← Amazon Trust Services cases
Bugzilla #1521623
Technical Compliance
Amazon Trust Services: Failure to comply with RFC 5280
RESOLVED
INVALID
Amazon Trust Services
AI Summary
Amazon Trust Services reported a potential compliance issue with RFC 5280 regarding their certificates. Initial analysis indicated a low risk, as the primary use of the vulnerability was to redirect traffic, which is less of a concern given that the certificates are used solely on AWS resources. After further investigation, Amazon determined that the reported violation did not apply, as they do not perform any unicode encoding, thus concluding that revocation of certificates was unnecessary. The case was ultimately marked as invalid.
Chronology
- Initial report of potential RFC 5280 compliance issue.
- Amazon clarifies that the reported violation does not apply.
- Discussion on the validity of the compliance issue.
- Confirmation that the encoding issue is not applicable.
Participants
Trevoli (Amazon Trust Services)
Wayne Thayer (Fastly)
External References
Similar Local Cases
Amazon Trust Services: Missing CAA Check For Test Website Certificates
Amazon Trust Services: CRL not DER-encoded
Firmaprofesional: Non-BR-Compliant OCSP Responders
startcom: still issuing < 2048 bit certificates
Visa: Non-BR-Compliant OCSP Responders
Consorci AOC: Non-BR-Compliant OCSP Responders
DigiCert: SCEE / Justica: Non-BR-Compliant Certificate Issuance
Apple: CRL issuance frequency deviates from CPS in some cases