← Visa cases
Bugzilla #1315016
Certificate Misissuance
SHA-1 issuance by Visa root
RESOLVED
Visa
AI Summary
This case addresses the issuance of SHA-1 certificates by Visa's root certificate authority, which violated Mozilla's Baseline Requirements. The certificates were issued in 2016 and were later replaced with SHA-2 certificates. The delay in revocation raised concerns about compliance with Mozilla's policies. Ultimately, the certificates were confirmed to be revoked after significant communication between Mozilla and Visa.
Chronology
- Initial report of SHA-1 certificate issuance.
- Confirmation that SHA-1 certificates were revoked.
Participants
Gervase Markham
Kathleen Wilson
Marcelo Silva
External References
Similar Local Cases
Certinomis: Cross-signing of StartCom intermediate certs, and delay in reporting it in CCADB
SHA-1 issuance by DocuSign root
SHA-1 issuance by DigiCert roots
Amazon Trust Services: CAA Misissuances
WoSign issued SHA-1 SSL certs and backdated the issuance date on SSL certificates
Let's Encrypt: CAA Misissuances
StartCom StartEncrypt vulnerability allowed issuance of fraudulent google.com, dropbox.com, etc certificates
Let's Encrypt: Attacker-controlled google.tg certificate being used in the wild.