← Google Trust Services LLC cases
Bugzilla #1706967
Certificate Problem Report
Google Trust Services: Forbidden Domain Validation Method 3.2.2.4.10
RESOLVED
FIXED
Google Trust Services LLC
AI Summary
Google Trust Services (GTS) was reported for using a forbidden domain validation method as outlined in their Certificate Policy Statement (CPS). The method in question, which was still referenced in their CPS, was retired under the Baseline Requirements. GTS acknowledged the issue and initiated an incident report, confirming that they had not used the deprecated method since September 2020. They subsequently updated their CPS to reflect the correct validation method and began revocation of affected certificates. The incident involved over a million certificates, and GTS has committed to monitoring and improving their compliance processes.
Chronology
- Mozilla Bug 1706967 is filed.
- GTS CPS is updated to remove the forbidden validation method.
- Re-issuance and revocation of affected certificates begins.
- GTS shares the incident report.
Participants
Andrew Ayer
Andy Warner
Doughornyak
Ryan Sleevi
External References
Similar Local Cases
Google Trust Services: Incorrect revocation data temporarily served for GTS Y3 & Y4
Google Trust Services: OCSP serving issue 2020-04-09
Google Trust Services: Invalid OCSP responses
Google Trust Services: Invalid ASN.1 encoding of singleExtensions in OCSP responses
e-commerce monitoring GmbH: Revoked test website not using revoked certificate
Google Trust Services: invalid CRL reason code
Google Trust Services: Failure to revoke subscriber certificates within BR timeframe
Google Trust Services: CRL handling of expired certificates not fully compliant with RFC 5280 Section 3.3