CA/Incident Dashboard: Difference between revisions
< CA
Jump to navigation
Jump to search
(Moved Closed bugs section to separate wiki page) |
(Bugzilla component changed from CA Certificate Mis-issuance to CA Certificate Compliance) |
||
| Line 7: | Line 7: | ||
<bugzilla> | <bugzilla> | ||
{ | { | ||
"component":"CA Certificate | "component":"CA Certificate Compliance", | ||
"status":["UNCONFIRMED", "NEW", "ASSIGNED", "REOPENED"], | "status":["UNCONFIRMED", "NEW", "ASSIGNED", "REOPENED"], | ||
"whiteboard":"ca-investigation", | "whiteboard":"ca-investigation", | ||
| Line 19: | Line 19: | ||
<bugzilla> | <bugzilla> | ||
{ | { | ||
"component":"CA Certificate | "component":"CA Certificate Compliance", | ||
"status":["UNCONFIRMED", "NEW", "ASSIGNED", "REOPENED"], | "status":["UNCONFIRMED", "NEW", "ASSIGNED", "REOPENED"], | ||
"whiteboard":"ca-incident", | "whiteboard":"ca-incident", | ||
| Line 31: | Line 31: | ||
Anyone may create a CA Compliance bug as follows: | Anyone may create a CA Compliance bug as follows: | ||
* https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificate% | * https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificate%20Compliance | ||
* Whiteboard = [ca-compliance] | * Whiteboard = [ca-compliance] | ||
<bugzilla> | <bugzilla> | ||
{ | { | ||
"component":"CA Certificate | "component":"CA Certificate Compliance", | ||
"status":["UNCONFIRMED", "NEW", "ASSIGNED", "REOPENED"], | "status":["UNCONFIRMED", "NEW", "ASSIGNED", "REOPENED"], | ||
"whiteboard":"compliance", | "whiteboard":"compliance", | ||
Revision as of 21:38, 13 November 2018
Open CA Bugs in Bugzilla
Open Incident Related Bugs
Investigation or Discussion
Concern has been raised about certificates that a CA has issued. Investigation and/or discussion in progress.
No results.
0 Total; 0 Open (0%); 0 Resolved (0%); 0 Verified (0%);
Resulting CA Action Items
The concern about a CA's certificates has been confirmed, and the CA has follow-up action items.
No results.
0 Total; 0 Open (0%); 0 Resolved (0%); 0 Verified (0%);
Open CA Compliance Bugs
A CA compliance bug relates to a concern about a CA's certificates failing to comply with Mozilla's CA Certificate Policy and/or the CA/Browser Forum's Baseline Requirements, and is determined to not be an imminent security concern.
Anyone may create a CA Compliance bug as follows:
- https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificate%20Compliance
- Whiteboard = [ca-compliance]
| ID | Summary | Status | Assigned to | Whiteboard | Last change time |
|---|---|---|---|---|---|
| 1911183 | [meta] Delayed Revocation | ASSIGNED | Ben Wilson | [ca-compliance] [meta] [leaf-revocation-delay] | 2025-06-10T20:05:50Z |
| 1962829 | Microsoft PKI Services: Policy document bug | ASSIGNED | Microsoft PKI Services | [ca-compliance] [policy-failure] | 2026-03-14T04:04:13Z |
| 1965612 | Microsoft PKI Services: Failure to Revoke in 5 Days for 1962829 | ASSIGNED | Microsoft PKI Services | [ca-compliance] [leaf-revocation-delay] | 2026-03-16T21:36:51Z |
| 1983263 | PKIoverheid: TSP KPN Findings in 2025 ETSI Audit - Incident Report #3 – Internal Audit | ASSIGNED | Policy Authority PKIoverheid | [ca-compliance] [audit-finding] | 2026-03-09T14:44:12Z |
| 1983267 | PKIoverheid: TSP KPN Findings in 2025 ETSI Audit - Incident Report #7 – Change Management | ASSIGNED | Policy Authority PKIoverheid | [ca-compliance] [audit-finding] Next update 2026-03-20 | 2026-03-09T14:45:09Z |
