← Government of The Netherlands, PKIoverheid (Logius) cases
Bugzilla #1610507
Certificate Problem Report
PKIoverheid: TSP CPS lacks problem reporting instructions
RESOLVED
DUPLICATE
Government of The Netherlands, PKIoverheid (Logius)
AI Summary
The PKIoverheid CA was notified of an issue regarding the lack of problem reporting instructions in their Certificate Policy Statement (CPS). This was identified through a Bugzilla report, which pointed out that section 1.5.2 was missing. The CA took steps to address the issue, including communication with KPN, the TSP responsible for the CPS. Updates were made to the CPS, but a mistake was noted in the correction. The CA has implemented measures to prevent similar issues in the future, including a dual control process during review.
Chronology
- Logius notified of CPS issue via Bugzilla
- Logius requested KPN to investigate the missing section
- KPN published an update to the CPS
- Wayne Thayer noted a mistake in the CPS correction
- KPN published a corrected CPS
Participants
Jorik van 't Hof
Ryan Sleevi
External References
Similar Local Cases
PKIoverheid: CIBG insufficient serial number entropy
PKIoverheid: Incorrect OCSP Delegated Responder Certificate
PKIoverheid: KPN Insufficient Serial Number Entropy
Staat der Nederlandend / PKIoverheid: Non-BR-Compliant OCSP Responders
PKIoverheid: TSP Cleverbase Findings in 2025 ETSI Audit - Incident Report #1 – Incorrect issuer CA listed in CPS
PKIoverheid: TSP KPN Findings in 2025 ETSI Audit - Incident Report #9 – Lifecycle Management
PKIoverheid: (KPN) Incorrect Subject OrganizationName
DigiCert: JOI Issue