← Netlock cases
Bugzilla #1947691
Delayed Revocation
NETLOCK: Bug 1891331 replacement - delayed revocation -
RESOLVED
FIXED
Netlock
AI Summary
This case addresses the delayed revocation of 522 TLS certificates issued by NETLOCK, which contained a deprecated 'explicitText' value in the User Notice extension, violating BRG 2.0 requirements. The incident was triggered when NETLOCK was notified of the compliance issue on April 3, 2024. Although revocation for standard certificates was completed by April 9, 2024, some revocations were delayed at the request of customers deemed critical to national infrastructure. NETLOCK has since acknowledged that such delays are not compliant with industry standards and has implemented corrective actions, including updates to internal policies and subscriber contracts to ensure timely revocation in the future.
Chronology
- NETLOCK notified of compliance issue with TLS certificates.
- Revocation of affected certificates began.
- All standard misissued certificates revoked.
- Revocation of delayed certificates completed.
- Terms and conditions updated to include 24-hour revocation deadline.
- Bilateral readiness reviews with critical infrastructure subscribers completed.
Participants
nagy.nikolett@netlock.hu
bwilson@mozilla.com
malcolm.doody@gmail.com
Zacharias.bjorngren@gmail.com
External References
Related Bugzilla IDs Mentioned
Similar Local Cases
Entrust: Delayed revocation of EV TLS certificates with missing cPSuri
NETLOCK: Policy Qualifiers other than id-qt-cps is included in TLS certificates - delayed revocation
NetLock: Delayed revocation report connected to ticket 1680378
GDCA: Delayed revocation of SSL/TLS certificates with Non-critical Basic Constraints
Entrust: Delayed revocation of certificates affected by Jurisdiction issue in some EV TLS & Code Signing certificates
FIRMAPROFESIONAL: Delayed leaf revocation
Chunghwa Telecom: Delayed Revocation with Controversial Extension (2.5.29.9, SubjectDirectoryAttributes)
Chunghwa Telecom: Delayed Revocation Due to GTLSCA EKU Misissuance