Open Bug 1727204 Opened 9 months ago Updated 9 months ago

Add automated checks of Subordinate CA Owner names on intermediate certificates

Categories

(NSS :: Common CA Database, task, P2)

Tracking

(Not tracked)

People

(Reporter: kwilson, Unassigned)

Details

(Whiteboard: [ccadb-enhancement])

Automate checking and alerting for when the Subordinate CA Owner in an intermediate certificate does not match the Owner name for its doppelgänger (same Subject + SPKI) certificates.

See https://www.usenix.org/system/files/sec21-ma.pdf

  • section 4.2.Clerical error: e-tugra vs E-Tugra, Quo Vadis vs QuoVadis
  • section 4.4: "CCADB could add an automated notification or require a sub-CA label when a single SSPKI maps to certificates with multiple CCADB owners."
Whiteboard: [ccadb-enhancement]
You need to log in before you can comment on or make changes to this bug.