← IdenTrust Services, LLC cases
Bugzilla #1850807
Policy Compliance
IdenTrust: basicConstraints not flagged "Critical" Per Certification Practices Statement
RESOLVED
FIXED
IdenTrust Services, LLC
AI Summary
IdenTrust Services, LLC identified a compliance issue where 1187 EV TLS certificates had the 'basicConstraints' extension present but not marked as critical, violating their TrustID Certification Practices Statement (CPS). The issue was discovered during a routine review on August 28, 2023, and corrective actions were implemented by August 29, 2023, including updating the certificate profile to prevent further misissuance. Affected customers were notified, and a full incident report was promised by September 15, 2023. The case has since been resolved with no outstanding remediation items.
Chronology
- Compliance issue discovered during routine review.
- Certificate profile updated to prevent further misissuance.
- Full incident report promised to be disclosed.
- Bug confirmed for closure.
Participants
roots@identrust.com
bwilson@mozilla.com
External References
Similar Local Cases
Microsoft PKI Services: Failure to modify policy documents within 365 days
IdenTrust: Full Incident Report for Bug 2014609 was not published within 14 days of discovering the issue
IdenTrust: Failure to disclose Unconstrained intermediate Within 7 Days
IdenTrust: Full Incident Report for bug 2016585 was not published within 14 days of discovering the issue
IdenTrust: Full Incident Report for bug 2014610 was not published within 14 days of discovering the issue
Microsoft PKI Services: Firewall log data retention
Firmaprofesional: 2020 Audit Report Finding 1 out of 4
iTrusChina: lacking 2018 KGC and GAP period audit report