| 1985816 | PKIoverheid: TSP Cleverbase Findings in 2025 ETSI Audit - Incident Report #1 – Incorrect issuer CA listed in CPS | ASSIGNED | Policy Authority PKIoverheid | [ca-compliance] [audit-finding] Next update 2026-04-14 | 2026-01-27T15:16:50Z |
| 1986968 | Financijska agencija (Fina): Mis-issued certificates | ASSIGNED | miroslav.perincic | [ca-compliance] [dv-misissuance] | 2026-02-19T16:20:59Z |
| 1990254 | SwissSign: recommendation on risk assessment | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] Next update 2026-04-30 | 2025-10-28T12:50:25Z |
| 1990263 | SwissSign: recommendation on BIA/BCP review | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] Next update 2026-04-30 | 2025-10-28T12:51:27Z |
| 1990266 | SwissSign: recommendation on BIA/BCP test coverage | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] Next update 2026-04-30 | 2025-10-28T12:51:38Z |
| 1990269 | SwissSign: recommendation on document release dual control | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] Next update 2026-04-30 | 2025-10-28T12:51:48Z |
| 1990271 | SwissSign: recommendation on firewall review | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] Next update 2026-04-30 | 2025-10-28T12:51:54Z |
| 1990272 | SwissSign: recommendation on backup testing | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] Next update 2026-04-30 | 2025-10-28T12:52:09Z |
| 1990274 | SwissSign: recommendation on synchronization of staging and production environments | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] Next update 2026-04-30 | 2025-10-28T12:52:18Z |
| 1990275 | SwissSign: recommendation on publication process for CA related data | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] Next update 2026-04-30 | 2025-10-28T12:52:27Z |
| 1990276 | SwissSign: recommendation on evaluation of cloud service providers | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] Next update 2026-04-30 | 2025-10-28T12:52:39Z |
| 1990277 | SwissSign: recommendation on CA-specific risk assessment | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] Next update 2026-04-30 | 2025-10-28T12:52:51Z |
| 1990281 | SwissSign: recommendation on self-assessment tool | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] Next update 2026-04-30 | 2025-10-28T12:53:00Z |
| 1990282 | SwissSign: recommendation on linting software updates | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] Next update 2026-04-30 | 2025-11-03T08:50:16Z |
| 1990284 | SwissSign: recommendation on review of key pair generation implementation | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] Next update 2026-04-30 | 2025-10-28T12:53:56Z |
| 1990285 | SwissSign: recommendation on log review process | ASSIGNED | Sandy Balzer | [ca-compliance] [audit-finding] Next update 2026-04-30 | 2025-10-28T12:54:20Z |
| 1993357 | SHECA: TLS certificate key generation online | ASSIGNED | SHECA | [ca-compliance] [dv-misissuance] [ov-misissuance] | 2026-03-13T14:23:41Z |
| 1994051 | SHECA: Delayed revocation of TLS certificates affected by bug #1993357 | ASSIGNED | SHECA | [ca-compliance] [leaf-revocation-delay] | 2026-03-13T14:23:22Z |
| 1999850 | Microsoft PKI Services: OCSP Non-Compliance | ASSIGNED | Microsoft PKI Services | [ca-compliance] [ocsp-failure] Next update 2026-04-24 | 2026-02-19T17:29:22Z |
