← Buypass cases
Bugzilla #1839305
Certificate Problem Report
Buypass: Domain validation method using externally operated DNS tools
RESOLVED
FIXED
Buypass
AI Summary
Buypass reported an incident involving the use of externally operated DNS tools for domain validation, which is not compliant with the Baseline Requirements as it constitutes the use of a Delegated Third Party (DTP). The issue was identified on June 16, 2023, and Buypass promptly ceased using these tools, revoking six affected certificates. They are now transitioning to an internal DNS resolver to ensure compliance. A revised resolution plan has been requested to detail the actions taken and their statuses, with a commitment to improve internal processes and automation to prevent future occurrences.
Chronology
- Buypass became aware of the problem and stopped using externally operated DNS tools.
- The last affected certificate was revoked.
- Buypass acknowledged the use of an external DNS resolver as a DTP and stopped issuing certificates using it.
- A new bug was registered with a new incident report.
Participants
Mads Henriksveen
cclements@google.com
amir@aaomidi.com
daknob@daknob.net
bwilson@mozilla.com
External References
Similar Local Cases
Buypass: Using an external DNS Resolver for DNS lookups
Buypass: Domain validation method using not allowed domain contact
Buypass: Insufficient Serial Number Entropy
Buypass: Illegal Business Category in a PSD2 QWAC
Buypass: PSD2 QWAC with RSA modulus not divisible by 8
Buypass: Intermediate certificates not listed in audit reports
Buypass: Missing NCA identifier in cabfOrganizationIdentifier in PSD2 QWACs
Buypass: Failure to revoke PSD2 QWACs within mandated 5 days