- Mozilla Bugzilla Skin
- Bugzilla.mozilla.org
- Bugzilla Log In
- Bugzilla Mozilla Download
- Firefox Bug Tracker
Bugzilla is a web -based general-purpose bug tracking system and testing tool originally developed and used by the Mozilla project, and licensed under the Mozilla Public License. Welcome to Bugzilla. Documentation; Advanced Search; New Bug; New Account; Quick Search help Install the Quick Search plugin Bugzilla Etiquette.
- 1Open CA Bugs in Bugzilla
- 2Closed CA Bugs
Open CA Compliance Bugs
A CA compliance bug relates to a concern about a CA's certificates failing to comply with Mozilla's CA Certificate Policy and/or the CA/Browser Forum's Baseline Requirements, and is determined to not be an imminent security concern. A CA's response to CA compliance bug includes providing an Incident Report in the bug.
Anyone may create a CA Compliance bug as follows:
Mozilla Bugzilla Skin
- Whiteboard = [ca-compliance]
- If the issue is due to mandated restrictions regarding COVID-19, use Whiteboard = [ca-compliance][covid-19]
Bugzilla.mozilla.org
| ID | Summary | Status | Assigned to | Whiteboard | Last change time |
|---|---|---|---|---|---|
| 1632632 | Buypass: Illegal Business Category in a PSD2 QWAC | ASSIGNED | Mads Henriksveen | [ca-compliance] Next update 2021-06-20 | 2021-04-02T17:43:21Z |
| 1647468 | D-TRUST: Wrong key usage (Key Encipherment) | ASSIGNED | Enrico Entschew | [ca-compliance] | 2021-04-19T16:12:45Z |
| 1649937 | GlobalSign: Incorrect OCSP Delegated Responder Certificate | ASSIGNED | douglas.beattie | [ca-compliance] Next Update 2021-04-23 | 2021-04-19T16:17:45Z |
| 1652581 | Google Trust Services digitalSignature KeyUsage not set | ASSIGNED | Andy Warner | [ca-compliance] | 2021-04-09T16:45:02Z |
| 1658792 | Entrust: Invalid data in State/Province Field | ASSIGNED | Dathan Demone | [ca-compliance] Next Update 2021-04-01 | 2021-04-15T21:07:04Z |
| 1663953 | TunTrust : OCSP unreachable | ASSIGNED | Agence Nationale de Certification Electronique | [ca-compliance] Next Update 2021-06-15 | 2021-04-08T15:27:17Z |
| 1670337 | Microsoft PKI Services: Certificate Mis-Issuance, DNSNames must have a valid TLD | ASSIGNED | John Mason | [ca-compliance] Next Update 2021-04-19 | 2021-04-20T03:50:51Z |
| 1674561 | Microsoft: DV certificate issued with OV fields | ASSIGNED | Dustin Hollenback | [ca-compliance] Next update 2021-05-01 | 2021-04-02T17:56:26Z |
| 1676352 | Microsec e-Szigno: Certificate validity period greater than 398 days | ASSIGNED | dr. Sándor SZŐKE | [ca-compliance] Next update 2021-05-01 | 2021-04-23T17:47:25Z |
| 1677737 | SwissSign: duplicate serial number | ASSIGNED | Mike Guenther | [ca-compliance] | 2021-04-08T11:51:44Z |
| 1680378 | Netlock: Replacement of enduser certificates after the EVGL 1.7.4 self-audit | ASSIGNED | Varga Viktor | [ca-compliance] | 2021-04-22T14:27:34Z |
| 1685370 | Entrust: Incorrect Business Category Value Discovered in an EV SSL Certificate | ASSIGNED | Dathan Demone | [ca-compliance] | 2021-04-16T19:36:52Z |
| 1690807 | GlobalSign: RSA-1024 leaf certificate issued after 2013-12-31 | ASSIGNED | Eva Van Steenberge | [ca-compliance] | 2021-04-06T06:05:10Z |
| 1693930 | Microsoft PKI Services: Policy Documentation, Failure to update Subscriber Certificate Max Validity Period | ASSIGNED | John Mason | [ca-compliance] | 2021-03-04T22:04:27Z |