| 2004699 | Netlock: CA in AIA in PEM format | ASSIGNED | Roland | [ca-compliance] [policy-failure] | 2026-03-16T20:31:37Z |
| 2005194 | Buypass: Findings in 2025 ETSI Audit - Audit Incident Report #1 - Compliance auditing on support processes | ASSIGNED | Mads Henriksveen | [ca-compliance] [audit-finding] Next update 2026-04-08 | 2026-03-16T14:40:11Z |
| 2005196 | Buypass: Findings in 2025 ETSI Audit - Audit Incident Report #2 - Supply chain policy | ASSIGNED | Mads Henriksveen | [ca-compliance] [audit-finding] Next update 2026-04-08 | 2026-03-16T14:39:39Z |
| 2007070 | SECOM: Non conformant SCT Encoding Due to SCT Modification by Cybertrust Japan (CTJ) | ASSIGNED | SECOM Trust Systems - ONO Fumiaki | [ca-compliance] [ov-misissuance] | 2026-03-16T08:40:23Z |
| 2007105 | Asseco DS / Certum: CRL URLs disclosed in CCADB do not exactly match the CRL URLs in certificates | ASSIGNED | Kateryna Aleksieieva | [ca-compliance] [disclosure-failure] Next update 2026-03-31 | 2026-03-16T13:51:33Z |
| 2007116 | D-Trust: CRL URL Disclosure | ASSIGNED | Ana Laura Martorano | [ca-compliance] [disclosure-failure] | 2026-03-13T12:29:16Z |
| 2007216 | GoDaddy: CRL Disclosure in CCADB Mismatch with Issued Certificates | ASSIGNED | Steven Deitte | [ca-compliance] [disclosure failure] Next update 2026-04-03 | 2026-03-16T15:11:07Z |
| 2007217 | GoDaddy: Partitioned CRL files missing Issuing Distribution Point | ASSIGNED | Steven Deitte | [ca-compliance] [disclosure failure] Next update 2026-03-20 | 2026-03-02T18:50:54Z |
| 2007948 | NETLOCK: Full Incident Report was not published within 14 days of notification | ASSIGNED | Roland | [ca-compliance] [disclosure failure] | 2026-03-16T20:33:01Z |
| 2009149 | D-Trust: Expired certificate provided on the CA TLS test website for demonstration of valid certificates | ASSIGNED | Ana Laura Martorano | [ca-compliance] [policy-failure] | 2026-03-13T12:28:39Z |
| 2009941 | Firmaprofesional: Misissuance of TLS Subordinate CA "AC Firmaprofesional - Secure Web 2024" | ASSIGNED | ext-antoni.camon | [ca-compliance] [ca-misissuance] | 2026-03-13T12:24:31Z |
| 2011238 | Telekom Security / DFN: CRL of “DFN-Verein Certification Authority 2“ contains empty revoked certificate list | ASSIGNED | Stefan Kirch | [close on 2026-03-17] [ca-compliance] [crl-failure] | 2026-03-10T15:18:22Z |
| 2011314 | Netlock: unspecifed revocation code (0) in CRL | ASSIGNED | Roland | [ca-compliance] [crl-failure] | 2026-03-16T20:34:16Z |
| 2011430 | D-Trust: Delayed publication of audit attestation letters in the CCADB | ASSIGNED | Ana Laura Martorano | [ca-compliance] [audit-delay] | 2026-03-06T08:10:02Z |
| 2011713 | TrustAsia: ACME Authorization Reuse Non-Compliance | ASSIGNED | TrustAsia | [close on 2026-03-17] [ca-compliance] [dv-misissuance] | 2026-03-10T14:57:37Z |
| 2011855 | Firmaprofesional: Delayed revocation of TLS certificates affected by bug #2009941 | ASSIGNED | ext-antoni.camon | [ca-compliance] [leaf-revocation-delay] [ca-revocation-delay] | 2026-03-11T16:49:05Z |
| 2011865 | TrustAsia: SSL DV Mis-issuance against CP/CPS (IPAddress) | ASSIGNED | TrustAsia | [close on 2026-03-17] [ca-compliance] [dv-misissuance] | 2026-03-10T14:56:33Z |
