← Deutsche Telekom Security GmbH cases
Bugzilla #1877388
Delayed Revocation
Telekom Security: Revocation delay for TLS certificates with basicConstraints not marked as critical
RESOLVED
FIXED
Deutsche Telekom Security GmbH
AI Summary
Telekom Security faced a significant incident involving the delayed revocation of 336 TLS certificates that were issued without marking the basicConstraints as critical. The delay was attributed to the critical nature of the infrastructures relying on these certificates, which led to a decision not to enforce revocation within the required timeframe. The CA has since taken steps to sensitize customers about the importance of timely certificate replacement and has implemented self-assessments and audits to ensure compliance with revocation deadlines in the future. Despite these measures, concerns remain regarding the CA's commitment to adhering strictly to the Baseline Requirements in future incidents.
Chronology
- Affected customers were informed about the need to revoke certificates.
- End of the 5-day period for revocation; 336 certificates were not revoked.
- Incident report opened.
- All affected certificates were replaced and revoked.
- Closure summary provided for the incident.
Participants
Arnold Essing
Tim Callan
Mike Shaver
Ben Wilson
External References
Similar Local Cases
Microsec: Delayed revocation of the misissued certificates
Buypass: Delayed revocation of TLS certificates
Hongkong Post: Delayed revocation of TLS certificates with Certificate Policies extension problem
Hongkong Post: Delayed revocation of TLS certificates with basicConstraints not marked as critical
Telekom Security: Delayed Revocations of Sub-CA certificates
Entrust: Delayed revocation of clientAuth TLS Certificates without serverAuth EKU
Digicert: Delayed Revocation for bug 1894560
SECOM: Delayed Revocation of non-technically constrained FUJIFILM Certificates