← SECOM Trust Systems CO., LTD. cases
Bugzilla #1705480
Policy Compliance
SECOM: CP/CPS does not clearly specify domain validation methods
RESOLVED
FIXED
SECOM Trust Systems CO., LTD.
AI Summary
The case involves SECOM Trust Systems CO., LTD. failing to clearly specify domain validation methods in their Certificate Policy/Certification Practice Statement (CP/CPS), as required by Mozilla's Root Store Policy. The ambiguity in the documentation raised concerns about compliance with the Baseline Requirements. SECOM acknowledged the issue and committed to revising their CP/CPS to clarify the validation methods used. They have since launched a dedicated team to ensure compliance and improve their processes. The CP was updated on May 31, 2021, to address the identified issues.
Chronology
- Bug reported regarding unclear domain validation methods.
- SECOM updated their CP to clarify domain validation methods.
Participants
Andrew Ayer
Hisashi Kamo
Ryan Sleevi
External References
Similar Local Cases
SECOM: Non-BR-Compliant Certificate Issuance
Amazon Trust Services: Forbidden Domain Validation Method 3.2.2.4.6
SECOM: Failed an annual CPS update of Cybertrust Japan (CTJ)
Amazon Trust Services: CP/CPS does not specify key compromise methods
PKIoverheid: KPN CPS lacks CPR problem reporting instructions
FNMT: CP/CPS lack CAA processing details
GoDaddy: inconsistent disclosure of externally-operated intermediate
Camerfirma: CP/CPS of Intesa Sanpaolo Sub-CA is Non-Compliant