← Deutsche Telekom Security GmbH cases
Bugzilla #1651487
Delayed Revocation
Telekom Security: Delayed Revocations of Sub-CA certificates
RESOLVED
FIXED
Deutsche Telekom Security GmbH
AI Summary
Deutsche Telekom Security GmbH faced delays in revoking Sub-CA certificates due to the significant impact on over 230,000 users. The revocation process was complicated by the need to reissue certificates under a new Issuing CA, which was projected to take up to five months. The migration to the new CA was initiated, and updates were provided regularly. All affected certificates were eventually revoked, and key material destruction was completed in the presence of an external auditor.
Chronology
- Initial report of delayed revocation due to user impact.
- Revocation of all EE certificates from 'TeleSec PKS CA 8'.
- Revocation of remaining certificates from four affected CAs.
- Key material destruction for remaining CAs completed.
- Closure of the case anticipated.
Participants
Arnold Essing
jan.voelkel@telekom.de
stefan.kirch@telekom.de
ryan.sleevi@gmail.com
bwilson@mozilla.com
External References
Similar Local Cases
Telekom Security: Revocation delay for TLS certificates with basicConstraints not marked as critical
Chunghwa Telecom: Delayed Revocation with Controversial Extension (2.5.29.9, SubjectDirectoryAttributes)
Entrust: Delayed revocation of EV TLS certificates with missing cPSuri
FIRMAPROFESIONAL: Delayed leaf revocation
NETLOCK: Bug 1891331 replacement - delayed revocation -
Chunghwa Telecom: Delayed Revocation Due to GTLSCA EKU Misissuance
GDCA: Delayed revocation of SSL/TLS certificates with Non-critical Basic Constraints
Camerfirma: Delayed revocations of certificates issued by old CAs with an RSA modulus size of 2047 bits