[Servercert-wg] [cabfpub] Ballot SC3: Improvements to Network Security Guidelines

Geoff Keating geoffk at apple.com
Fri Jul 20 14:26:07 MST 2018

> On 20 Jul 2018, at 1:41 pm, Mike Reilly (GRC) via Public <public at cabforum.org> wrote:
> Hi Tim S.  What the last point I made about the use of Just In Time (JIT) admin where all CA access is done with a session password that is deleted when the session ends. So we literally have passwords that last minutes. Once the session ends the password is useless.  That would be a CA policy requiring the password to change based on it’s age, which would be measured in minutes.  Thanks, Mike

That wouldn’t be a ‘periodic’ change, because the password isn’t changed, it’s deleted, and because it only happens once.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20180720/1bf23f83/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3375 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20180720/1bf23f83/attachment.p7s>

More information about the Servercert-wg mailing list