All, Also, to keep the discussion clean and simple, just post your suggestions and recommendations to the CCADB Public List. Thanks, Ben
On Mon, Nov 21, 2022 at 3:52 PM Ben Wilson <[email protected]> wrote: > Cross-posting to both CCADB Public and Mozilla dev-security-policy. > > All, > > To achieve better incident tracking and to improve incident prevention and > remediation over time, we are proposing additional whiteboard tags (which > are added after [ca-compliance]) for incidents reported in Bugzilla. The > current list of whiteboard tags is here > https://wiki.mozilla.org/CA/Bug_Triage#Compliance_Problems_and_Incidents. > The list includes [delayed-revocation-ca] and [delayed-revocation-leaf], > and these would be changed to [ca-revocation-delay] and > [leaf-revocation-delay], respectively. Other existing tags would remain. > > > > Additional whiteboard tags would be: > > [ca-misissuance] > > mis-issuance of a CA certificate > > [dv-misissuance] > > mis-issuance of a DV certificate > > [ov-misissuance] > > mis-issuance of an OV certificate > > [ev-misissuance] > > mis-issuance of an EV certificate > > [crl-failure] > > failure to provide certificate status via CRL; malformed, expired CRL > > [ocsp-failure] > > failure to provide certificate status via OCSP; malformed, expired OCSP > > [policy-failure] > > failure to update CP/CPS annually, failure to comply with practice in > CP/CPS, misunderstanding requirements, failed implementation > > [disclosure-failure] > > failure to disclose an ICA, failure to report revocation of an ICA, > non-disclosure-of-EV-sources, miscommunication, poor communication, etc. > > [uncategorized] or just “[ca-compliance]” > > anything not listed above > > > > When we discover a major theme that does not fit into one of the existing > categories, then we can add a new tag to the list and change the whiteboard > entry for the incident to include [new-tag]. > > Please provide your comments and suggestions. > > Thanks, > > Ben > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaZvc%2Bpwvh7rWBGYS%3DK7Gk90r9Mby7cDV5YqJU2yq9sKYg%40mail.gmail.com.
