CA/Incident Dashboard

From MozillaWiki
< CA(Redirected from CA/ca-bugs)
Jump to: navigation, search

Open CA Bugs in Bugzilla

Open CA Compliance Bugs

A CA compliance bug relates to a concern about a CA's certificates failing to comply with Mozilla's CA Certificate Policy and/or the CA/Browser Forum's Baseline Requirements, and is determined to not be an imminent security concern. A CA's response to CA compliance bug includes providing an Incident Report in the bug.

Anyone may create a CA Compliance bug as follows:

Full Query
ID Summary Status Assigned to Whiteboard Last change time
1463975 GRCA: Misissued certificates: Invalid commonName, commonName not in SAN ASSIGNED National Development Council [ca-compliance] 2020-01-22T23:54:10Z
1496616 Consorci AOC: Qualified audit statements ASSIGNED Francesc Ferrer [ca-compliance] 2020-01-22T20:46:43Z
1502957 Camerfirma: MULTICERT Misissuance and missing audits ASSIGNED Juan Angel Martin [ca-compliance] 2020-01-22T23:20:59Z
1523221 GRCA: Misissued certificates - invalid CN, bad validity period, missing extensions ASSIGNED National Development Council [ca-compliance] 2020-01-23T00:03:30Z
1524733 CFCA: invalid dnsNames ASSIGNED Jonathan Sun [ca-compliance] - Next Update - 05-February 2020 2020-01-23T16:58:56Z
1532113 CFCA: O > 64 characters ASSIGNED Oliver Bi [ca-compliance] - Next Update - 05-Febrruary 2020 2020-01-23T17:48:25Z
1532436 Chunghwa Telecom: Test certificate with unregistered domain name ASSIGNED Li-Chun CHEN [ca-compliance] - 19-February 2020 2020-01-23T17:36:14Z
1532559 CFCA: Wrong SerialNumber encoding ASSIGNED Jonathan Sun [ca-compliance] - Next Update - 05 February 2020 2020-01-23T16:57:13Z
1550645 Digicert: CAA Checking Issue ASSIGNED Brenda Bernal [ca-compliance] 2019-11-12T00:39:46Z
1551362 Sectigo: "Some-State" in stateOrProvinceName ASSIGNED Robin Alden [ca-compliance] 2020-01-24T18:19:24Z
1551372 Telia: "Some-State" in stateOrProvinceName ASSIGNED pekka.lahtiharju [ca-compliance] 2020-01-24T16:34:03Z
1558552 SwissSign: CP/CPS certificate profile issue ASSIGNED Mike Guenther [ca-compliance] 2020-01-24T22:22:24Z
1559765 Izenpe: Multiple invalid EV certificates issued ASSIGNED Oscar Garcia [ca-compliance] - Next Update - 01-January 2020 2019-12-03T04:49:22Z
1563573 DigiCert: Failure to disclose Unconstrained Intermediate within 7 Days ASSIGNED Brenda Bernal [ca-compliance] 2020-01-28T01:25:17Z
1563579 Sectigo: Failure to provide timely incident reports ASSIGNED Robin Alden [ca-compliance] 2020-01-22T20:02:51Z
1565270 Telia: Qualified BR Audit Statement ASSIGNED pekka.lahtiharju [ca-compliance] 2020-01-23T17:31:29Z
1573937 DigiCert/Verizon: Qualified 2019 Audit Statements ASSIGNED Brenda Bernal [ca-compliance] - Next Update - 30-January 2020 2020-01-15T15:27:59Z
1575022 Sectigo: EV SSL Certificates with incorrect subject details. ASSIGNED Robin Alden [ca-compliance] 2020-01-22T17:44:29Z
1575880 GlobalSign: SSL Certificates with US country code and invalid State/Prov ASSIGNED douglas.beattie [ca-compliance] 2020-01-22T20:07:29Z
1576013 DigiCert: JOI Issue ASSIGNED Jeremy Rowley [ca-compliance] 2020-01-15T13:47:29Z
1578505 LuxTrust: Outdated audit statement for intermediate cert NEW Yves Nullens [ca-compliance] - Overdue Audit for intermediate cert 2020-01-21T20:51:07Z
1581597 QuoVadis: Unconstrained CAs missing audits ASSIGNED Stephen Davidson [ca-compliance] 2019-12-31T05:02:38Z
