Confirmed users
574
edits
CA/Bug Triage: Difference between revisions
Jump to navigation
Jump to search
Added [ca-infosharing] whiteboard tag
m (→Compliance Problems and Incidents: Changed to smime-misissuance) |
(Added [ca-infosharing] whiteboard tag) |
||
| Line 32: | Line 32: | ||
Open Auditor Compliance bugs: https://wiki.mozilla.org/CA/Auditor_Compliance | Open Auditor Compliance bugs: https://wiki.mozilla.org/CA/Auditor_Compliance | ||
<br /><br /> | <br /><br /> | ||
= Whiteboard Tags = | |||
The whiteboard tags for [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&component=CA%20Certificate%20Compliance CA Program :: CA Certificate Compliance] include: | The whiteboard tags for [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&component=CA%20Certificate%20Compliance CA Program :: CA Certificate Compliance] include: | ||
* [ca-infosharing] -- For non-incident "lessons learned" and other descriptions of comprehensive steps a CA might take when addressing compliance, or cascading incidents, or to share its compliance-related experiences for the benefit of the ecosystem. | |||
* [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&query_format=advanced&component=CA%20Certificate%20Compliance&status_whiteboard_type=allwordssubstr&status_whiteboard=ca-compliance [ca-compliance]] -- For concerns about a CA's certificates failing to comply with [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/ Mozilla's CA Certificate Policy] and/or the [https://cabforum.org/baseline-requirements-documents/ CA/Browser Forum's Baseline Requirements], and it is not considered to be an [https://www.mozilla.org/en-US/security/#For_Developers imminent security concern]. | * [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&query_format=advanced&component=CA%20Certificate%20Compliance&status_whiteboard_type=allwordssubstr&status_whiteboard=ca-compliance [ca-compliance]] -- For concerns about a CA's certificates failing to comply with [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/ Mozilla's CA Certificate Policy] and/or the [https://cabforum.org/baseline-requirements-documents/ CA/Browser Forum's Baseline Requirements], and it is not considered to be an [https://www.mozilla.org/en-US/security/#For_Developers imminent security concern]. | ||
* [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&query_format=advanced&component=CA%20Certificate%20Compliance&status_whiteboard_type=allwordssubstr&status_whiteboard=auditor-compliance [auditor-compliance]] -- For concerns about an auditor failing to properly detect and report on CA compliance issues that occurred during one or more periods when the CA was audited. | * [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&query_format=advanced&component=CA%20Certificate%20Compliance&status_whiteboard_type=allwordssubstr&status_whiteboard=auditor-compliance [auditor-compliance]] -- For concerns about an auditor failing to properly detect and report on CA compliance issues that occurred during one or more periods when the CA was audited. | ||
| Line 53: | Line 56: | ||
* [audit-finding] see https://www.ccadb.org/cas/incident-report#audit-incident-reports | * [audit-finding] see https://www.ccadb.org/cas/incident-report#audit-incident-reports | ||
= Vulnerability and Security Incident Reporting = | |||
To report a vulnerability or security incident pertaining to a CA in Mozilla's Program: | To report a vulnerability or security incident pertaining to a CA in Mozilla's Program: | ||