[cabfpub] [Servercert-wg] Ballot SC3: Improvements to Network Security Guidelines
Geoff Keating
geoffk at apple.com
Fri Jul 20 21:26:07 UTC 2018
> On 20 Jul 2018, at 1:41 pm, Mike Reilly (GRC) via Public <public at cabforum.org> wrote:
>
> Hi Tim S. What the last point I made about the use of Just In Time (JIT) admin where all CA access is done with a session password that is deleted when the session ends. So we literally have passwords that last minutes. Once the session ends the password is useless. That would be a CA policy requiring the password to change based on it’s age, which would be measured in minutes. Thanks, Mike
That wouldn’t be a ‘periodic’ change, because the password isn’t changed, it’s deleted, and because it only happens once.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20180720/1bf23f83/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3375 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20180720/1bf23f83/attachment-0003.p7s>
More information about the Public
mailing list