← Amazon Trust Services cases
Bugzilla #1713976
Policy Compliance
Amazon Trust Services: CP/CPS does not specify key compromise methods
RESOLVED
FIXED
Amazon Trust Services
AI Summary
Amazon Trust Services was found to have a compliance issue regarding their Certificate Policy (CP) and Certificate Practice Statement (CPS), specifically that they did not specify methods for demonstrating private key compromise as required by Mozilla's Root Store Policy. The issue was acknowledged by Amazon, and they committed to updating their documents by July 30, 2021. Following the updates, it was noted that while some changes were made, further clarification was needed to fully meet compliance expectations. Ultimately, Amazon updated their CPS to include clearer instructions for reporting key compromise by August 20, 2021.
Chronology
- Initial bug reported regarding CP/CPS compliance.
- Amazon Trust Services committed to updating CP/CPS.
- Amazon updated CPS to include preferred information for key compromise reporting.
Participants
Andrew Ayer
Trevoli (Amazon Trust Services)
Ben Wilson
Ryan Sleevi
External References
Similar Local Cases
Amazon Trust Services: Forbidden Domain Validation Method 3.2.2.4.6
Camerfirma: CP/CPS of Intesa Sanpaolo Sub-CA is Non-Compliant
KIR S.A.: CP/CPS contains noncompliant DV method, does not specify CAA domains
FNMT: CP/CPS lack CAA processing details
Amazon Trust Services - BR Self Assessment and CP/CPS Updates
SECOM: CP/CPS does not clearly specify domain validation methods
PKIoverheid: KPN CPS lacks CPR problem reporting instructions
GoDaddy: inconsistent disclosure of externally-operated intermediate