1586125 PKIoverheid: No BR Audit for subCAs technically capable of issuing TLS certs REOPENED Jorik van 't Hof [ca-compliance] - Next Update - 21-March-2020 2020-01-21T08:11:19Z
1586795 NetLock: Issuance of intermediates after 2019-01-01 that do not comply with Mozilla Policy ASSIGNED Varga Viktor [ca-compliance] 2019-11-11T12:57:54Z
1588001 Apple OCSP responders return responses with incorrect issuer ASSIGNED certification_authority [ca-compliance] - Next Update - 31-March 2020 2020-01-11T01:28:21Z
1588213 IdenTrust: Missing Thumbprints In Some Annual Audit Reports ASSIGNED roots [ca-compliance] 2019-11-23T00:20:10Z
1589047 QuoVadis: Incorrect EV jurisdiction of incorporation information REOPENED Stephen Davidson [ca-compliance] - Next Update - 31-January 2020 2020-01-23T16:56:06Z
1590810 Sectigo: EV SSL Certificates with incorrect businessCategory ASSIGNED Robin Alden [ca-compliance] - 10-February 2020 2020-01-24T19:03:49Z
1593776 Sectigo: invalid subject:organizationalUnitName on DV certificates ASSIGNED Robin Alden [ca-compliance] 2020-01-22T20:05:43Z
1595113 Buypass: Intermediate certificates not listed in audit reports ASSIGNED Mads Henriksveen [ca-compliance] 2019-11-12T16:31:56Z
1597947 Sectigo: CCADB failed ALV - Network Solutions Certificate Authority ASSIGNED Robin Alden [ca-compliance] 2019-12-02T14:48:51Z
1597948 Sectigo: CCADB failed ALV - D-TRUST CA 2-1 2015 ASSIGNED Robin Alden [ca-compliance] 2019-12-02T14:48:50Z
1597950 Sectigo: CCADB failed ALV - Ensured Root CA ASSIGNED Robin Alden [ca-compliance] 2019-12-02T14:48:54Z
1598319 Buypass: intermediate certificates not revoked within BR time period ASSIGNED Mads Henriksveen [ca-compliance] 2019-11-21T19:44:49Z
1598390 Microsoft: Null Character Bug and Microsoft Root CAs ASSIGNED Jason Cooper [ca-compliance] 2020-01-22T21:42:38Z
1598829 Apple: Patch Management ASSIGNED certification_authority [ca-compliance] 2019-11-26T01:08:20Z
1599484 Entrust: EV Certificates Issued with Business Category "Non-Commercial" when it should have been set to "Private Organization" ASSIGNED Dathan Demone [ca-compliance] - Next Update - 31-January 2020 2020-01-21T20:33:02Z
1599503 TrustCor: Non-mention of Email CAs in WTBR audit reports ASSIGNED Neil Dunbar [ca-compliance] 2019-11-26T21:10:05Z
1604124 Microsoft: problem reporting e-mail in CPS does not work ASSIGNED Jason Cooper [ca-compliance] 2020-01-22T21:44:30Z
1605126 PKIoverheid: Missing WTBR audit statements Staat der Nederlanden 2017/2018 ASSIGNED Jorik van 't Hof [ca-compliance] 2020-01-21T23:34:06Z
1605804 GoDaddy: Domain Validation Reuse Issue ASSIGNED Joanna [ca-compliance] 2020-01-07T22:45:44Z
1606031 SecureTrust: BR Audit 2019 - matters to be resolved ASSIGNED Corey Bonnell [ca-compliance] 2020-01-22T21:25:59Z
1606380 Firmaprofesional: 2019 Audit Report Findings ASSIGNED chemalogo [ca-compliance] 2020-01-21T09:50:34Z
1609706 PKIoverheid: Missing audit statement "UZI-register Medewerker Niet op Naam CA G21" ASSIGNED Jorik van 't Hof [ca-compliance] 2020-01-17T18:15:04Z
1610000 SSL.com: Intermediate certificate not listed in audit reports ASSIGNED Chris Kemmerer [ca-compliance] 2020-01-17T19:21:23Z
1610303 D-TRUST: Issuance of non-conformant SSL certificate ASSIGNED Enrico Entschew [ca-compliance] 2020-01-23T17:29:44Z
1610448 Firmaprofesional: 2019 audit Finding #1 - 6.2 Identification and Authorization ASSIGNED chemalogo [ca-compliance] 2020-01-21T20:55:44Z
1611458 Asseco DS / Certum: Invalid value in SAN dNSName ASSIGNED Wojciech Trapczyński [ca-compliance] - Next Update - 31-January 2020 2020-01-27T07:05:27Z

