CA/Incident Dashboard: Difference between revisions

← Older edit

CA/Incident Dashboard (view source)

Revision as of 22:48, 2 February 2024

2,365 bytes added , 2 February 2024

m

→‎Open CA Compliance Bugs: Minor edit

Bwilson

Confirmed users

377

edits

@@ Line 1: / Line 1: @@
 = Open CA Bugs in Bugzilla =
-== Open Incident Related Bugs ==
+== Open CA Compliance Bugs ==
+A CA compliance bug relates to a concern about a CA's certificates failing to comply with [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/ Mozilla's CA Certificate Policy] and/or a [https://cabforum.org/ CA/Browser Forum] requirement, and is determined to not be an [https://www.mozilla.org/en-US/security/#For_Developers imminent security concern]. A CA's response to a CA compliance bug includes providing an [[CA/Responding_To_An_Incident#Incident_Report|Incident Report]] in the bug.
+Anyone may create a CA Compliance bug as follows:
+* https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificate%20Compliance&version=other
+* Whiteboard = [ca-compliance]
+** If the issue is due to mandated restrictions regarding COVID-19, use Whiteboard = [ca-compliance][covid-19]
-=== Investigation or Discussion ===
-Concern has been raised about certificates that a CA has issued. Investigation and/or discussion in progress.
 <bugzilla>
      {
-         "component":"CA Certificate Mis-Issuance",
+         "component":"CA Certificate Compliance",
          "status":["UNCONFIRMED", "NEW", "ASSIGNED", "REOPENED"],
-         "whiteboard":"ca-investigation",
+         "f1": "OP",
-         "cf_blocking_b2g_type":"contains"
+        "j1": "AND",
+        "f2": "status_whiteboard",
+        "o2": "allwordssubstr",
+        "v2": "ca-compliance",
+        "f3": "status_whiteboard",
+        "o3": "nowordssubstr",
+        "v3": "leaf-revocation-delay",
+        "f4": "status_whiteboard",
+        "o4": "nowordssubstr",
+        "v4": "audit-delay",
+        "include_fields": "summary, id, status, assigned_to, whiteboard, last_change_time, creation_time",
+         "order": "short_desc ASC"
      }
 </bugzilla>
-=== Resulting CA Action Items ===
+== Audit Delays ==
-The concern about a CA's certificates has been confirmed, and the CA has follow-up action items.
+The compliance bug's whiteboard field is tagged with [audit-delay] whenever a CA is unable to deliver audit statements to Mozilla [[CA/Audit_Statements|when they are due]]. Such bugs should be reported as [[CA/Bug_Triage#Compliance_Problems_and_Incidents|CA compliance issues]], with the following whiteboard tags as described [https://wiki.mozilla.org/CA/Audit_Statements#Audit_Delay here].
+*Whiteboard = [ca-compliance][audit-delay]
+*For audit delays due to mandated restrictions regarding COVID-19, use Whiteboard = [ca-compliance][audit-delay][covid-19]
 <bugzilla>
      {
-         "component":"CA Certificate Mis-Issuance",
+         "component":"CA Certificate Compliance",
          "status":["UNCONFIRMED", "NEW", "ASSIGNED", "REOPENED"],
-         "whiteboard":"ca-incident",
+         "f1": "OP",
-         "cf_blocking_b2g_type":"contains"
+        "j1": "AND",
+        "f2": "status_whiteboard",
+        "o2": "allwordssubstr",
+        "v2": "ca-compliance",
+        "f3": "status_whiteboard",
+        "o3": "allwordssubstr",
+        "v3": "audit-delay",
+        "include_fields": "summary, id, status, assigned_to, whiteboard, last_change_time, creation_time",
+         "order": "short_desc ASC"
      }
 </bugzilla>
-== Open CA Compliance Bugs ==
+== Revocation Delays ==
-A CA compliance bug relates to a concern about a CA's certificates failing to comply with [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/ Mozilla's CA Certificate Policy] and/or the [https://cabforum.org/baseline-requirements-documents/ CA/Browser Forum's Baseline Requirements], and is determined to not be an imminent security concern.
+The compliance bug's whiteboard field is tagged with [ca-revocation-delay] or [leaf-revocation-delay] whenever a CA fails to abide by Mozilla's requirement to revoke certificates in a timely fashion. As discussed in [[CA/Responding_To_An_Incident#Revocation]], Mozilla recognizes that there may be *exceptional* situations that cause a CA to not abide by the Baseline Requirements, which should be accompanied by an [[CA/Responding_To_An_Incident#Incident_Report|Incident Report]].
-Anyone may create a CA Compliance bug as follows:
+Such bugs should be reported as [[CA/Bug_Triage#Compliance_Problems_and_Incidents|CA compliance issues]], and will be categorized appropriately during triage.
-* https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificate%20Mis-Issuance
-* Whiteboard = [ca-compliance]
 <bugzilla>
      {
-         "component":"CA Certificate Mis-Issuance",
+         "component":"CA Certificate Compliance",
          "status":["UNCONFIRMED", "NEW", "ASSIGNED", "REOPENED"],
-         "whiteboard":"compliance",
+         "f1": "OP",
-         "cf_blocking_b2g_type":"contains"
+        "j1": "AND",
+        "f2": "status_whiteboard",
+        "o2": "allwordssubstr",
+        "v2": "ca-compliance",
+         "f3": "status_whiteboard",
+        "o3": "allwordssubstr",
+        "v3": "leaf-revocation-delay",
+       "include_fields": "summary, id, status, assigned_to, whiteboard, last_change_time, creation_time",
+        "order": "short_desc ASC"
      }
 </bugzilla>
+= Closed CA Bugs =
+== Closed CA Compliance Bugs ==
+A historical view of past CA compliance bugs may be found here:
+* https://wiki.mozilla.org/CA/Closed_Incidents