> A policy allowing CAs to generate key pairs should also include provisions > for: > - The CA must generate the key in accordance with technical best practices > - While in possession of the private key, the CA must store it securely
Don't forget appropriate protection for the key while it is in transit. I'll look a bit closer at the use cases and see if I can come up with some reasonable suggestions. -Tim
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy