issued. Investigation and/or discussion in progress.

ID Summary Status Assigned to Whiteboard Last change time

0 Total; 0 Open (0%); 0 Resolved (0%); 0 Verified (0%);

Resulting CA Action Items

The concern about a CA's certificates has been confirmed, and the CA has follow-up action items.

ID Summary Status Assigned to Whiteboard Last change time
1335132 DigiCert: Verizon mis-issued test certificates NEW Kathleen Wilson [ca-incident-response] 2017-09-13T20:01:54Z

1 Total; 1 Open (100%); 0 Resolved (0%); 0 Verified (0%);

Open CA Compliance Bugs

A CA compliance bug relates to a concern about a CA's certificates failing to comply with Mozilla's CA Certificate Policy and/or the CA/Browser Forum's Baseline Requirements, and is determined to not be an imminent security concern.

Anyone may create a CA Compliance bug as follows:

ID Summary Status Assigned to Whiteboard Last change time
1029147 [meta] Bug for Tracking BR Compliance Issues NEW Kathleen Wilson [ca-compliance] -- tracking bug for BR Compliance issues 2017-09-20T22:36:17Z
1304895 DigiCert: TI Trust Technologies Global CA issued certificate with no subject alternative name extension NEW Kathleen Wilson [ca-compliance] 2017-09-20T04:29:52Z
1357067 Camerfirma: certs with duplicate SANs and without localityName or stateOrProvinceName NEW Kathleen Wilson [ca-compliance] 2017-09-22T15:43:11Z
1368171 Firmaprofesional: Non-audited, non-technically-constrained intermediate certs NEW Oscar Conesa [ca-compliance] 2017-09-20T17:27:47Z
1369359 StartCom: mis-issuance of certs with unvalidated domain names and bogus field values NEW Kathleen Wilson [ca-compliance] 2017-09-20T01:37:31Z
1374381 SwissSign: BRs require full annual audits NEW Kathleen Wilson [ca-compliance] 2017-09-22T05:20:46Z
1386891 Certinomis: Cross-signing of StartCom intermediate certs, and delay in reporting it in CCADB NEW Kathleen Wilson [ca-compliance] 2017-09-21T23:25:24Z
1390977 Camerfirma: Non-BR-Compliant Certificate Issuance NEW Ramiro Muñoz Muñoz [ca-compliance] 2017-09-09T16:42:16Z
1390978 Certinomis: Non-BR-Compliant Certificate Issuance NEW Franck Leroy [ca-compliance] 2017-09-18T12:32:42Z
1390979 certSIGN: Non-BR-Compliant Certificate Issuance NEW Cristian Garabet [ca-compliance] [remediation-accepted] Next Update: 2017-10-01 2017-09-09T16:23:32Z
1390981 Comodo: Non-BR-Compliant Certificate Issuance NEW Rob Stradling [ca-compliance] 2017-09-19T14:03:33Z
1390988 Consorci AOC: Non-BR-Compliant Certificate Issuance NEW Francesc Ferrer [ca-compliance] 2017-09-15T12:25:58Z
1390990 D-TRUST: Non-BR-Compliant Certificate Issuance NEW Arno Fiedler [ca-compliance] [remediation-accepted] Next Action: 2017-09-29 2017-09-16T01:58:26Z
1390991 Disig: Non-BR-Compliant Certificate Issuance NEW Peter Miskovic [ca-compliance] [remediation-accepted] Next Update - 2017-09 2017-09-20T13:29:33Z
1390994 DocuSign/Keynectis: Non-BR-Compliant Certificate Issuance NEW Erwann Abalea [ca-compliance] 2017-09-13T19:22:57Z
1390996 Entrust: Non-BR-Compliant Certificate Issuance NEW Kirk Hall [ca-compliance] [remediation-accepted] Next Update - 2017-11 2017-08-25T19:52:54Z
1391000 IdenTrust: Non-BR-Compliant Certificate Issuance REOPENED Vishvas Patel [ca-compliance] 2017-09-19T19:02:02Z
1391054 Izenpe: Non-BR-Compliant Certificate Issuance NEW o-garcia [ca-compliance] 2017-09-15T12:36:36Z
1391055 Microsec e-Szigno: Non-BR-Compliant Certificate Issuance NEW dr. Sándor SZŐKE [ca-compliance] 2017-09-07T14:58:50Z
1391056 NetLock: Non-BR-Compliant Certificate Issuance NEW Varga Viktor [ca-compliance] 2017-09-13T14:57:28Z
1391058 PROCERT: Non-BR-Compliant Certificate Issuance NEW Procert [ca-compliance] 2017-09-21T21:13:01Z
1391063 QuoVadis: Non-BR-Compliant Certificate Issuance NEW Stephen Davidson [ca-compliance] [remediation-accepted] Next Update - 2017-09-01 2017-09-21T13:41:29Z
