https://bugzilla.mozilla.org/show_bug.cgi?id=1888714
Entrust issued 1,963 EV TLS certificates September 11-22, 2023, without including an EV TLS CP OID. Root Causes were the misinterpretation of the EV Guidelines and the TLS BRs and a failure to recognize the overriding requirements of the EV Guidelines. (A misinterpretation of standards led to non-compliant certificates, and linting failed to detect the issue.) As remediation, since April 11, 2024, Entrust has used pkilint as a post-issuance linter to detect similar issues. (Mis-issued certificates are a subset of the certificates disclosed and being revoked under bug #1883843. Status of revocation is listed in bug #1886532.)
Issues: Misinterpretation of Requirements; Policy/Procedure Failure; Certificate Mis-issuance”
Mike
--
You received this message because you are subscribed to the Google Groups "dev-secur...@mozilla.org" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dev-security-po...@mozilla.org.
To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CADQzZqsbubH8_7-NNxC7E7FbV%2BCqBPF%3DaYR2GseNCjy1mqEXHA%40mail.gmail.com.