Subject: Deutschsprachige CAcert Support Liste
- From: Ian G <iang AT cacert.org>
- To: cacert AT lists.cacert.org
- Cc: Dominik George <dominik.george AT cacert.org>, cacert-de AT lists.cacert.org
- Subject: Talking about CAs
- Date: Sat, 20 Mar 2010 11:53:11 +1100
- Authentication-results: lists.cacert.org; dkim=pass (1024-bit key) header.i= AT cacert.org; dkim-asp=none
On 19/03/2010 18:27, Dominik George wrote:
a few days ago, I stated that S... was generating private keys
server-side. This news was published by Heise and not verified well enough
by me (however, it looked as though they did it, because that stupid WebKit
browser which must not be named did not look like being busy).
Dominik, it's really not good to comment on the activities of other CAs. Especially to the press. You have to be very careful. It is best not to name the CA, and it is best to talk in terms of features that we have.
For example, you could say that we have an ability to deal with failures of reliance by members that is documented and reasonable; you could say that other CAs have less capability in this area. Mention no names ;)
Talking about whether one CA does something or other with its keys is really too far. Specifically, the CPS of that CA may permit it, and unless you're an expert in that, you won't be able to prove your point. Secondly, it doesn't matter at all in the big picture what they are doing, only what we do matters. Thirdly, and following on from the earlier points, the other CA is in a much better position to make you look like you're wrong and just spreading poison.
For this reason, we don't mention the other CAs much in doco or on the maillists or elsewhere. If we allude to them for practical reasons, we have to be very careful to be neutral about them.
You will notice that all professional CAs work this way. They never mention the competition. It's been that way in professional IT since IBM trod that path in the 1970s.
PS: we should probably add this to the Communications guidelines.
Description: S/MIME Cryptographic Signature
- Lie about StartSSL, Dominik George, 03/19/2010
Archive powered by MHonArc 2.6.16.