Re: "multiple perspective validations" - AW: Regional BGP hijack of Amazon DNS infrastructure

On Thu, Apr 26, 2018 at 6:59 AM, Ryan Hurst via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > On Thursday, April 26, 2018 at 11:45:15 AM UTC, Tim Hollebeek wrote: > > > > which is why in the near future we can hopefully use RDAP over TLS > > > > (RFC > > > > 7481) instead o

Re: Policy 2.6 Proposal: Add prohibition on CA key generation to policy

On Fri, Apr 27, 2018 at 6:40 AM, Enrico Entschew via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > I suggest to make the requirement „* The PKCS#12 file must have a > sufficiently secure password, and the password must be transferred via a > separate channel than the PKCS#1

Re: Policy 2.6 Proposal: Add prohibition on CA key generation to policy

I suggest to make the requirement „* The PKCS#12 file must have a sufficiently secure password, and the password must be transferred via a separate channel than the PKCS#12 file.” binding for both transfer methods and not be limited to physical data storage. Otherwise I agree with this proposal.