1391064 SECOM: Non-BR-Compliant Certificate Issuance NEW Hisashi Kamo [ca-compliance] 2017-09-08T11:08:19Z
1391066 SwissSign: Non-BR-Compliant Certificate Issuance NEW Corneia Enke [ca-compliance] [remediation-accepted] Next Update - 2017-09-05 2017-09-22T05:23:26Z
1391067 Symantec: Non-BR-Compliant Certificate Issuance NEW Steven Medin [ca-compliance] 2017-09-19T14:41:33Z
1391068 Taiwan-CA: Non-BR-Compliant Certificate Issuance NEW Robin Lin [ca-compliance] 2017-09-15T02:59:57Z
1391074 T-Systems: Non-BR-Compliant Certificate Issuance NEW Lothar Eickholt [ca-compliance] 2017-09-20T09:40:36Z
1391087 Visa: Non-BR-Compliant Certificate Issuance NEW Marcelo B. Silva [ca-compliance] 2017-09-19T15:19:33Z
1391089 WISeKey: Non-BR-Compliant Certificate Issuance NEW Pedro Fuentes [ca-compliance] 2017-09-19T15:02:20Z
1391429 GoDaddy: Non-BR-Compliant Certificate Issuance NEW Wayne Thayer [ca-compliance] [remediation-accepted] Next Update - 2017-11-30 2017-09-01T00:12:29Z
1393555 GlobalSign: Non-BR-Compliant Certificate Issuance -- double-dots in dnsName NEW Linus Hallberg [ca-compliance] 2017-09-08T11:26:11Z
1393557 GlobalSign: Non-BR-Compliant Certificate Issuance -- RSA key smaller than 2048 bits NEW Linus Hallberg [ca-compliance] 2017-09-12T11:01:56Z
1397951 DigiCert / InfoCert: Insufficient Serial Number Entropy NEW Jeremy [ca-compliance] 2017-09-22T14:21:32Z
1397957 DigiCert / CTJ: Metadata in OU fields, Reserved IP Address NEW Jeremy [ca-compliance] 2017-09-12T00:15:33Z
1397960 DigiCert / Telecom Italia: Several Problems NEW Jeremy [ca-compliance] 2017-09-21T15:38:27Z
1397961 DigiCert / Justica: Invalid DNS names NEW Jeremy [ca-compliance] 2017-09-21T18:54:02Z
1397963 DigiCert / Wells Fargo: Invalid DNS names NEW Jeremy [ca-compliance] 2017-09-20T07:20:28Z
1397969 DigiCert / Inteso San Paulo: Double dot characters NEW Jeremy [ca-compliance] 2017-09-18T16:20:31Z
1398233 Sertifitseerimiskeskuse: Non-BR-Compliant OCSP Responders NEW Kathleen Wilson [ca-compliance] 2017-09-19T15:39:02Z
1398240 Firmaprofesional: Non-BR-Compliant OCSP Responders NEW chemalogo [ca-compliance] 2017-09-21T12:59:40Z
1398242 Disig: Non-BR-Compliant OCSP Responders NEW Peter Miskovic [ca-compliance] 2017-09-19T14:34:20Z
1398243 certSIGN: Non-BR-Compliant OCSP Responders NEW Cristian Garabet [ca-compliance] 2017-09-15T12:43:36Z
1398246 Consorci AOC: Non-BR-Compliant OCSP Responders NEW Francesc Ferrer [ca-compliance] 2017-09-21T13:35:06Z
1398247 DocuSign/Keynectis: Non-BR-Compliant OCSP Responders NEW Erwann Abalea [ca-compliance] 2017-09-21T13:23:46Z
1398251 Staat der Nederlandend / PKIoverheid: Non-BR-Compliant OCSP Responders NEW Mark Janssen [ca-compliance] 2017-09-13T05:32:03Z
1398255 IdenTrust: Non-BR-Compliant OCSP Responders NEW Vishvas Patel [ca-compliance] 2017-09-21T13:32:15Z
1398258 Izenpe: Non-BR-Compliant OCSP Responders NEW o-garcia [ca-compliance] 2017-09-21T13:31:56Z
1398259 SECOM: Non-BR-Compliant OCSP Responders NEW Hisashi Kamo [ca-compliance] 2017-09-22T06:12:36Z
1398261 Visa: Non-BR-Compliant OCSP Responders NEW Marcelo B. Silva [ca-compliance] 2017-09-21T13:35:18Z
1398269 DigiCert: Non-BR-Compliant OCSP Responders NEW Jeremy [ca-compliance] 2017-09-21T21:27:56Z
1398428 Amazon: CAA Misissuances UNCONFIRMED Peter Bowen [ca-compliance] 2017-09-21T16:47:07Z
1401211 NetLock: Non-BR-Compliant Certificate Issuance -- * in not the leftmost position in dnsName UNCONFIRMED Varga Viktor [ca-compliance] 2017-09-20T11:28:19Z
1401407 DigiCert Mis-Issuance: Rekey certificates UNCONFIRMED Jeremy [ca-compliance] 2017-09-21T16:46:37Z
1401486 T-Systems/DFN-PKI cablint findings, follow up to T-Systems Bug 1391074 UNCONFIRMED Lothar Eickholt [ca-compliance] 2017-09-20T22:36:17Z

54 Total; 54 Open (100%); 0 Resolved (0%); 0 Verified (0%);