CA/Responding To An Incident: Difference between revisions

← Older edit

CA/Responding To An Incident (view source)

Revision as of 02:24, 21 May 2024

423 bytes removed , 21 May 2024

→‎Examples of Good Practice: Changed examples.

Bwilson

Confirmed users

377

edits

@@ Line 77: / Line 77: @@
 = Examples of Good Practice =
-Here are some examples of good practice, where a CA did most or all of the things recommended above.
+Here are some examples of good practice.
-'''Note that these incident reports conformed to an earlier version of the incident reporting template.'''
+== Let's Encrypt: keyCompromise key blocking deviation from CP/CPS ==
+https://bugzilla.mozilla.org/show_bug.cgi?id=1886876
+* Clear indication of Preliminary and Full Incident Reports.
+* Detailed timeline that identifies all policy, process, and software changes that contributed to the root cause, and an indication of when the incident began and ended.
+* Detailed Root Cause Analysis that offers background on the various conditions that gave rise to the issue.
+* Timely updates in response to questions posed, continued analysis, and changes to Action Items.
-== Let's Encrypt Unicode Normalization Compliance Incident ==
+== Google Trust Services: Failure to properly validate IP address ==
+https://bugzilla.mozilla.org/show_bug.cgi?id=1876593
+* Significant amount of background information that informs the timeline of the incident.
+* Clear identification of the contributing factors that contributed to the incident that notes how many of them avoided detection in the Root Cause Analysis.
+* Action Items that prevent, mitigate, and detect what didn’t go well.
+* Timely and detailed updates conveying Action Item status.
-* [https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/g6_zGA2exXw Initial Public Problem Report], 2017-08-10 20:23 UTC (apparently LE were made aware of the problem privately earlier that day)
+== HARICA: Anomaly in OCSP services after CA software upgrade ==
-* [https://groups.google.com/d/msg/mozilla.dev.security.policy/g6_zGA2exXw/_tXldrbIBwAJ Initial Public Response from CA], 2017-08-10 21:53 UTC
+https://bugzilla.mozilla.org/show_bug.cgi?id=1878106
-* [https://groups.google.com/d/msg/mozilla.dev.security.policy/nMxaxhYb_iY/AmjCI3_ZBwAJY Final Report from CA], 2017-08-11 03:00 UTC
+* Clear Summary that provides just enough context for new readers to understand the rest of the report.
+* Effective use of the “5 Whys” Root Cause Analysis methodology where “why” is asked as many times as necessary to identify the root cause of the incident.
-In this case, the CA managed to diagnose the problem, remediate it, and deploy the fix to production within 24 hours.
+* Action Items that prevent and detect what didn’t go well.
+* Timely updates in response to questions posed and changes to Action Items.
-== PKIOverheid Short Serial Number Incident ==
-* [https://groups.google.com/d/msg/mozilla.dev.security.policy/vl5eq0PoJxY/uD-Li1w1BgAJ Initial Public Problem Report], 2017-07-18 22:26 UTC
-* [https://groups.google.com/d/msg/mozilla.dev.security.policy/vl5eq0PoJxY/TzH5eI9dAQAJ Initial Public Response from CA], 2017-07-25 19:20 UTC
-* [https://groups.google.com/forum/#!msg/mozilla.dev.security.policy/vl5eq0PoJxY/W1D4oZ__BwAJ Final Report from CA], 2017-08-11 14:39 UTC
-While the CA could have provided interim updates, and the final report was a little delayed, the contents of it were excellent.
-== SecureTrust "Some-State" in stateOrProvinceName ==
-* [https://bugzilla.mozilla.org/show_bug.cgi?id=1551374 Initial Public Problem Report], 2019-05-14 00:49 UTC
-* [https://bugzilla.mozilla.org/show_bug.cgi?id=1551374#c1 Initial Public Response from CA], 2017-05-15 19:40 UTC
-* [https://bugzilla.mozilla.org/show_bug.cgi?id=1551374#c8 Final Report from CA], 2017-06-14 9:43 UTC
-The level of detail provided by the CA in both the initial report and follow-up responses is comprehensive, as is the work performed to identify additional occurrences and to remediate the issue.