On Fri, Mar 05, 2021 at 08:46:26AM -0800, Bruce via dev-security-policy wrote:
> At the beginning, I think that CAs will generate one or many keys, but
> will not assign them to CAs. The gap period could be days to years.
> Since the requirement says "from the time of CA key pair generation", do
On Thursday, February 25, 2021 at 2:30:52 PM UTC-5, bwi...@mozilla.com wrote:
> I haven't seen any response to my question about whether there is still a
> concern over the language "as evidenced by a Qualified Auditor's key
> destruction report".
> I did add "This cradle-to-grave audit
2 matches
Mail list logo