Confirmed users
574
edits
CA/Responding To An Incident: Difference between revisions
Jump to navigation
Jump to search
m
→Reporting Delayed Revocation Incidents: Minor fixes
(→Revocation: Replaced this Section per https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/xC8AQlMYg10/m/HaoObzSCCgAJ) |
m (→Reporting Delayed Revocation Incidents: Minor fixes) |
||
| Line 57: | Line 57: | ||
* an estimate for when all remaining revocations will be completed. | * an estimate for when all remaining revocations will be completed. | ||
Consistent with CCADB incident reporting requirements | Consistent with CCADB incident reporting requirements, the CA operator SHALL explain in the "Analysis" section of the incident report those factors and rationales behind the decision to delay revocation (including detailed and substantiated explanations of how extensive harm would result to third parties–such as essential public services or widely relied-upon systems–and why the situation is exceptionally rare and unavoidable). | ||
Also, the Timeline section should include the time(s) at which the CA Operator actually completed revocation of affected certificates, and the Action Items list MUST include steps reasonably calculated to prevent or reduce future revocation delays. | Also, the "Timeline" section should include the time(s) at which the CA Operator actually completed revocation of affected certificates, and the "Action Items" list MUST include steps reasonably calculated to prevent or reduce future revocation delays. | ||
== Consequences of Delayed Revocations == | == Consequences of Delayed Revocations == | ||