On 01/06/17 13:59, Gervase Markham wrote: > Perhaps this leads to the solution? We say: > > "enforce multi-factor authentication for all accounts capable of causing > certificate issuance or performing RA or DTP functions as defined by the > Baseline Requirements"
or "enforce multi-factor authentication for all accounts capable of either causing certificate issuance or performing validation functions, for certificates containing domains not owned or controlled by the account holder" Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy