Open Bug 1596923 Opened 24 days ago Updated 21 days ago

PKIoverheid: KPN CPS lacks problem reporting instructions

Categories

(NSS :: CA Certificate Compliance, task)

task
Not set

Tracking

(Not tracked)

ASSIGNED

People

(Reporter: agwa-bugs, Assigned: jorik.vant.hof)

Details

(Whiteboard: [ca-compliance])

Per BR 4.9.3:

The CA SHALL publicly disclose the [problem reporting] instructions through a readily accessible online means and in section 1.5.2 of their CPS.

However, the CPS disclosed for https://crt.sh/?sha256=5679A431E79D4EB9EE967C60D8703C7C78F443F71DB97157E43059DE42D850DF does not have a section 1.5.2:

https://certificaat.kpn.com/files/CPS/KPN_PKIoverheid_CPS_v5.1_English.pdf

Assignee: wthayer → jorik.vant.hof
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Whiteboard: [ca-compliance]

Andrew, Ryan,

Thank you for your report. We have asked KPN to look into this matter. The information normally listed in the missing section 1.5.2 can be found under section 4.9.3, per RFC 3647.

KPN will amend this omission in a future update of their CPS which is scheduled for November 28.

Regards,

Jorik

The concern here is regarding the process for reviewing and incorporating changes from the BRs, understanding why that failed, and hopefully finding opportunities to improve that process.

You need to log in before you can comment on or make changes to this bug.