← Start Commercial (StartCom) Ltd. cases
Bugzilla #1369342
Certificate Misissuance
StartCom: 'un-revoking' intermediate certificates
RESOLVED
FIXED
Start Commercial (StartCom) Ltd.
AI Summary
StartCom revoked several intermediate certificates but later un-revoked them due to a request from Microsoft, which was contrary to the Baseline Requirements (BRs). The un-revocation was prompted by issues affecting Azure services. StartCom acknowledged that reinstating revoked certificates violates the BRs, yet felt compelled to comply with Microsoft's request as they were the only affected party. The case has been resolved with no further action required from StartCom.
Chronology
- StartCom revoked and then un-revoked several intermediate certificates.
- StartCom explained the un-revocation was due to a request from Microsoft.
- Gerv indicated he was satisfied with the understanding of the situation.
Participants
Gervase Markham [:gerv]
Inigo [StartCom]
Ryan Sleevi
External References
Similar Local Cases
Certinomis: Cross-signing of StartCom intermediate certs, and delay in reporting it in CCADB
StartCom: mis-issuance of certs with unvalidated domain names and bogus field values
SK ID Solutions: ALV failures on intermediate certificates
StartCom's key for bogus www.mozilla.com certificate should be destroyed
DigiCert: Underscores - Intuit
Amazon Trust Services: Misissuance of Subordinate Per CPS
StartCom StartEncrypt vulnerability allowed issuance of fraudulent google.com, dropbox.com, etc certificates
DigiCert / Telecom Italia: Several Problems