@ -14,6 +14,14 @@ With some regularity, Certificate Authorities issue domain-validated certificate
Of course, cases where eg. an Extended Validation certificate is incorrectly issued will still be listed, as these constitute a failure of the Certificate Authority to appropriately verify the identity of the applicant.
Of course, cases where eg. an Extended Validation certificate is incorrectly issued will still be listed, as these constitute a failure of the Certificate Authority to appropriately verify the identity of the applicant.
## Incidents that are out of scope
The following types of incidents are __not__ listed here, as they do not indicate an issue with a Certificate Authority's trustworthiness:
* Issuance of domain-validated certificates to malicious sites (see above)
* Certificates that are misused after having been fraudulently obtained from a legitimate third party ("stolen certificates")
* Infrastructure downtime that is not related to a compromise
## Contributing
## Contributing
If you're aware of an incident that is not listed here, feel free to open a pull request. Please make sure to include a clear source describing the incident, preferably in English.
If you're aware of an incident that is not listed here, feel free to open a pull request. Please make sure to include a clear source describing the incident, preferably in English.
