Confirm
385
edits
Changes
m
→Delayed Revocation: Added comments
https://bugzilla.mozilla.org/show_bug.cgi?id=1862004
Related to Bug # 1815534, it took ECM 13 days to ask whether revocation was necessary, and then actual revocation took place 51 days after initial notification. This bug was opened because of the delayed revocation(as noted here https://bugzilla.mozilla.org/show_bug.cgi?id=1815534#c12 and here - https://bugzilla.mozilla.org/show_bug.cgi?id=1815534#c20). ECM was asked to provide "an analysis to determine the factors that prevented timely revocation of the certificates, and include a set of remediation actions in the final incident report that aim to prevent future revocation delays." It was also noted that the CCADB website provides a recommended incident reporting template.
Generally, ECM has not met community expectations for incident reporting because it has focused on operational details without tackling systemic, root cause issues or “lessons learned”, which would help ECM and others improve their compliance. Commenters in the bug also asked for action items to prevent delayed revocation in the future, better awareness of industry requirements, better incident reporting, and more thorough management of CP and CPS documentation.
'''Issues:''' Delayed Revocation; Incident Reporting; Policy Documentation
=== Precertificate validity does not match leaf certificate ===
https://bugzilla.mozilla.org/show_bug.cgi?id=1883711
