← DarkMatter LLC cases
Bugzilla #1590171
Certificate Problem Report
QuoVadis: failure to reply to CPR in a timely manner
RESOLVED
FIXED
DarkMatter LLC
AI Summary
This case involves QuoVadis's failure to respond to a Certificate Problem Report (CPR) in a timely manner, as required by the Baseline Requirements. The report, submitted by a relying party, highlighted potential misissuance of EV certificates categorized incorrectly as 'Non-Commercial Entity.' Despite the initial report being sent on October 20, 2019, QuoVadis did not respond within the stipulated 24-hour timeframe. The issue was compounded by internal email system transitions that led to communication failures. QuoVadis has since acknowledged the oversight and has taken steps to improve their incident response processes.
Chronology
- CPR submitted by Cynthia Revström to QuoVadis.
- Bugzilla case created due to lack of response.
- QuoVadis acknowledged the failure and began investigating the issue.
- QuoVadis confirmed revocation of misissued certificates.
Participants
Cynthia Revström
Stephen Davidson
Ryan Sleevi
Jeremy Rowley
External References
Similar Local Cases
QuoVadis: EV serialNumber with "none"
QuoVadis: Failure to revoke certificates with compromised private keys
QuoVadis: use of Organisationidentifier field in EV (Pre CABF Ballot SC17)
QuoVadis: Issuance of intermediates after 2019-01-01 that do not comply with Mozilla Policy or the BRs
QuoVadis: Incorrect EV jurisdiction of incorporation information
QuoVadis: Failure to provide a preliminary report within 24 hours.
QuoVadis: Incorrect OCSP Delegated Responder Certificate
QuoVadis: Failure to provide a preliminary report within 24 hours