Open
Bug 1727204
Opened 3 years ago
Updated 2 years ago
Add automated checks of Subordinate CA Owner names on intermediate certificates
Categories
(CA Program :: Common CA Database, task)
CA Program
Common CA Database
Tracking
(Not tracked)
NEW
People
(Reporter: kathleen.a.wilson, Unassigned)
Details
Automate checking and alerting for when the Subordinate CA Owner in an intermediate certificate does not match the Owner name for its doppelgänger (same Subject + SPKI) certificates.
See https://www.usenix.org/system/files/sec21-ma.pdf
- section 4.2.Clerical error: e-tugra vs E-Tugra, Quo Vadis vs QuoVadis
- section 4.4: "CCADB could add an automated notification or require a sub-CA label when a single SSPKI maps to certificates with multiple CCADB owners."
Reporter | ||
Updated•3 years ago
|
Whiteboard: [ccadb-enhancement]
Reporter | ||
Comment 1•2 years ago
|
||
Some of the CAs have resolved the items listed above, but this bug is about an enhancement request for the CCADB. So I will keep this bug open until we implement the enhancement request. (will use the examples for testing in Sandbox, even if the CA already resolved their CCADB records)
Assignee | ||
Updated•2 years ago
|
Product: NSS → CA Program
Updated•2 years ago
|
Priority: P2 → --
Whiteboard: [ccadb-enhancement]
You need to log in
before you can comment on or make changes to this bug.
Description
•