Confirmed users
569
edits
CA/e-commerce-monitoring Issues: Difference between revisions
Jump to navigation
Jump to search
m
→Certificate issued with two pre-certificates: Added links
m (→SCT in precertificate: Added text) |
m (→Certificate issued with two pre-certificates: Added links) |
||
| Line 12: | Line 12: | ||
https://bugzilla.mozilla.org/show_bug.cgi?id=1830536 | https://bugzilla.mozilla.org/show_bug.cgi?id=1830536 | ||
Related to Bug # 1815534, it was also discovered that in an attempt to obtain a sufficient number of SCTs, ECM’s CT component submitted two pre-certificates for a single final certificate (all with the same serial number). These two incidents exposed a lack of internal verification processes and automated checks for changes to CT log servers. ECM noted that "certificate transparency has brought a new dimension as described in the present report – the fact that also an assumed-to-exist-certificate is in scope by virtue of Mozilla Root Store Policy 5.4. This had not been properly taken into account in our interpretation and measures, respectively." https://bugzilla.mozilla.org/show_bug.cgi?id=1830536#c1 | Related to [https://bugzilla.mozilla.org/show_bug.cgi?id=1815534 Bug #1815534], it was also discovered that in an attempt to obtain a sufficient number of SCTs, ECM’s CT component submitted two pre-certificates for a single final certificate (all with the same serial number). These two incidents exposed a lack of internal verification processes and automated checks for changes to CT log servers. ECM noted that "certificate transparency has brought a new dimension as described in the present report – the fact that also an assumed-to-exist-certificate is in scope by virtue of Mozilla Root Store Policy 5.4. This had not been properly taken into account in our interpretation and measures, respectively." [https://bugzilla.mozilla.org/show_bug.cgi?id=1830536#c1 Comment #1] | ||
'''Issues:''' Certificate Misissuance; Incident Reporting | '''Issues:''' Certificate Misissuance; Incident Reporting | ||