← Telia Company cases
Bugzilla #1612332
Certificate Misissuance
Telia: Ambiguity on KeyUsage with ECC public key
RESOLVED
FIXED
Telia Company
AI Summary
Telia Company addressed an issue regarding ECDSA certificates that had improper Key Usage values, specifically 'key encipherment' and 'data encryption'. The problem was first reported on January 28, 2020, when Telia was alerted to five potentially incorrect certificates. Following an investigation, Telia confirmed that two of these certificates were still active and initiated a revocation process. All problematic certificates were ultimately revoked by February 5, 2020. The root cause was identified as a limitation in their scanning tool, zlint, which did not log this specific Key Usage combination as a problem. Telia has since improved their scanning processes to prevent future occurrences.
Chronology
- Telia received a report about five certificates with improper Key Usage values.
- Telia investigated the issue and confirmed the error was previously fixed in 2018.
- Telia's own scanner identified three additional problematic certificates.
- All problematic certificates were revoked.
Participants
pekka.lahtiharju@teliasonera.com
ryan.sleevi@gmail.com
wthayer@fastly.com
External References
Similar Local Cases
Telia: Misissued certificate - Invalid wildcard format
Telia: invalid IP value in SAN DNS field
Telia: Misissued certificate - Invalid OU value "-"
Telia: Misissued certificate - FQDN without domain part (e_dnsname_not_valid_tld)
Telia: misissued certificate - FQDN value incorrectly in SAN rfc822 field
Telia: Misissued certificate - wrong OrganizationName value "Hair 8 Brains"
GlobalSign: 4 Misissued certificates with invalid CN
Telia: Non-BR-Compliant OCSP Responder