| 1695786 | SECOM: Unqualified domain name in SAN | ASSIGNED | Hisashi Kamo | [ca-compliance] | 2021-04-22T13:46:21Z |
| 1695938 | SECOM: FUJIFILM intermediate not listed in audit statement | ASSIGNED | Hisashi Kamo | [ca-compliance] | 2021-04-22T13:20:58Z |
| 1696227 | Entrust - Incorrect Jurisdiction Country Value in an EV Certificate | ASSIGNED | Dathan Demone | [ca-compliance] Next update 2021-06-01 | 2021-04-16T19:36:40Z |
| 1700145 | Firmaprofesional: incorrect reserved CA/B Forum OIDs in certificates | ASSIGNED | chemalogo | [ca-compliance] | 2021-04-22T17:20:17Z |
| 1700809 | Microsoft PKI Services: Failure to disclose Unconstrained Intermediate within 7 Days | ASSIGNED | John Mason | [ca-compliance] | 2021-04-14T22:42:25Z |
| 1703528 | Telekom Security: Key Encipherment in two ECC SAN TLS certificates | ASSIGNED | Arnold Essing | [ca-compliance] | 2021-04-21T15:49:26Z |
| 1704140 | Camerfirma: Govern d'Andorra Audit Delay | ASSIGNED | Ana Lopes | [ca-compliance] [audit-delay] | 2021-04-23T11:36:14Z |
| 1704199 | FNMT: Minor non-conformities in 2021 audit statement | ASSIGNED | Brox | [ca-compliance] | 2021-04-12T09:34:40Z |
| 1705187 | KIR S.A.: CN domain not in SAN | ASSIGNED | Piotr Grabowski | [ca-compliance] | 2021-04-19T18:49:18Z |
| 1705337 | KIR S.A.: Invalid localityName + CRL Revoked but OCSP Unknown | ASSIGNED | Piotr Grabowski | [ca-compliance] | 2021-04-15T20:27:48Z |
| 1705419 | Microsoft: Underscore in SAN | ASSIGNED | John Mason | [ca-compliance] | 2021-04-24T16:09:55Z |
| 1705480 | SECOM: CP/CPS does not clearly specify domain validation methods | ASSIGNED | Hisashi Kamo | [ca-compliance] | 2021-04-23T13:19:01Z |
| 1705647 | KIR S.A.: Invalid organizationName | ASSIGNED | Piotr Grabowski | [ca-compliance] | 2021-04-21T08:35:05Z |
| 1705657 | KIR S.A.: Many certificates with OCSP Unknown | ASSIGNED | Piotr Grabowski | [ca-compliance] | 2021-04-21T15:42:21Z |
| 1705791 | Telekom Security: Multiple commonName in certificates | ASSIGNED | Arnold Essing | [ca-compliance] | 2021-04-23T08:41:20Z |
| 1705832 | KIR S.A.: DV certificates with locality name, organization name and stateOrProvinceName | ASSIGNED | Piotr Grabowski | [ca-compliance] | 2021-04-20T16:54:00Z |
| 1705904 | KIR S.A.: CP/CPS contains noncompliant DV method, does not specify CAA domains | ASSIGNED | Piotr Grabowski | [ca-compliance] | 2021-04-23T17:43:53Z |
| 1706860 | Microsoft PKI Services: Certificate Mis-Issuance, DNSName is not FQDN, Preferred Name Syntax | ASSIGNED | John Mason | [ca-compliance] | 2021-04-22T20:08:40Z |
| 1706950 | PKIoverheid: KPN issued Invalid organizationalUnitName | ASSIGNED | Jorik van 't Hof | [ca-compliance] | 2021-04-23T13:14:26Z |
| 1706967 | GTS: Forbidden Domain Validation Method 3.2.2.4.10 | ASSIGNED | Andy Warner | [ca-compliance] | 2021-04-23T16:37:36Z |
| 1706976 | GTS: Out-of-date CPS disclosure | ASSIGNED | Andy Warner | [ca-compliance] | 2021-04-23T16:38:09Z |
| 1707073 | GlobalSign: Invalid countryName | ASSIGNED | Eva Van Steenberge | [ca-compliance] | 2021-04-23T21:08:29Z |
36 Total;36 Open (100%);0 Resolved (0%);0 Verified (0%);
Audit Delays
The compliance bug's whiteboard field is tagged with [audit-delay] whenever a CA is unable to deliver audit statements to Mozilla when they are due. Such bugs should be reported as CA compliance issues, with the following whiteboard tags as described here.
