From 0dc8b4029ce0422df93ed5210ba843dc377bbb98 Mon Sep 17 00:00:00 2001 From: Sven Slootweg Date: Tue, 13 Sep 2016 07:33:40 +0200 Subject: [PATCH] Clarify scope --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index 3d2e935..2cf0db9 100644 --- a/README.md +++ b/README.md @@ -14,6 +14,14 @@ With some regularity, Certificate Authorities issue domain-validated certificate Of course, cases where eg. an Extended Validation certificate is incorrectly issued will still be listed, as these constitute a failure of the Certificate Authority to appropriately verify the identity of the applicant. +## Incidents that are out of scope + +The following types of incidents are __not__ listed here, as they do not indicate an issue with a Certificate Authority's trustworthiness: + +* Issuance of domain-validated certificates to malicious sites (see above) +* Certificates that are misused after having been fraudulently obtained from a legitimate third party ("stolen certificates") +* Infrastructure downtime that is not related to a compromise + ## Contributing If you're aware of an incident that is not listed here, feel free to open a pull request. Please make sure to include a clear source describing the incident, preferably in English.