← D-TRUST cases
Bugzilla #1918427
Policy Compliance
D-Trust: Non-compliance of issued root and intermediate S/MIME certificates
RESOLVED
INVALID
D-TRUST
AI Summary
The case addresses concerns regarding the non-compliance of certain D-Trust root and intermediate S/MIME certificates, which utilize non-unique organization identifiers that could lead to ambiguity. The discussion highlights that while newer certificates have adopted a unique identifier format, older certificates may not comply with S/MIME requirements. D-Trust is currently investigating these issues and is in the process of adapting their products to ensure compliance. The thread includes ongoing dialogue about the implications of these identifiers and the potential need for revocation of older certificates.
Chronology
- Initial report of non-compliance issues with D-Trust certificates.
- D-Trust acknowledges the investigation into the reported issues.
- D-Trust responds to concerns about the uniqueness of identifiers.
- D-Trust clarifies the audit report and its implications.
- Request to close the thread as discussions are resolved.
Participants
Luna Frankland
Enrico Entschew
l.sahin@d-trust.net
Moritz.Schaal@d-trust.net
bwilson@mozilla.com
External References
Similar Local Cases
TWCA: Missing or Inconsistent Disclosure of S/MIME BR Audits
Microsoft PKI Services: Firewall log data retention
certSIGN: CPS specifies md5 and sha1WithRSAEncryption as useable signature types
Firmaprofesional: 2020 Audit Report Finding 1 out of 4
Microsoft PKI Services: Failure to modify policy documents within 365 days
iTrusChina: lacking 2018 KGC and GAP period audit report
IdenTrust: basicConstraints not flagged "Critical" Per Certification Practices Statement
Chunghwa Telecom: outdated and stale policy documents disclosed to the CCADB