- Whiteboard = [ca-compliance][audit-delay]
- For audit delays due to mandated restrictions regarding COVID-19, use Whiteboard = [ca-compliance][audit-delay][covid-19]
| ID | Summary | Status | Assigned to | Whiteboard | Last change time |
|---|---|---|---|---|---|
| 1704140 | Camerfirma: Govern d'Andorra Audit Delay | ASSIGNED | Ana Lopes | [ca-compliance] [audit-delay] | 2021-04-23T11:36:14Z |
1 Total;1 Open (100%);0 Resolved (0%);0 Verified (0%);
Revocation Delays
The compliance bug's whiteboard field is tagged with [delayed-revocation-ca] or [delayed-revocation-leaf] whenever a CA fails to abide by Mozilla's requirement to revoke certificates in a timely fashion. As discussed in CA/Responding_To_An_Incident#Revocation, Mozilla recognizes that there may be *exceptional* situations that cause a CA to not abide by the Baseline Requirements, which should be accompanied by an Incident Report.
Such bugs should be reported as CA compliance issues, and will be categorized appropriately during triage.
| ID | Summary | Status | Assigned to | Whiteboard | Last change time |
|---|---|---|---|---|---|
| 1651447 | GlobalSign: Failure to revoke noncompliant ICA within 7 days | ASSIGNED | Arvid Vermote | [ca-compliance] [delayed-revocation-ca] | 2021-01-12T13:19:27Z |
| 1651637 | Firmaprofesional: Failure to revoke ICAs within 7 days: OCSP EKU | ASSIGNED | Maria Jose Prieto | [ca-compliance] [delayed-revocation-ca] Next update 2021-04-23 | 2021-04-22T17:19:33Z |
| 1692535 | Camerfirma: Delayed revocations of certificates issued by old CAs with an RSA modulus size of 2047 bits | ASSIGNED | Ana Lopes | [ca-compliance][delayed-revocation-leaf] | 2021-04-19T14:49:20Z |
| 1707229 | SECOM: Delayed Revocation of non-technically constrained FUJIFILM Certificates | ASSIGNED | Hisashi Kamo | [ca-compliance] [delayed-revocation-leaf] | 2021-04-24T19:29:21Z |
4 Total;4 Open (100%);0 Resolved (0%);0 Verified (0%);
Closed CA Compliance Bugs
Bugzilla Log In
A historical view of past CA compliance bugs may be found here:
There are many ways to search Bugzilla, each with a substantial following.
QuickSearch
Bugzilla Mozilla Download
If you're already familiar with Bugzilla's fields, this is the fastest way to search. The search boxes in Bugzilla's header and footer are QuickSearch boxes. Assign it a keyword!
Advanced Search
Includes form elements for many of Bugzilla's fields, as well as 'boolean charts' that let you do complicated searches with any Bugzilla field. Includes some keyboard shortcuts, but still much more mouse-dependent than QuickSearch.
Find a specific bug
Awesomebar
Firefox Bug Tracker
Visited a bug recently, and want to get back to it? Just type a word from its summary into Firefox's address bar and let the awesomebar find it for you?