RE: Policy 2.5 Proposal: Clarify requirement for multi-factor auth

[Doug Beattie via dev-security-policy]

> -----Original Message-----
> From: dev-security-policy [mailto:dev-security-policy-
> bounces+doug.beattie=globalsign....@lists.mozilla.org] On Behalf Of Gervase
> Markham via dev-security-policy
> Sent: Wednesday, May 31, 2017 7:24 AM
> To: mozilla-dev-security-pol...@lists.mozilla.org
> Subject: Re: Policy 2.5 Proposal: Clarify requirement for multi-factor auth
> >
> > "enforce multi-factor authentication for all accounts capable of
> > directly causing certificate issuance"
> >
> > to
> >
> > "enforce multi-factor authentication for all accounts capable of
> > causing certificate issuance or performing validation functions"

Can you give some examples of validation functions that need to be enforced by 
multifactor authentication?  There are some that I don't think can be done 
using multi-factor authentication, such as domain validation via email (the 
link to confirm the domain can't be protected by multi-factor auth).


> Implemented as specced.
> 
> Gerv
> 
> _______________________________________________
> dev-security-policy mailing list
> dev-security-policy@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-security-policy
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy