On 19/05/17 15:52, Carl Mehner wrote: > Should we specify somewhere that multi-factor auth encompasses two > _different_ factors and not simply multiple authenticators?
I appreciate your desire to cover all the angles, but I think the standard definition of the term encompasses this. I think that if there was a problem, and a CA said "we have multi-factor authentication - two passwords", the resulting hilarity and shame would be... extensive. And recall, Mozilla has full discretion over who we include, so rules-lawyering is ineffective and, in fact, counter-productive. Gerv _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
