← IdenTrust Services, LLC cases
Bugzilla #1671410
Certificate Misissuance
IdenTrust: Inconsistent Disclosure of Externally-Operated Intermediate
RESOLVED
FIXED
IdenTrust Services, LLC
AI Summary
IdenTrust was found to have incorrectly disclosed an intermediate certificate as being operated under its own Certificate Policy/Certificate Practice Statement (CP/CPS), when in fact it was operated by ISRG. This misrepresentation was identified through a community report, leading to a resolution where IdenTrust acknowledged the error and committed to filing an incident report. The incident highlighted the importance of accurate disclosures in the CCADB to maintain transparency and trust within the certificate authority ecosystem.
Chronology
- Issue reported regarding incorrect disclosure of an intermediate certificate.
- IdenTrust acknowledged the error and agreed to correct the CCADB entries.
- IdenTrust confirmed they would submit a formal incident report.
- IdenTrust submitted the incident report detailing the misissuance.
- Bug closed after confirming no further issues.
Participants
Andrew Ayer
IdenTrust
Ben Wilson
Ryan Sleevi
Mathew Hodson
External References
Similar Local Cases
IdenTrust: Validation Source for EV Certificates not Publicly Disclosed
IdenTrust: Issuance of OV SSL Certificate with doc vetting older than 398 days
IdenTrust: Issuance of certificates greater than 398 days
IdenTrust: CT Logging Mistakes
IdenTrust: ICA with invalid CDP
IdenTrust: Approval of TLS certificate renewal without domain validation
IdenTrust: Improper encoding of wildcard certificate
IdenTrust: Invalid special characters in S/MIME Certificates