CAcert Code Development list.

[Ian G <iang AT cacert.org>]

On 17/03/2010 10:42, Dieter Hennig wrote:
> Dear all,
>
> hm, as long as English is not our official country language, not all
> laws  exist in this language. This is the main reason, that "ETH Zürich"
> apears as "ETZ Zuerich"  and not as "ETH Zurich", because we found no
> official law text in English, which showed the short abbreviation for
> "Swiss Federal Intitut of Technology Zurich" (Eidgenössische Technische
> Hochschule Zürich) nevertheless we know, that English speakers have some
> trouble with "Umlaute". So we try it with some transliteration, like we
> would tranlitate Russian or Chinese language. (And this is a matter of
> change over the time, at least for me.)
>
> Ian G schrieb am 17.03.2010 00:03:
> > But to resolve this issue, can someone post the English version of the
> > digsig law for Switzerland, so we can read it and compare it to the
> > others?  Also, any other laws that might speak to the issue of keys.
>
>
> I will look for that, but what we will do, if it is not existing?

If it is the Dig Sig directive, translated into Swiss law, then it 
should exist in English because the Dig Sig directive is deliberately a 
cross-euro-land directive.  For example, a QC issued in one dig-sig 
country must be recognised fully by another country, /even if it breaks 
the rules of the second country/ which has caused some strange effects 
when the Germans got a bit too enthusiastic.

Hence, if it is not in English, it should be, because the Greeks & 
Portuguese & Icelanders aren't going to be wanting it in German so as to 
check its compatibility.

If not in English, then we could always translate it, depending on how 
long it is.  Or a simpler test is this:  does it implement the EU 
directive faithfully?  If so, there is no problem, it applies zero 
controls over CAcert, because CAcert implements "advanced signatures" 
not "qualified certificates."

(I just looked, I found the German one, and it definately follows the 
lines of the directive.  I couldn't find the English one though, as they 
seem to index in German :) )


> > > In other countries and for other organization members the situation
> > > would be another, please give them the choice as Mathieu suggested.
> >
> >
> > So far, I do not think either choice is ruled out necessarily.  The
> > problem I see is that there is no policy backing.
>
> Can we substitute in this case the policy by freedom? At least, the
> English tradition of laws prediction seems me near to it.


I'm not sure what you are saying here ... what I am saying is that we 
need to establish our policy for CAcert's Org use.  So far, I see 
nothing that directly contradicts either proposal (org generates keys, 
individual generates keys).  So once it is written into a policy of some 
form, then it should be ok.

So, while it may be useful to proceed on a patch, especially as a 
thought experiment, if the patch is not supported by any policy, the 
patch should not be approved by the software assessors.  So take this 
opportunity to advance the policy at the same time.



iang

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature