On 02/06/17 12:29, Ryan Sleevi wrote:
> 2) "performing RA or DTP functions"
I'll go with that :-)
Gerv
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
I liked your previous version better, if it had to be updated.
It would sound like you're suggesting "Enterprise RA" accounts should not
use multi-factor authentication, but given that they're part of the scope
of audited activities (that the CA must directly oversee), the use of
multi-factor
On 01/06/17 13:59, Gervase Markham wrote:
> Perhaps this leads to the solution? We say:
>
> "enforce multi-factor authentication for all accounts capable of causing
> certificate issuance or performing RA or DTP functions as defined by the
> Baseline Requirements"
or "enforce multi-factor
On 01/06/17 14:22, Doug Beattie wrote:
> If this is the case, then in what cases do you see 2-factor auth being a
> requirement where it was not before?
Well, Mozilla policy didn't require that all RA accounts had
multi-factor, only those directly capable of causing certificate
issuance. Maybe
From: Ryan Sleevi [mailto:r...@sleevi.com]
Sent: Thursday, June 1, 2017 8:46 AM
To: Gervase Markham <g...@mozilla.org>
Cc: Doug Beattie <doug.beat...@globalsign.com>; mozilla-dev-security-policy
<mozilla-dev-security-pol...@lists.mozilla.org>
Subject: Re: Policy 2.5
On 01/06/17 13:45, Ryan Sleevi wrote:
> The reason why I don't think it's a valid reasoning is that if we accept
> that this provision in the policy could be read to cover such emails, then
> we're implicitly agreeing that the act of clicking that email is performing
> a validation function
On Thu, Jun 1, 2017 at 6:52 AM, Gervase Markham via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Hi Doug,
>
> On 01/06/17 10:54, Doug Beattie wrote:
> > Can you give some examples of validation functions that need to be
> enforced by multifactor authentication? There are
Hi Doug,
On 01/06/17 10:54, Doug Beattie wrote:
> Can you give some examples of validation functions that need to be enforced
> by multifactor authentication? There are some that I don't think can be done
> using multi-factor authentication, such as domain validation via email (the
> link to
@lists.mozilla.org
> Subject: Re: Policy 2.5 Proposal: Clarify requirement for multi-factor auth
> >
> > "enforce multi-factor authentication for all accounts capable of
> > directly causing certificate issuance"
> >
> > to
> >
> > "enforce m
On 19/05/17 13:18, Gervase Markham wrote:
> Ryan Sleevi suggested a wording clarification/policy extension to the
> multi-factor auth requirement, from:
>
> "enforce multi-factor authentication for all accounts capable of
> directly causing certificate issuance"
>
> to
>
> "enforce multi-factor
On 19/05/17 15:52, Carl Mehner wrote:
> Should we specify somewhere that multi-factor auth encompasses two
> _different_ factors and not simply multiple authenticators?
I appreciate your desire to cover all the angles, but I think the
standard definition of the term encompasses this.
I think
On Friday, May 19, 2017 at 7:19:27 AM UTC-5, Gervase Markham wrote:
> "enforce multi-factor authentication for all accounts capable of causing
> certificate issuance or performing validation functions"
Should we specify somewhere that multi-factor auth encompasses two _different_
factors and not
On 19/05/17 14:26, Kurt Roeckx wrote:
> I'm wondering why something like this should be in the Mozilla policy
> and not be part of something else that they get audited for.
Section 6.5.1 of the BRs states:
"The CA SHALL enforce multi‐factor authentication for all accounts
capable of directly
On 2017-05-19 14:18, Gervase Markham wrote:
Ryan Sleevi suggested a wording clarification/policy extension to the
multi-factor auth requirement, from:
"enforce multi-factor authentication for all accounts capable of
directly causing certificate issuance"
to
"enforce multi-factor
14 matches
Mail list logo
