Re: Apple: Non-Compliant Serial Numbers

2019-05-03 Thread certification_authority--- via dev-security-policy
On May 3, Apple submitted an update to the original incident report (https://bugzilla.mozilla.org/show_bug.cgi?id=1533655), which is reposted below. Most certificates have been revoked and less than 1% of the total population of

Re: Apple: Non-Compliant Serial Numbers

2019-04-07 Thread certification_authority--- via dev-security-policy
On April 6, Apple submitted an update to the original incident report (https://bugzilla.mozilla.org/show_bug.cgi?id=1533655), which is reposted below. Over 10,000 additional certificates have been revoked since our last update. In

Re: Apple: Non-Compliant Serial Numbers

2019-04-06 Thread certification_authority--- via dev-security-policy
On Monday, April 1, 2019 at 5:21:14 AM UTC-6, Jakob Bohm wrote: [Apple Responses] ___ > For the benefit of the community (including possible future creation of > policies for mass revocation scenarios), could

Re: Apple: Non-Compliant Serial Numbers

2019-04-05 Thread certification_authority--- via dev-security-policy
> 1. How many of the 54,583 certificates are issued to Apple owned and > operated servers and services and how many not. All impacted certificates were issued to Apple entities > 2. What kinds of practical issues are delaying the replacement of > certificates on any such Apple operated

Re: Apple: Non-Compliant Serial Numbers

2019-03-30 Thread certification_authority--- via dev-security-policy
On March 30, Apple submitted an update to the original incident report (https://bugzilla.mozilla.org/show_bug.cgi?id=1533655), which is reposted below. ___ We've been working our plan to revoke impacted

Re: Apple: Non-Compliant Serial Numbers

2019-03-23 Thread certification_authority--- via dev-security-policy
On March 22, Apple submitted an update to the original incident report (https://bugzilla.mozilla.org/show_bug.cgi?id=1533655), which is reposted below. Over 115,000 additional certificates have been revoked since our last update leaving less than 10% of the total population of impacted

Re: Apple: Non-Compliant Serial Numbers

2019-03-12 Thread certification_authority--- via dev-security-policy
On March 11, 2019; Apple submitted a followup Incident Report. https://bugzilla.mozilla.org/show_bug.cgi?id=1533655. Incident Report How your CA first became aware of the problem (e.g. via a problem report submitted to your Problem Reporting Mechanism, a discussion in

Re: Apple: Non-Compliant Serial Numbers

2019-03-12 Thread certification_authority--- via dev-security-policy
Apple just submitted an updated report: Incident Report How your CA first became aware of the problem (e.g. via a problem report submitted to your Problem Reporting Mechanism, a discussion in mozilla.dev.security.policy, a Bugzilla bug, or internal self-audit), and the time and date. Apple

Apple: Non-Compliant Serial Numbers

2019-03-08 Thread certification_authority--- via dev-security-policy
Yesterday, Apple submitted this preliminary incident report: https://bugzilla.mozilla.org/show_bug.cgi?id=1533655, which is reposted below. On 2019-03-06 we determined that we were issuing certificates with non-compliant serial numbers because of the EJBCA issue [1]. We fixed the problem