← Krajowa Izba Rozliczeniowa S.A. (KIR) cases
Bugzilla #1705904
Policy Compliance
KIR S.A.: CP/CPS contains noncompliant DV method, does not specify CAA domains
RESOLVED
FIXED
Krajowa Izba Rozliczeniowa S.A. (KIR)
AI Summary
Krajowa Izba Rozliczeniowa S.A. (KIR) was found to have a Certification Practice Statement (CPS) that did not specify the recognized Certificate Authority Authorization (CAA) domains, violating Baseline Requirements. The issue was reported by a third party, leading to a review and acknowledgment of the oversight. KIR has committed to updating their CPS to include the necessary specifications and has implemented additional checks to prevent future occurrences. The case is now resolved with the CPS update published.
Chronology
- KIR was assigned to the bug and investigation began.
- Updated CPS published with new section addressing CAA records.
Participants
Andrew Ayer
Piotr Grabowski
Michel Le Bihan
Ryan Sleevi
Elżbieta Włodarczyk
Paul Leo Steinberg
Ben Wilson
External References
Similar Local Cases
Ernst & Young Poland: KIR OCSP "unknown" status for revoked certificate
Camerfirma: CP/CPS of Intesa Sanpaolo Sub-CA is Non-Compliant
Amazon Trust Services: CP/CPS does not specify key compromise methods
FNMT: CP/CPS lack CAA processing details
Amazon Trust Services: Forbidden Domain Validation Method 3.2.2.4.6
PKIoverheid: KPN CPS lacks CPR problem reporting instructions
KIR: Intermediate CA - SZAFIR Trusted CA4 - Certificate Policies extension - non-compliance
Microsoft PKI Services: Policy Documentation, Failure to update Subscriber Certificate Max Validity Period