Hi Doug, On 01/06/17 10:54, Doug Beattie wrote: > Can you give some examples of validation functions that need to be enforced > by multifactor authentication? There are some that I don't think can be done > using multi-factor authentication, such as domain validation via email (the > link to confirm the domain can't be protected by multi-factor auth).
This is a good point; I think we've been unclear here. The aim was to target CA or RA employees sitting at computers and logging in to perform validation functions such as entering data. It wasn't designed to require email domain validation link-clicking to be multi-factor, or for that matter to require someone logging into their account with their CA to say "please re-issue my certificate for this already-validated domain" to require multi-factor. Does anyone have suggestions as to how we can word this provision to make this distinction? Gerv _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
