On Thu, Apr 2, 2015 at 11:05 AM, Kurt Roeckx <k...@roeckx.be> wrote: > On 2015-04-02 16:34, Phillip Hallam-Baker wrote: >> >> Further no private key should ever be in a network accessible device >> unless the following apply: >> >> 1) There is a path length constraint that limits issue to EE certs. >> 2) It is an end entity certificate. > > Why 1)?
Can you state a use case that requires online issue of Key Signing Certs? _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy