← Government of Hong Kong (SAR), Hongkong Post, Certizen cases
Bugzilla #1886722
Certificate Problem Report
Hongkong Post: Delayed response to CPR
RESOLVED
FIXED
Government of Hong Kong (SAR), Hongkong Post, Certizen
AI Summary
Hongkong Post CA experienced a delayed response to a Certificate Problem Report (CPR) due to an email being misclassified as junk. This incident violated CABF BR #4.9.3, which mandates continuous availability to respond to CPRs. The issue was identified and addressed after intervention from the Chrome Root Program, leading to improvements in email handling and the establishment of a dedicated email address for CPRs. The CA has since confirmed that junk-mail filters are now functioning effectively, and no further legitimate CPRs have been missed.
Chronology
- Email reporting the issue received but classified as junk.
- Chrome Root Program notified Hongkong Post CA of the issue.
- Bug reported regarding the delayed response.
- New dedicated email address for CPRs established.
- Confirmation that junk-mail filters are functioning effectively.
Participants
Man Ho
Ben Wilson
External References
Similar Local Cases
Hongkong Post: Subject CN converted to Unicode representation incident
Hongkong Post: Certificates with invalid embedded SCT signature
Hongkong Post: TLS certificates with basicConstraints not marked as critical
Hongkong Post: TLS certificates with Certificate Policies extension that does not assert http scheme
Hongkong Post e-Cert CA 1 - 10 issuing certificates without subject alternative name extension
Microsoft PKI Services: Invalid Email Address for CPRs
SwissSign: duplicate serial number
SwissSign: Invalid CT data in issued certs (SABRE.CT misconfiguration)