Confirm
384
edits
Changes
Minor edits
{{draft}}
__NOTOC__
This page lists recent (March-May 2024) bugs involving Entrust. The list of issues might not be comprehensive, and it will be updated by Mozilla as more information becomes available, but please do not edit this page yourself. If you have proposed changes, post them to the Mozilla dev-security-policy list or email them to certificates@mozilla.org. = Summary of Entrust Incidents for Entrust - March-May 2024 =
== A. Incidents related to Missing CPS URI in EV Certificates ==
-----------------------------------------------------------
== B. Revocation of Certificates without serverAuth EKU and Delayed Revocation ==
=== 1. clientAuth TLS Certificates without serverAuth EKU - ===
https://bugzilla.mozilla.org/show_bug.cgi?id=1890898
This is related to [https://bugzilla.mozilla.org/show_bug.cgi?id=1890896 bug #1890896] above. The error and correction involved the CPS, not the certificates themselves, and re-issuing would result in similar certificates with new issuance dates. The error was discovered and corrected on March 26 with the posting of CPS version 3.20. However, community members have raised concerns about Entrust’s commitment to compliance with Baseline Requirements, its assertion of exceptional conditions, and the deviation from revocation timelines set forth in the Baseline Requirements.
'''Issues:''' Delayed Revocation
