← Krajowa Izba Rozliczeniowa S.A. (KIR) cases
Bugzilla #1525082
Policy Compliance
Ernst & Young Poland: KIR OCSP "unknown" status for revoked certificate
RESOLVED
INVALID
Krajowa Izba Rozliczeniowa S.A. (KIR)
AI Summary
The case involves Krajowa Izba Rozliczeniowa S.A. (KIR) and their handling of OCSP responses for revoked certificates. KIR's auditor, T-Systems, recommended maintaining an 'unknown' status for OCSP responses until certificates are delivered to customers, which raised compliance concerns with WebTrust standards. The discussion highlighted the distinction between qualified and non-qualified certificates, with the latter now aligned with WebTrust. Ultimately, the bug was resolved as invalid due to the clarification that qualified certificates are out of scope for Mozilla's root store policy.
Chronology
- Initial report of OCSP status issue
- Clarification provided regarding auditor recommendations
- Bug closed as invalid
Participants
Wayne Thayer
Ben Wilson
Piotr Grabowski
Ryan Sleevi
External References
Similar Local Cases
KIR S.A.: CP/CPS contains noncompliant DV method, does not specify CAA domains
KIR: Intermediate CA - SZAFIR Trusted CA4 - Certificate Policies extension - non-compliance
NetLock: Issuance of intermediates after 2019-01-01 that do not comply with Mozilla Policy
Camerfirma: Failure to abide by Section 8 of Mozilla Policy: Unauthorized, improperly disclosed Subordinate CA
SwissSign: BRs require full annual audits
Google Trust Services: invalid curve-hash combination
NetLock: Replacement of enduser certificates after the EVGL 1.7.4 self-audit
TWCA: Policy OID not set to indicate the assurance level to the issued certs