← Government of The Netherlands, PKIoverheid (Logius) cases
Bugzilla #1596923
Policy Compliance
PKIoverheid: KPN CPS lacks CPR problem reporting instructions
RESOLVED
FIXED
Government of The Netherlands, PKIoverheid (Logius)
AI Summary
The case addresses a compliance issue with KPN's Certificate Policy Statement (CPS), specifically the absence of problem reporting instructions in section 1.5.2, as required by the Baseline Requirements (BR). KPN acknowledged the oversight and committed to amend the CPS to include this information in a future update. The issue stemmed from a misinterpretation of the BRs during the review process, which was compounded by human error. KPN has since implemented a dual control process to prevent similar issues in the future, and the CPS has been updated accordingly.
Chronology
- Initial report filed regarding missing problem reporting instructions.
- KPN acknowledges the issue and commits to amend the CPS.
- KPN outlines measures to prevent future compliance issues.
- Updated CPS version is released, correcting the issue.
Participants
Andrew Ayer
Jorik van 't Hof
Ryan Sleevi
Wayne Thayer
External References
Similar Local Cases
PKIoverheid: No BR Audit for Intermediate CAs technically capable of issuing TLS certs
PKIoverheid: Missing Intermediate CA from audit statement
FNMT: CP/CPS lack CAA processing details
PKIoverheid: Compliance issues CIBG TLS certificates
PKIoverheid: KPN CPS Lists Forbidden Domain Validation Method 3.2.2.4.6
PKIoverheid / QuoVadis: CPS inconsistencies
KIR S.A.: CP/CPS contains noncompliant DV method, does not specify CAA domains
SECOM: CP/CPS does not clearly specify domain validation methods