On Thu, Apr 2, 2015 at 7:34 AM, Phillip Hallam-Baker <ph...@hallambaker.com> wrote: > Further no private key should ever be in a network accessible device > unless the following apply: > > 1) There is a path length constraint that limits issue to EE certs. > 2) It is an end entity certificate. > > Perhaps we should take this to the IETF right key list.
I suggested this in another mail in this group a few days ago and Gerv had some reasonable comments on why this might not make sense. I would suggest separating this discussion from the CNNIC discussion. Thanks, Peter _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy