← SECOM Trust Systems CO., LTD. cases
Bugzilla #1652610
Delayed Revocation
SECOM: Delayed Revocation of CA Certificate with OCSP EKU Issue
RESOLVED
FIXED
SECOM Trust Systems CO., LTD.
AI Summary
This case addresses the delayed revocation of an intermediate CA certificate by SECOM Trust Systems due to an OCSP EKU issue. The revocation process was significantly behind the required timeline, with updates indicating that the revocation of 15% of affected TLS certificates could take up to 7 months, far exceeding the 5-day requirement set by Baseline Requirements. SECOM has communicated their plan to improve the situation, including automation of certificate management, but concerns remain regarding their ability to meet compliance standards in a timely manner.
Chronology
- Bug opened to track incident report related to revocation delays.
- Discussion on the delays and steps being taken to resolve the issue.
- Key destruction for old intermediate CAs completed with auditor witness.
Participants
Ben Wilson
Hisashi Kamo
Ryan Sleevi
External References
Similar Local Cases
SECOM: Delayed Revocation of non-technically constrained FUJIFILM Certificates
Camerfirma: Delayed revocations related to Invalid authorityKeyIdentifier - recurrent incident
Actalis: delayed revocation related to inaccurate value in stateOrProvinceName
Entrust: Late Revocation due to SHA-256 hash algorithm
DigiCert: Delay of revocation for EV audit inconsistency incident
PKIoverheid: Failure to revoke within 7 days: OCSP EKU issue
Telekom Security: Revocation delay for TLS certificates with basicConstraints not marked as critical
eMudhra emSign PKI Services: Delayed Revocation of SSL/TLS Certificates