Closed Bug 1706976 Opened 4 years ago Closed 4 years ago

Google Trust Services: Out-of-date CPS disclosure

Categories

(CA Program :: CA Certificate Compliance, task)

Product:
CA Program
Component:
CA Certificate Compliance
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: agwa-bugs, Assigned: awarner)

Details

(Whiteboard: [ca-compliance])

GTS has disclosed in CCADB that their root https://crt.sh/?sha256=CA42DD41745FD0B81EB902362CF9D8BF719DA1BD1B1EFC946F5B4C99F42C1B9E operates under the following CPS, which is versioned v2.22 and dated 2020-08-21: https://pki.goog/repo/cps/2.22/GTS-CPS.pdf

However, https://pki.goog publishes a newer CPS (versioned v3.0 and dated 2021-03-19) for this root: https://pki.goog/repo/cps/3.0/GTS-CPS.pdf

This is a violation of CCADB Policy Section 5 (incorporated by reference into Mozilla Root Store Policy), which requires that the URLs for CPSes be updated in CCADB as new information become available.

Assignee: bwilson → awarner
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Whiteboard: [ca-compliance]

GTS acknowledges this report. Other roots were updated in CCADB on March 25th, we need to determine what happened with the GS R2 update. An incident report is being prepared with full details.

Currently, CAs do not have the ability to update their CPs and CPSes without additional intervention from the root store member of the CCADB.

Summary: GTS: Out-of-date CPS disclosure → Google Trust Services: Out-of-date CPS disclosure

This may have been an oversight on my part in not identifying the root CA involved. I think I have updated/corrected the CCADB record. I'm going to mark this bug as invalid.

Status: ASSIGNED → RESOLVED
Closed: 4 years ago
Resolution: --- → INVALID
Product: NSS → CA Program
You need to log in before you can comment on or make changes to this bug.