← Krajowa Izba Rozliczeniowa S.A. (KIR) cases
Bugzilla #1966006
Policy Compliance
KIR: Intermediate CA - SZAFIR Trusted CA3 - revocation status not changed in CCADB
RESOLVED
FIXED
Krajowa Izba Rozliczeniowa S.A. (KIR)
AI Summary
Krajowa Izba Rozliczeniowa S.A. (KIR) faced an incident where the revocation status of the subordinate CA certificate SZAFIR Trusted CA3 was not updated in the CCADB within the required 7-day timeframe after its revocation on March 5, 2025. This non-compliance was identified by the Chrome Root Program Team on May 9, 2025, leading to a series of internal reviews and updates to KIR's operational procedures. KIR has since implemented corrective actions, including training for the WebPKI team and regular reviews of CCADB entries to prevent future occurrences.
Chronology
- Revocation of SZAFIR Trusted CA3 certificate.
- Expected CCADB disclosure deadline.
- Non-compliance identified by Chrome Root Program Team.
- Correct status set in CCADB.
- Operational procedure updated for CCADB disclosures.
- Regular review process for CCADB entries established.
- All action items completed.
Participants
Waldemar Brzozowski
External References
Similar Local Cases
KIR: Intermediate CA - SZAFIR Trusted CA4 - Certificate Policies extension - non-compliance
KIR S.A.: CP/CPS contains noncompliant DV method, does not specify CAA domains
Ernst & Young Poland: KIR OCSP "unknown" status for revoked certificate
NETLOCK: did not file a preliminary incident report or respond to a third-party report within the 72-hour timeframe
Actalis: Issuance of intermediates after 2019-01-01 that do not comply with Mozilla Policy
Entrust: Cross-certified CA CP/CPS not updated in CCADB
Google Trust Services: Incomplete CRL Distribution Point URLs in CCADB for GTS Roots
IdenTrust: Full Incident Report for bug 2016585 was not published within 14 days of discovering the issue