[cabf_netsec] [EXTERNAL]Re: Offline Roots
jimmy at it.auth.gr
Fri Jul 7 02:26:19 MST 2017
On 6/7/2017 7:36 μμ, Peter Bowen via Netsec wrote:
> What about changing 2(m) to “multi-factor or multi-party
> authentication”? This would allow offline systems to use HSM controls
> to meet the requirement.
"Multi-factor" authentication is currently not defined in the document
(it would be nice to add it). Usually, the different factors are
"something you know", "something you have", "something you are" so you
need a combination of these to achieve "multi-factor". Adding
"multi-party" authentication makes sense but we would probably need to
also define it.
So, to better understand the suggestion, for 2(m) we would need either
"multi-factor authentication by a single person" OR "single-factor
authentication by multiple persons". Is that right?
More information about the Netsec