MozillaWiki

CA/Incident Dashboard: Difference between revisions

Page Discussion

CA/Incident Dashboard (view source)

Revision as of 22:48, 2 February 2024

2,824 bytes added ,  2 February 2024
m
→‎Open CA Compliance Bugs: Minor edit
(Deleted the ca-investigation and ca-incident-response tags and sections because they aren't used.)
 
(19 intermediate revisions by 5 users not shown)
Line 2: Line 2:


== Open CA Compliance Bugs ==
== Open CA Compliance Bugs ==
A CA compliance bug relates to a concern about a CA's certificates failing to comply with [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/ Mozilla's CA Certificate Policy] and/or the [https://cabforum.org/baseline-requirements-documents/ CA/Browser Forum's Baseline Requirements], and is determined to not be an [https://www.mozilla.org/en-US/security/#For_Developers imminent security concern].  
A CA compliance bug relates to a concern about a CA's certificates failing to comply with [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/ Mozilla's CA Certificate Policy] and/or a [https://cabforum.org/ CA/Browser Forum] requirement, and is determined to not be an [https://www.mozilla.org/en-US/security/#For_Developers imminent security concern]. A CA's response to a CA compliance bug includes providing an [[CA/Responding_To_An_Incident#Incident_Report|Incident Report]] in the bug.
   
   
Anyone may create a CA Compliance bug as follows:
Anyone may create a CA Compliance bug as follows:
* https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificate%20Compliance
* https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificate%20Compliance&version=other
* Whiteboard = [ca-compliance]  
* Whiteboard = [ca-compliance]  
** If the issue is due to mandated restrictions regarding COVID-19, use Whiteboard = [ca-compliance][covid-19]


<bugzilla>
<bugzilla>
Line 12: Line 13:
         "component":"CA Certificate Compliance",
         "component":"CA Certificate Compliance",
         "status":["UNCONFIRMED", "NEW", "ASSIGNED", "REOPENED"],  
         "status":["UNCONFIRMED", "NEW", "ASSIGNED", "REOPENED"],  
         "whiteboard":"compliance",
         "f1": "OP",
         "cf_blocking_b2g_type":"contains",
        "j1": "AND",
         "include_fields": ["id", "summary", "status", "assigned_to", "whiteboard", "last_change_time"]
        "f2": "status_whiteboard",
        "o2": "allwordssubstr",
        "v2": "ca-compliance",
         "f3": "status_whiteboard",
        "o3": "nowordssubstr",
        "v3": "leaf-revocation-delay",
        "f4": "status_whiteboard",
        "o4": "nowordssubstr",
        "v4": "audit-delay",
         "include_fields": "summary, id, status, assigned_to, whiteboard, last_change_time, creation_time",
        "order": "short_desc ASC"
    }
</bugzilla>
 
== Audit Delays ==
The compliance bug's whiteboard field is tagged with [audit-delay] whenever a CA is unable to deliver audit statements to Mozilla [[CA/Audit_Statements|when they are due]]. Such bugs should be reported as [[CA/Bug_Triage#Compliance_Problems_and_Incidents|CA compliance issues]], with the following whiteboard tags as described [https://wiki.mozilla.org/CA/Audit_Statements#Audit_Delay here].
*Whiteboard = [ca-compliance][audit-delay]
*For audit delays due to mandated restrictions regarding COVID-19, use Whiteboard = [ca-compliance][audit-delay][covid-19]
 
<bugzilla>
    {
        "component":"CA Certificate Compliance",
        "status":["UNCONFIRMED", "NEW", "ASSIGNED", "REOPENED"],
        "f1": "OP",
        "j1": "AND",
        "f2": "status_whiteboard",
        "o2": "allwordssubstr",
        "v2": "ca-compliance",
        "f3": "status_whiteboard",
        "o3": "allwordssubstr",
        "v3": "audit-delay",
        "include_fields": "summary, id, status, assigned_to, whiteboard, last_change_time, creation_time",
        "order": "short_desc ASC"
    }
</bugzilla>
 
== Revocation Delays ==
The compliance bug's whiteboard field is tagged with [ca-revocation-delay] or [leaf-revocation-delay] whenever a CA fails to abide by Mozilla's requirement to revoke certificates in a timely fashion. As discussed in [[CA/Responding_To_An_Incident#Revocation]], Mozilla recognizes that there may be *exceptional* situations that cause a CA to not abide by the Baseline Requirements, which should be accompanied by an [[CA/Responding_To_An_Incident#Incident_Report|Incident Report]].
 
Such bugs should be reported as [[CA/Bug_Triage#Compliance_Problems_and_Incidents|CA compliance issues]], and will be categorized appropriately during triage.
 
<bugzilla>
    {
        "component":"CA Certificate Compliance",
        "status":["UNCONFIRMED", "NEW", "ASSIGNED", "REOPENED"],
        "f1": "OP",
        "j1": "AND",
        "f2": "status_whiteboard",
        "o2": "allwordssubstr",
        "v2": "ca-compliance",
        "f3": "status_whiteboard",
        "o3": "allwordssubstr",
        "v3": "leaf-revocation-delay",
      "include_fields": "summary, id, status, assigned_to, whiteboard, last_change_time, creation_time",
        "order": "short_desc ASC"
     }
     }
</bugzilla>
</bugzilla>
Bwilson
Confirmed users
377

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/1203891...1249904"