← NAVER Cloud Trust Services cases
Bugzilla #2006711
Certificate Problem Report
NAVER Cloud Trust Services: Encoding non-conformity in SCT extensions
RESOLVED
FIXED
NAVER Cloud Trust Services
AI Summary
NAVER Cloud Trust Services identified a technical non-conformity in the encoding of Signed Certificate Timestamp (SCT) extensions due to a logic error in their issuance software. This error led to the issuance of 82 certificates with malformed SCT extensions that did not comply with RFC 6962. Following the discovery, all affected certificates were revoked, and issuance was suspended to implement corrective measures. The issue was resolved by updating the encoding logic and enhancing testing protocols to prevent future occurrences.
Chronology
- Configuration change applied to include CT log servers using the Static CT API.
- Suspended all TLS certificate issuance to initiate remediation.
- All affected certificates were successfully revoked.
- All action items related to the incident were completed.
- Final incident report submitted and request for closure made.
Participants
Hogeun Yoo
Sooyoung Eo
External References
Similar Local Cases
NAVER Cloud Trust Services: CA Certificate not published in DER Encoded Format
NAVER Cloud Trust Services: Failure to respond to CPR within 24 hours
Hongkong Post: Certificates with invalid embedded SCT signature
Microsoft PKI Services: Malformed ICAs (missing certificate policy extensions)
DigiCert: Revoked intermediate certificates not in CRL
TrustCor: Insufficient Serial Number Entropy
TWCA: TLS certificates with non-critical basicConstraints
SwissSign: Certificate issue with Signature