Confirmed users
574
edits
CA/Responding To An Incident: Difference between revisions
Jump to navigation
Jump to search
CA/Responding To An Incident (view source)
Revision as of 22:00, 24 February 2025
, 24 February 2025→Reporting Delayed Revocation Incidents: Changes consistent with MRSP and CCADB IRGs
m (→Reporting Delayed Revocation Incidents: Minor fixes) |
(→Reporting Delayed Revocation Incidents: Changes consistent with MRSP and CCADB IRGs) |
||
| Line 49: | Line 49: | ||
If a CA operator determines that it might delay revocation of certificates beyond the time period required by the TLS BRs, it MUST file a preliminary incident report with a Summary section immediately in Bugzilla, even if the delay has not yet occurred. | If a CA operator determines that it might delay revocation of certificates beyond the time period required by the TLS BRs, it MUST file a preliminary incident report with a Summary section immediately in Bugzilla, even if the delay has not yet occurred. | ||
Consistent with CCADB incident reporting requirements, the CA operator SHALL explain in the "Analysis" section of the incident report those factors and rationales behind the decision to delay revocation (including detailed and substantiated explanations of how extensive harm would result to third parties–such as essential public services or widely relied-upon systems–and why the situation is exceptionally rare and unavoidable). | Consistent with CCADB incident reporting requirements, the CA operator SHALL explain in the "Analysis" section of the incident report those factors and rationales behind the decision to delay revocation (including detailed and substantiated explanations of how extensive harm would result to third parties–such as essential public services or widely relied-upon systems–and why the situation is exceptionally rare and unavoidable). | ||