Right. It is then. It says private keys can only be stored with permission of the subscriber and encryption must always be used to transfer them. And of course the certificate must be revoked if/when it becomes known that a private key has gotten to the wrong person.
Well... NOT my private keys. I'll create the CSR myself, thank you. ;-) Anyway, would be nice if there was some evidence in this thread. CU Hans On Thursday, 30 March 2017 00:31:50 UTC+2, Ryan Sleevi wrote: > https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-1.4.2.pdf > > Section 6.1.2 > > On Wed, Mar 29, 2017 at 3:22 AM, okaphone.elektronika--- via > dev-security-policy <dev-security-policy@lists.mozilla.org> wrote: > > > Weird. > > > > I expect there are no requirements for a CA to keep other people's private > > keys safe. After all handling those is definitely not part of being a CA. > > ;-) > > > > CU Hans > > _______________________________________________ > > dev-security-policy mailing list > > dev-security-policy@lists.mozilla.org > > https://lists.mozilla.org/listinfo/dev-security-policy > > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy