← Netlock cases
Bugzilla #2051459 Problem Reporting Failure Incident Self Reported Incident

NETLOCK: Failure to acknowledge/respond to a Certificate Problem Report within 24 hours (CPR response-time violation)

UNCONFIRMED Netlock
This summary was auto-generated by AI and revised by me when needed — accuracy improves with each update. Always refer to the official Bugzilla thread as the authoritative source. If you spot an inaccuracy, let me know via the contact form.
AI Summary

This case concerns NETLOCK’s failure to acknowledge/respond to a Certificate Problem Report (CPR) within 24 hours, as required by the CA/B Forum Baseline Requirements. A CPR was submitted to NETLOCK’s CCADB-disclosed problem reporting address (compliance.info@netlock.hu) on 2026-06-10 23:48 UTC, referencing an OCSP error for a certificate NETLOCK issued. A follow-up was sent on 2026-06-16 to the same address (and CC’ing visszavonas@netlock.hu). The thread states NETLOCK did not acknowledge either CPR within the required 24 hours; an automated acknowledgment was received on 2026-06-24 (14 days after submission), and the first substantive response arrived on 2026-06-26 at approximately 08:57 UTC, asking which certificate was affected. The reporter also states that NETLOCK’s incident report for this bug was provided about 88 hours after the bug was opened and that this reporting delay is a compliance violation. The bug remains UNCONFIRMED and no resolution is recorded in the thread.

Model: gpt-5.4-nano Generated: 2026-07-04 18:22 UTC Confidence: 0.86 3 comments
Chronology
  1. A CPR was submitted to NETLOCK’s CCADB-disclosed problem reporting address referencing an OCSP error for a NETLOCK-issued certificate.
  2. A follow-up was sent to NETLOCK’s problem reporting address (and CC’d an additional disclosed address).
  3. An automated acknowledgment was received 14 days after the initial CPR submission.
  4. A first substantive response was received, asking which certificate was affected.
  5. Mozilla CA Program bug 2051459 was opened describing the CPR response-time failure.
  6. NETLOCK provided an incident report, while the reporter argued the disclosure timing was late and referenced a separate incident report for the CPR response-time failure.
Thread Activity
  1. pagueophelia@gmail.com — Opened the bug with a preliminary incident report stating NETLOCK did not acknowledge/respond to the CPR within 24 hours and that the first substantive response arrived 16 days after submission.
  2. kaluha.roland@netlock.hu — Submitted a Full Incident Report that explicitly scoped out the CPR response-time failure, stating it was addressed in a separate Full Incident Report (2052541).
  3. pagueophelia@gmail.com — Argued NETLOCK’s incident report was provided about 88 hours after the bug was opened (missing a 72-hour window) and reiterated repeated CPR non-responsiveness, citing other bug IDs.
Participants
pagueophelia@gmail.com kaluha.roland@netlock.hu nobody@mozilla.org
Related Bugzilla IDs Mentioned
Similar Local Cases
#2052541 UNCONFIRMED Problem Reporting Failure Incident Self Reported Incident Opened 2026-07-03 Still Open · 94% similar
NETLOCK: Failure to Respond to a Certificate Problem Report Within 24 Hours
#2050274 ASSIGNED Incident Self Reported Incident Remediation Tracking Opened 2026-06-24 Still Open · 72% similar
FNMT: Delay in incident disclosure reporting for Bug 2049012
#2047952 ASSIGNED Problem Reporting Failure Incident Opened 2026-06-16 Still Open · 69% similar
KIR: OCSP responder does not return status for precertificate
#2041774 ASSIGNED Ca Certificate Compliance Incident Self Reported Incident Repository Issue Opened 2026-05-22 Still Open · 69% similar
OATI: AIA CA Issuer field pointing to PEM encoded cert
#2048995 ASSIGNED Incident Self Reported Incident Problem Reporting Failure Opened 2026-06-19 Still Open · 68% similar
eMudhra emSign PKI Services: OCSP Responder Returned "Unauthorized" for Some Pecertificates
#2032482 ASSIGNED Ca Certificate Compliance Incident Self Reported Incident Certificate Misissuance Opened 2026-04-16 Still Open · 68% similar
OATI: Misissuance detected by PKIMetal
#2046230 ASSIGNED Revocation Issue Problem Reporting Failure Incident Self Reported Incident Opened 2026-06-09 Still Open · 68% similar
certSIGN: Inconsistent revocation status (CRL "revoked" vs OCSP "good") for intermediate CA "certSIGN Web CA"
#1967929 RESOLVED Incident Opened 2025-05-22 · Closed 2025-07-17 · 63% similar
KIR: Failed to respond a Certificate Problem Report within 24 hours

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action