Hi
This is an incident report for one certificate issued by Buypass on September
23rd 2019 noncompliant with BR 7.1. The certificate, issued to a Swedish
organization, has an error in the subject:postalCode field. The postalCode
value is set to 2153 while the correct value should be 21532.
===
We do not intend to revoke the end-user certificates.
We consider this to be a compliance issue for the CA certificates only. The CAs
(i.e. the private keys) and end-user certificates issued from the CAs are not
affected.
Regards
Mads
-Original Message-
From: dev-security-policy On
B
Hi
This is an incident report for two intermediate certificates issued by Buypass
in December 2016 noncompliant with BR 7.1.
===How your CA first became aware of the problem (e.g. via a problem report
submitted to your Problem Reporting Mechanism, a discussion in
mozilla.dev.security.polic
We are aware that Buypass is on the list of CAs that have been noncompliant
with BR 7.1. We will send an Incident Report within the next few days.
Regards
Mads
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lis
Hi
One of the non-technically-constrained intermediate certificates on the list
[2] below is issued by Buypass and this was revoked today - see
https://crt.sh/?id=157337628.
This was done to be compliant with Section 5.3.1 of Mozilla Root Store Policy v
2.5 [1] - as specified in Action 1 of N
Hi Wayne
Buypass has used the TLS-SNI-01 method in our ACME Pilot running since last
summer. We have issued some certificates using this method - less than 60
certificates are still active and not revoked, most of them are issued to
internal users and systems.
We stopped using this method im
Hi
Late last week we discovered three certificates issued from Buypass with an
error in the subject:PostalCode for one dutch company. One of these
certificates is available at https://crt.sh/?id=212774960
The postalcode should have been '3707BK' as registered in the European Business
Register
Hi
Buypass received the problem report at 2017-09-12 00:06 and started
investigating early this morning.
After investigating what happened we identified an error in our system solution
when we have a CAA RR lookup failure. In this case, the DNS CAA RR lookup timed
out several times and we mis
infrastructure.
Regards
Mads
-Original Message-
From: dev-security-policy
[mailto:dev-security-policy-bounces+mads.henriksveen=buypass...@lists.mozilla.org]
On Behalf Of Mads Egil Henriksveen
Sent: 9. mars 2016 18:53
To: Andrew Ayer; mozilla-dev-security-pol...@lists.mozilla.org
Subject: RE
Hi Andrew
Thank you for making us aware of this issue with our OCSP responder.
We did make a major change in our CAs some years ago where we among other
things established a new OCSP responder for all Buypass CAs used for
SSL/TLS-certificates (including Buypass Class 2 CA 1). However, the origi
The entropy requirement is not that important for certificates signed by a Root
CA, because a Root CA and its private key must be kept offline or air gapped
and will not be exposed to the same threats as an "online CA" signing
Subscriber certificates.
The main cause for the entropy requiremen
11 matches
Mail list logo
