Kathleen, Thanks for the update it is appreciated.
Ryan On Tue, Feb 28, 2023 at 10:59 AM Kathleen Wilson <[email protected]> wrote: > On Sunday, February 26, 2023 at 1:22:39 AM UTC-8 [email protected] wrote: > > > This thread and associated bug have been silent for an > uncharacteristically long time, and I am curious as to when this issue will > be closed. > > > [Kathleen] > I added https://bugzilla.mozilla.org/show_bug.cgi?id=1801345#c19 > Ahmed, Please add status updates every week from now until this is fully > resolved. > > > > Furthermore, I would like to understand what changes will be put into > place to clarify appropriate incident handling behavior. It is important > that Mozilla establishes a clear protocol for handling security incidents > and communicates this effectively to all participants. > > > [Kathleen] > Ben previously filed https://github.com/mozilla/pkipolicy/issues/252 -- > Add Requirements for Reporting CA Security Incidents > Ben will hold discussions about this here in MDSP as he works on MRSP v2.9. > > Also, I have filed https://github.com/mozilla/www.ccadb.org/issues/99 -- > We should add a section to https://www.ccadb.org/cas/incident-report that > sets expectations about when and how frequently a CA should provide an > update about their incident until it is fully resolved. > > And I filed https://github.com/mozilla/pkipolicy/issues/266 -- Update > MRSP section 2.4, "Incidents", to reference > https://www.ccadb.org/cas/incident-report and indicate requirements about > following that web page. > (and set it for MRSP v2.9) > > > > I am also curious in how Mozilla will choose to interpret the facts that > have been made available. The way in which this incident is handled will > establish a precedent for future security incidents, and it is important > that Mozilla approaches this with a clear and consistent stance. > > > [Kathleen] > Thanks Ryan. > > Cheers, > Kathleen > > > -- > You received this message because you are subscribed to the Google Groups " > [email protected]" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/ff8b9a97-7088-4465-9104-eaf665d38147n%40mozilla.org > <https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/ff8b9a97-7088-4465-9104-eaf665d38147n%40mozilla.org?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CALVZKwaJQDmLTb%3D7hOsZ%3DhaJtSNKf6DaYwUkreEcx8vfDn-A5w%40mail.gmail.com.
