Re: Request for Input: CA Incident Reporting

2023-10-17 Thread 'Chris Clements' via CCADB Public
All, Thanks again for the thoughtful and detailed suggestions. The Incident Reports page on ccadb.org [1] has been updated with the intention of making incident reports more useful and effective. Root Stores that rely on the CCADB may update their individual Root Store policies to require

Re: Request for Input: CA Incident Reporting

2023-09-08 Thread 'Chris Clements' via CCADB Public
*TL;DR*: The CCADB Steering Committee will update the incident reporting format with several suggestions in this thread. Root Stores that are members of the CCADB may update individual Root Store policies to require adherence to this format. All, Thank you for the detailed and actionable

Re: Request for Input: CA Incident Reporting

2023-08-07 Thread Antonios Chariton
Thanks for the great content Aaron! I agree on every point, and thanks for even making such detailed suggestions. I’d like to expand a little bit on the incident reporting part, as I think this is potentially the greatest blind spot. This is the question of when an incident should be filed and

Re: [EXTERNAL] Re: Request for Input: CA Incident Reporting

2023-08-07 Thread 'Paul van Brouwershaven' via CCADB Public
the past may not be readily apparent to new CAs or staff and it's hard to look back on all historic incidents. Paul From: 'Aaron Gable' via CCADB Public Sent: Friday, August 4, 2023 20:33 To: public@ccadb.org Subject: [EXTERNAL] Re: Request for Input: CA

Re: Request for Input: CA Incident Reporting

2023-08-04 Thread 'Aaron Gable' via CCADB Public
Apologies for double-posting, but I just wanted to let folks know that I've updated my gist to be a full rewrite of the incident reporting requirements page . It includes most of the

Re: Request for Input: CA Incident Reporting

2023-08-03 Thread 'Aaron Gable' via CCADB Public
Hi Clint, I'm speaking here both as a member of the Let's Encrypt team (and I think we write pretty good incident reports ), and as someone with a decade of experience in incident-response roles, including learning

RE: Request for Input: CA Incident Reporting

2023-08-03 Thread Roman Fischer
to improve the security/safety in their area by adopting the regulations around incident reporting. Kind regards Roman From: 'Clint Wilson' via CCADB Public Sent: Donnerstag, 20. Juli 2023 17:19 To: public Subject: Request for Input: CA Incident Reporting All, During the CA/Browser Forum

Re: Request for Input: CA Incident Reporting

2023-08-01 Thread 'Clint Wilson' via CCADB Public
Hi all, If you have feedback on this topic, we would love to hear your thoughts. Thank you! -Clint > On Jul 20, 2023, at 8:19 AM, 'Clint Wilson' via CCADB Public > wrote: > > All, > > During the CA/Browser Forum Face-to-Face 59 meeting, several Root Store > Programs expressed an interest

Request for Input: CA Incident Reporting

2023-07-20 Thread 'Clint Wilson' via CCADB Public
All, During the CA/Browser Forum Face-to-Face 59 meeting, several Root Store Programs expressed an interest in improving Web PKI incident reporting. The CCADB Steering Committee is interested in this community’s recommendations on improving the standards applicable to and the overall quality