[cabf_netsec] NCSSR Section 2.g.ii
Ben Wilson
benwilsonusa at gmail.com
Mon Mar 23 13:14:06 MST 2020
Aren't the two sentences in 2.g.ii. contradictory? The first sentence says
that MFA is required for Secure Zone / High Security Zone, and the second
sentence says that passwords must be at least 8 characters, etc.
See
https://cabforum.org/2018/08/16/ballot-sc3-two-factor-authentication-and-password-improvements/
ii. For authentications which cross a zone boundary into a Secure Zone
or High Security Zone, require Multi-Factor Authentication. For accounts
accessible from outside a Secure Zone or High Security Zone require
passwords that have at least eight (8) characters and are not be one of the
user's previous four (4) passwords; and implement account lockout for
failed access attempts in accordance with subsection k;
Could it be reworded as follows?
ii. For authentications from outside the CA's network, require
Multi-Factor Authentication and implement account lockout for failed access
attempts in accordance with subsection k;
Ben
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/netsec/attachments/20200323/ce6249d4/attachment.html>
More information about the Netsec
mailing list