CA/Forbidden or Problematic Practices: Difference between revisions

Jump to navigation Jump to search

CA/Forbidden or Problematic Practices (view source)

Revision as of 18:15, 28 March 2011

2 bytes removed ,  28 March 2011
m
→‎Distributing generated private keys in PKCS#12 files
Line 56: Line 56:
* The distribution channels used (e.g. unencrypted email) may not be adequately secured.
* The distribution channels used (e.g. unencrypted email) may not be adequately secured.


CAs must never generate the key pairs for for signer or SSL certificates. CAs may only generate the key pairs for SMIME encryption certificates. Distribution or transfer of certificates in PKCS#12 form through unsecure electronic channels is not allowed. If a PKCS#12 file is distributed via a physical data storage device, then
CAs must never generate the key pairs for signer or SSL certificates. CAs may only generate the key pairs for SMIME encryption certificates. Distribution or transfer of certificates in PKCS#12 form through unsecure electronic channels is not allowed. If a PKCS#12 file is distributed via a physical data storage device, then
* The storage must be packaged in a way that the opening of the package causes irrecoverable physical damage. (security seal, ...)
* The storage must be packaged in a way that the opening of the package causes irrecoverable physical damage. (e.g. a security seal)
* The PKCS#12 file must have a sufficiently secure password, and the password must not be transferred together with the storage.
* The PKCS#12 file must have a sufficiently secure password, and the password must not be transferred together with the storage.


Kathleen Wilson
Confirmed users, Administrators
5,526

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/294329"

Navigation menu