Open Bug 2033000 Opened 9 days ago Updated 3 days ago

SwissSign: Certificate Profile error for S/MIME MV

Categories

(CA Program :: CA Certificate Compliance, task)

Product:
CA Program
Component:
CA Certificate Compliance
Type:
task

Tracking

(Not tracked)

Status:
ASSIGNED

People

(Reporter: sandy.balzer, Assigned: sandy.balzer)

Details

(Whiteboard: [ca-compliance] [smime-misissuance])

Preliminary Incident Report

Summary

  • Incident description:
    Today, our auditors informed us about an error in chapter 3.3.1.7 in our CPR S/MIME (https://repository.swisssign.com/SwissSign_CPR_SMIME.pdf ) in the field commonName against the S/MIME BR chapter 7.1.4.2.2 'Subject distinguished name fields'. This chapter defines the content of this field as 'Mailbox Address' while our CPR shows for the commonName: 'GivenName Surname or pseudo: Pseudonym (mandatory)'.

We spot-checked the impacted issued certificates since the change away from the legacy MV profile. Based on this initial check issued certificates are fully compliant with the S/MIME BR.

Nonetheless, the S/MIME BR, chapter 4.9.1.1 #11 requires a revocation of any certificate that is not in line with CA's CP/CPS (or in our case CPR) within 120 hours.

  • Relevant policies: S/MIME BR v1.0.13,
  • Source of incident disclosure:
    Information from Auditors.
Assignee: nobody → sandy.balzer
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Summary: CPR error for S/MIME MV → SwissSign: Certificate Profile error for S/MIME MV
Whiteboard: [ca-compliance] [smime-misissuance]
You need to log in before you can comment on or make changes to this bug.