← AC Camerfirma, S.A. cases
Bugzilla #1688215
Policy Compliance
Camerfirma: CP/CPS of Intesa Sanpaolo Sub-CA is Non-Compliant
RESOLVED
FIXED
AC Camerfirma, S.A.
AI Summary
The CP/CPS documents for the Intesa Sanpaolo Sub-CA were found to be non-compliant with Mozilla's policies, specifically lacking clarity on domain validation and CAA requirements. The issue was reported by Andrew Ayer on January 22, 2021, prompting Camerfirma to initiate a review and update of their CPS. The new version was published by February 5, 2021, addressing the identified deficiencies. This incident highlights ongoing concerns regarding Camerfirma's oversight of its sub-CAs and their compliance practices.
Chronology
- Bug reported by Andrew Ayer regarding non-compliance of CP/CPS.
- Camerfirma began the process of updating the CPS.
- New version of the CPS published.
Participants
Andrew Ayer
Ana Lopes
Ryan Sleevi
Ben Wilson
Eusebio Herrera
External References
Similar Local Cases
Camerfirma: Incorrect disclosure of Intesa Sanpaolo sub-CA
Camerfirma: No disclosure of verification sources
Camerfirma: Failure to abide by Section 8 of Mozilla Policy: Unauthorized, improperly disclosed Subordinate CA
Camerfirma: SMIME Improvement Plan
Camerfirma: Govern d'Andorra audits
Camerfirma: Outdated audit statements for intermediate certs
KIR S.A.: CP/CPS contains noncompliant DV method, does not specify CAA domains
Amazon Trust Services: CP/CPS does not specify key compromise methods