[cabf_netsec] [EXTERNAL]Re: Offline Roots

Dimitris Zacharopoulos jimmy at it.auth.gr
Fri Jul 7 02:26:19 MST 2017

On 6/7/2017 7:36 μμ, Peter Bowen via Netsec wrote:
> What about changing 2(m) to “multi-factor or multi-party 
> authentication”?  This would allow offline systems to use HSM controls 
> to meet the requirement.

"Multi-factor" authentication is currently not defined in the document 
(it would be nice to add it). Usually, the different factors are 
"something you know", "something you have", "something you are" so you 
need a combination of these to achieve "multi-factor". Adding 
"multi-party" authentication makes sense but we would probably need to 
also define it.

So, to better understand the suggestion, for 2(m) we would need either 
"multi-factor authentication by a single person" OR "single-factor 
authentication by multiple persons". Is that right?


More information about the Netsec mailing list