Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
gabeio 11 hours ago

> This is a compliance incident

Uh. I don't know if I like the sound of that...

john_strinlai 11 hours ago | parent | next [-]

"compliance incident" is the catchall for everything from a spelling error on a CPS (certification practice statement) or being one second late on revocation, all the way up to to key compromise.

it is almost always closer to the spelling mistake side than it is the key compromise side of the spectrum.

a peak at https://bugzilla.mozilla.org/buglist.cgi?product=CA%20Progra... will show that most compliance issues, to the general public, are quite mundane.

walrus01 11 hours ago | parent | prev [-]

Indeed. "Compliance" can mean some internal audit/monitoring system has tripped and requires in depth investigation and preservation of logging, or it can mean "federal law enforcement with badges are right now standing in our datacenter and/or NOC serving a court order".

tptacek 11 hours ago | parent | next [-]

At times like this it's worth remembering that message boards strongly favor whatever narrative is going to be most fun and exciting to talk about.

michaelt 11 hours ago | parent | next [-]

I heard the CEO of Lets Encrypt, Warren Buffet, accidentally started a fire while charging his e-unicycle in the data centre and that knocked out the server that issues the certificates. They've got a backup, but it's in a safe only two people have keys to; one keyholder, Anne Hathaway, is at a parrot show in Singapore this week and her flight back is delayed due to fuel shortages. The other keyholder, Henry Kissinger, it turns out has been dead for 3 years.

walrus01 11 hours ago | parent | prev [-]

I sincerely hope it's the most mundane and least spectacular explanation possible, just saying from my point above that compliance has a very wide range of possible meanings and interpretations (also depending on the background/career POV of the reader), until the incident is further explained..

jaas 11 hours ago | parent [-]

In that sense, prepare yourself to be bored.

eqvinox 11 hours ago | parent | prev [-]

Federal law enforcement in your DC isn't something you'd call a "compliance" issue, that's not what that term means. Yes it's various derivatives of the English word "comply", but this is a field of well-defined verbiage, and that ain't it. Compliance means they failed (or are being questioned) about following particular practices that they have agreed to, nothing else really.

NB: "legal compliance" is another term. So is "{legal,lawful} enforcement"

ms2 8 hours ago | parent [-]

Compliance here means compliance with the CA/B Forum Baseline Requirements (and similar other policies), which cover a lot of operational obligations, from character encoding to physical security.