48 Total; 48 Open (100%); 0 Resolved (0%); 0 Verified (0%);


Revocation Delays

The compliance bug's whiteboard field is tagged with [delayed-revocation-ca] or [delayed-revocation-leaf] whenever a CA fails to abide by Mozilla's requirement to revoke certificates in a timely fashion. As discussed in CA/Responding_To_An_Incident#Revocation, Mozilla recognizes that there may be *exceptional* situations that cause a CA to not abide by the Baseline Requirements, which should be accompanied by an Incident Report.

Such bugs should be reported as CA compliance issues, and will be categorized appropriately during triage.

Full Query
ID Summary Status Assigned to Whiteboard Last change time
1575530 Camerfirma: Govern d'Andorra audits ASSIGNED Juan Angel Martin [ca-compliance] [delayed-revocation-ca] 2020-01-03T13:21:47Z
1580525 D-TRUST: Delayed revocation of EV certificates ASSIGNED Enrico Entschew [ca-compliance] [delayed-revocation-leaf] 2019-12-27T19:30:35Z
1586860 Camerfirma: Invalid authorityKeyIdentifier, violating Mozilla Policy and RFC 5280 ASSIGNED Juan Angel Martin [ca-compliance] [delayed-revocation-ca] 2020-01-20T16:46:22Z
1591005 GlobalSign: ICAs in CCADB, without EKU extension are listed in WTCA report but not in WTBR report ASSIGNED Arvid Vermote [ca-compliance] [delayed-revocation-ca] 2020-01-06T16:43:43Z
1598608 Izenpe: intermediate certificates not revoked within BR time period ASSIGNED Oscar Garcia [ca-compliance] [delayed-revocation-ca] 2020-01-24T13:54:23Z
1598807 IdenTrust: Undisclosed Unrevoked ICA’s ASSIGNED roots [ca-compliance] [delayed-revocation-ca] Next Update - 31-Jan 2020 2019-12-30T22:24:32Z
1599571 TrustCor: Non-revocation of CA certificates within 7 days ASSIGNED Neil Dunbar [ca-compliance] [delayed-revocation-ca] Next Update - 1-Apr 2020 2019-12-14T00:06:59Z
1599788 GlobalSign: Failure to revoke noncompliant ICA not revoked within 7 days ASSIGNED Arvid Vermote [ca-compliance] [delayed-revocation-ca] Next Update - 4-Dec 2019 2019-12-03T00:04:22Z
1599916 QuoVadis: Unconstrained CAs revocation ASSIGNED Stephen Davidson [ca-compliance] [delayed-revocation-ca] Next Update - 31-Dec 2019 2019-12-02T23:59:20Z
1609828 Camerfirma: Decision not to revoke certificates with authorityKeyIdentifier that violates Mozilla Policy ASSIGNED Juan Angel Martin [ca-compliance] [delayed-revocation-leaf] 2020-01-24T12:33:35Z
1610767 WISeKey: Failure to meet revocation deadline ASSIGNED Pedro Fuentes [ca-compliance] [delayed-revocation-leaf] Next Update - 23-January 2020 2020-01-23T22:04:52Z
1611241 Entrust: Compromised Private Key was not Revoked in Less than 24 Hours ASSIGNED Dathan Demone [ca-compliance] [delayed-revocation-leaf] 2020-01-27T15:18:58Z

12 Total; 12 Open (100%); 0 Resolved (0%); 0 Verified (0%);


Closed CA Bugs

Closed CA Compliance Bugs

A historical view of past CA compliance bugs may be found here: