On 3/20/20 1:15 PM, Jeremy Rowley wrote:
What about issues other than audits? For example, with certain locations
closing, key ceremonies may become impossible, leading to downed CRLs/OCSP for
intermediates. There's also a potential issue with trusted roles even being
able to access the data center if something goes down and Sub CAs can't be
revoked. Should that be mentioned, requiring CAs to file an incident report as
soon as the event becomes likely?
Good point.
I added the following to https://wiki.mozilla.org/CA/Incident_Dashboard
** If the issue is due to mandated restrictions regarding COVID-19, use
Whiteboard = [ca-compliance][covid-19]
I updated https://wiki.mozilla.org/CA/Audit_Statements#Audit_Delay
to:
* Whiteboard = [ca-compliance][audit-delay]
* For audit delays due to mandated restrictions regarding COVID-19, use
Whiteboard = [ca-compliance][audit-delay][covid-19]
Do you think we should also add a section to
https://wiki.mozilla.org/CA/Responding_To_An_Incident about COVID-19?
Thanks,
Kathleen
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