| 2012101 | Telia: S/MIME Misissuance - incorrect subject information for Multipurpose sponsor-validated-profile | ASSIGNED | Antti Backman | [ca-compliance] [smime-misissuance] Next update 2026-03-17 | 2026-03-17T05:39:47Z |
| 2012511 | D-Trust: CRL HTTP Media Type | ASSIGNED | Ana Laura Martorano | [ca-compliance] [crl-failure] | 2026-03-13T12:29:39Z |
| 2013395 | NETLOCK: Missing Related Incidents section in the bug report | ASSIGNED | Roland | [ca-compliance] [policy-failure] | 2026-03-12T20:02:39Z |
| 2013400 | NETLOCK: did not file a preliminary incident report or respond to a third-party report within the 72-hour timeframe | ASSIGNED | Roland | [ca-compliance] [policy-failure] | 2026-03-12T20:18:29Z |
| 2013805 | iTrusChina: Finding in Routine WebTrust Audit - Domain validation records without the TLS BR version | ASSIGNED | iTrusChina Co.,Ltd. | [ca-compliance] [audit-finding] | 2026-03-09T09:56:37Z |
| 2014590 | IdenTrust: Unauthorized OCSP responses for cross-signed roots | ASSIGNED | IdenTrust | [ca-compliance] [ocsp-failure] | 2026-03-12T16:55:17Z |
| 2014609 | IdenTrust: Cross-signed root certificate mis-issuance | ASSIGNED | IdenTrust | [ca-compliance] [ca-misissuance] | 2026-02-20T23:22:44Z |
| 2014610 | IdenTrust: Root OCSP Signer certificate mis-issuance | ASSIGNED | IdenTrust | [ca-compliance] [uncategorized] | 2026-02-20T23:06:39Z |
| 2015186 | DigiCert: Subject Serial Numbers for Non-Commercial Entities | ASSIGNED | DigiCert | [close on 2026-03-18] [ca-compliance] [ev-misissuance] | 2026-03-16T13:07:39Z |
| 2015383 | SHECA: CRL of root CA not published within 24 hours | ASSIGNED | SHECA | [ca-compliance] [crl-failure] | 2026-03-17T14:20:21Z |
| 2015562 | Agencia Notarial de Certificacion (ANCERT): Missing Contact Information in CCADB | UNCONFIRMED | [ca-compliance] [disclosure-failure] | 2026-02-10T18:04:14Z | |
| 2015563 | Byte Computer: Missing Contact Information in CCADB | ASSIGNED | Spyros Kollias | [ca-compliance] [disclosure-failure] | 2026-02-10T18:07:31Z |
| 2015564 | Carillon Information Security: Missing Contact Information in CCADB | ASSIGNED | Lyne Brosseau | [ca-compliance] [disclosure-failure] | 2026-03-04T12:40:30Z |
| 2015565 | Certicamara: Missing Contact Information in CCADB | ASSIGNED | Direccion TICS | [ca-compliance] [disclosure-failure] | 2026-02-10T18:08:45Z |
| 2015566 | Echoworx: Missing Contact Information in CCADB | ASSIGNED | Echoworx | [ca-compliance] [disclosure-failure] | 2026-02-10T21:19:01Z |
| 2015567 | Government of Saudi Arabia, NIC (SDAIA): Missing Contact Information in CCADB | ASSIGNED | Ammar | [ca-compliance] [disclosure-failure] | 2026-02-18T09:03:16Z |
| 2015568 | NISZ Nemzeti Infokommunikacios Szolgaltato: Missing Contact Information in CCADB | UNCONFIRMED | [ca-compliance] [disclosure-failure] | 2026-02-10T18:05:35Z | |
| 2015569 | Swiss BIT (FOITT): Missing Contact Information in CCADB | ASSIGNED | Steph | [ca-compliance] [disclosure-failure] | 2026-02-10T18:08:09Z |
| 2016066 | Firmaprofesional: Delayed preliminary response under BR 4.9.5 (Bug #2009941) | ASSIGNED | ext-antoni.camon | [ca-compliance] [policy-failure] | 2026-03-13T12:16:20Z |
| 2016267 | IdenTrust: Gap between audit periods | ASSIGNED | IdenTrust | [ca-compliance] [audit-failure] | 2026-03-13T22:49:16Z |
| 2016475 | Firmaprofesional: Delayed revocation disclosure of TLS Subordinate CA certificate Secure Web 2024 in CCADB | ASSIGNED | ext-antoni.camon | [ca-compliance] [disclosure-failure] | 2026-03-06T14:35:18Z |
