← Sectigo cases
Bugzilla #1545208
Policy Compliance
Sectigo: Missing Changelog in CPS
RESOLVED
FIXED
Sectigo
AI Summary
Sectigo faced an issue regarding the absence of a changelog in their Certificate Practice Statement (CPS), which is a requirement under Mozilla's Root Store Policy. The problem was identified on April 17, 2019, leading to a series of internal discussions and actions. Sectigo acknowledged the oversight and subsequently published updated versions of their CPS that included the required changelog. The compliance review confirmed that their practices are now in line with Mozilla's policies, and the necessary updates were made to their documentation.
Chronology
- Bug created regarding missing changelog
- Internal discussions led to realization of missed requirement
- CPS v5.1.2 published with updated changelog
- Compliance review completed
- CPS revision went live
Participants
Wayne Thayer
Robin Alden
Ryan Sleevi
External References
Similar Local Cases
Sectigo: Failure to revoke certificate with previously-compromised key within 24 hours
FNMT: CP/CPS lack CAA processing details
PKIoverheid: KPN CPS lacks CPR problem reporting instructions
SwissSign: BRs require full annual audits
DigiCert: Inconsistent EV audits
GoDaddy: Non-BR-Compliant Certificate Issuance
Google Trust Services: invalid curve-hash combination
NetLock: Issuance of intermediates after 2019-01-01 that do not comply with Mozilla Policy