← Google Trust Services LLC cases
Bugzilla #1706976
Policy Compliance
Google Trust Services: Out-of-date CPS disclosure
RESOLVED
INVALID
Google Trust Services LLC
AI Summary
Google Trust Services LLC disclosed an outdated Certificate Practice Statement (CPS) in the CCADB. The CPS listed was version v2.22, dated 2020-08-21, while a newer version v3.0, dated 2021-03-19, was available. This discrepancy violates CCADB Policy Section 5, which mandates timely updates of CPS URLs. GTS acknowledged the issue and is preparing an incident report. The case was ultimately marked as invalid due to an oversight in identifying the root CA involved.
Chronology
- GTS disclosed outdated CPS in CCADB.
- GTS acknowledged the report and an incident report was initiated.
- Discussion on CA's ability to update CPS without intervention.
- Bug marked as invalid due to oversight.
Participants
Andrew Ayer
Andy Warner
Brett Wilson
External References
Similar Local Cases
Google Trust Services: invalid curve-hash combination
Google Trust Services: Incomplete CRL Distribution Point URLs in CCADB for GTS Roots
Amazon Trust Services: CP/CPS does not specify key compromise methods
Google Trust Services: Signing SHA-1 Hash for existing CA certificate with changes in Key Usage
Camerfirma: Incorrect disclosure of Intesa Sanpaolo sub-CA
PKIoverheid: KPN CPS lacks CPR problem reporting instructions
FNMT: CP/CPS lack CAA processing details
GoDaddy: inconsistent disclosure of externally-operated intermediate