CA/Forbidden or Problematic Practices: Difference between revisions

Jump to navigation Jump to search

CA/Forbidden or Problematic Practices (view source)

Revision as of 16:00, 6 December 2017

11 bytes removed ,  6 December 2017
Remove misleading word
(Split into Forbidden and Problematic)
(Remove misleading word)
Line 25: Line 25:
* The distribution channels used (e.g. unencrypted email) may not be adequately secured.
* The distribution channels used (e.g. unencrypted email) may not be adequately secured.


CAs must never generate the key pairs for signer or SSL certificates. CAs may only generate the key pairs for SMIME encryption certificates. Distribution or transfer of certificates in PKCS#12 form through unsecure electronic channels is not allowed. If a PKCS#12 file is distributed via a physical data storage device, then:
CAs must never generate the key pairs for signer or SSL certificates. CAs may only generate the key pairs for SMIME certificates. Distribution or transfer of certificates in PKCS#12 form through unsecure electronic channels is not allowed. If a PKCS#12 file is distributed via a physical data storage device, then:


* The storage must be packaged in a way that the opening of the package causes irrecoverable physical damage. (e.g. a security seal)
* The storage must be packaged in a way that the opening of the package causes irrecoverable physical damage. (e.g. a security seal)
Gerv
Account confirmers, Anti-spam team, Confirmed users, Bureaucrats and Sysops emeriti
4,925

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/1185426"

Navigation menu