| 2016585 | IdenTrust: Test Certificates from cross-signed roots not disclosed in CT Logs | ASSIGNED | IdenTrust | [ca-compliance] [uncategorized] | 2026-02-26T15:30:29Z |
| 2016672 | certSIGN: certificates with delayed SCT signature | ASSIGNED | Gabriel PETCU | [ca-compliance] [ov-misissuance] | 2026-03-09T12:49:18Z |
| 2016722 | PostSignum: Mis-issued certificate | ASSIGNED | CA PostSignum | [close on 2026-03-17] [ca-compliance] [ov-misissuance] | 2026-03-16T17:43:16Z |
| 2017185 | DigiCert: CAA processing during network disruption | ASSIGNED | DigiCert | [ca-compliance] [dv-misissuance] [ov-misissuance] [ev-misissuance] | 2026-03-16T17:54:36Z |
| 2017747 | Google Trust Services: Outdated BR version in some validation records | ASSIGNED | Google Trust Services | [ca-compliance] [policy-failure] Next update 2026-03-31 | 2026-03-04T16:11:59Z |
| 2017840 | SECOM: Repository service disruption affecting subordinate CAs (CTJ) | ASSIGNED | SECOM Trust Systems - ONO Fumiaki | [ca-compliance] [policy-failure] | 2026-03-12T05:31:49Z |
| 2017845 | HARICA: Incorrect nCAId in PSD2 QCStatement for QWACs | ASSIGNED | HARICA | [ca-compliance] Next update 2026-03-27 | 2026-03-05T17:47:13Z |
| 2019995 | Sectigo: Package patching gap within Certificate Systems | ASSIGNED | Martijn Katerbarg | [ca-compliance] [uncategorized] | 2026-03-17T15:38:13Z |
| 2020899 | iTrusChina: Failure to Respond to Feb 2026 Chrome Root Program Survey | ASSIGNED | iTrusChina Co.,Ltd. | [ca-compliance] [disclosure-failure] | 2026-03-16T08:40:27Z |
| 2021175 | Microsoft PKI Services: Failure to update action item status within 3 days | ASSIGNED | Microsoft PKI Services | [ca-compliance] [policy-failure] | 2026-03-05T17:52:26Z |
| 2021239 | PostSignum: Length Subject organizationName | ASSIGNED | CA PostSignum | [ca-compliance] [ov-misissuance] | 2026-03-05T17:53:54Z |
| 2021550 | SECOM: 2025 S/MIME CA Modified Opinion Report of Cybertrust Japan (CTJ) | ASSIGNED | SECOM Trust Systems - ONO Fumiaki | [ca-compliance] [ca-misissuance] [disclosure-failure] [audit-finding] [ca-revocation-delay] | 2026-03-16T11:04:02Z |
| 2021559 | NETLOCK: Unavailability of the document repository | ASSIGNED | Roland | [ca-compliance] [policy-failure] | 2026-03-12T21:02:42Z |
| 2021685 | Asseco DS / Certum: Finding in Routine WebTrust Audit – S/MIME certificates issued with mailbox validation older than 30 days | ASSIGNED | Kateryna Aleksieieva | [ca-compliance] [smime-misissuance] | 2026-03-13T14:38:20Z |
| 2023190 | Asseco DS / Certum: Delayed revocation of S/MIME certificates issued with mailbox validation older than 30 days | ASSIGNED | Kateryna Aleksieieva | [ca-compliance] [leaf-revocation-delay] | 2026-03-13T15:27:47Z |
| 2023458 | D-Trust: TLS Precertificates Exceeding the Maximum Validity Period Allowed by the TLS Baseline Requirements | ASSIGNED | Enrico Entschew | [ca-compliance] [__-misissuance] | 2026-03-17T12:13:02Z |
| 2023563 | SECOM: Incorrect CCADB Non-Audit Document References for FUJIFILM Fnet CA - C | ASSIGNED | SECOM Trust Systems - ONO Fumiaki | [ca-compliance] [disclosure-failure] | 2026-03-16T14:35:17Z |
79 Total; 79 Open (100%); 0 Resolved (0%); 0 Verified (0%);
Closed CA Bugs
Closed CA Compliance Bugs
A historical view of past CA compliance bugs may be found here: