@ -14,6 +14,14 @@ With some regularity, Certificate Authorities issue domain-validated certificate
Of course, cases where eg. an Extended Validation certificate is incorrectly issued will still be listed, as these constitute a failure of the Certificate Authority to appropriately verify the identity of the applicant.
## Incidents that are out of scope
The following types of incidents are __not__ listed here, as they do not indicate an issue with a Certificate Authority's trustworthiness:
* Issuance of domain-validated certificates to malicious sites (see above)
* Certificates that are misused after having been fraudulently obtained from a legitimate third party ("stolen certificates")
* Infrastructure downtime that is not related to a compromise
## Contributing
If you're aware of an incident that is not listed here, feel free to open a pull request. Please make sure to include a clear source describing the incident, preferably in English.
