Frank Hecker wrote: > Eddy Nigg wrote: <snip> >> Not sure what GlobalSign deems as a secure manner to provide PKCS12 >> files (including private keys) mentioned in 1.9.6.9 of their CPS. > > I'll ask about this issue.
My apologies, I forgot to post what I found out. Briefly, GlobalSign is not currently doing this; the CPS language is there against the future possibility. I made them aware of our general concerns about CA generation and distribution of subscriber private keys (including pointing them to the relevant discussion threads, etc.). They are working with their auditors to come up with a mechanism that passes muster in terms of security. The bottom line is that I don't see this as an issue affecting the requests, given that a) no key generation and distribution is being done at present and b) at this time I have no reason to believe that GlobalSign might do this in an insecure manner. Frank -- Frank Hecker [EMAIL PROTECTED] _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto