CAcert Code Development list.

[Mario Lipinski <mario AT cacert.org>]

Am 15.03.10 17:59, schrieb Ian G:
> If we then move to the Orga Admin context, the member is the Org.  In
> which case the Org has many private keys which it gives out to its
> employees (who are not members).  So in this case, the Org is primarily
> responsible for the usage of those keys ... just like the Org is
> primarily responsible for the usage of the office computers or the
> corporate seal for purchasing stuff.

So it should be up to the organisation. If orgs like to backup/store all 
keys, they should. If they want only their employees to know the private 
part, it should be also fine for us.

> In that context it might be reasonable to have the Org pre-create all
> the keys and then provision them into browsers.  Indeed it might be
> reasonable to suggest that the employees must not create their keys,
> because they are not "us" !  But maybe we don't need to go that far if
> it is clear that the Org is the responsible entity.

We sign certificates, not private keys. So management of the private 
keys should be up to the organisation.

--
Mit freundlichen Grüßen / Best regards

Mario Lipinski
Board member,                       E-Mail: 
mario AT cacert.org
Organisation Assurer (Germany),     Internet: http://www.cacert.org
Wiki/Issue admin
CAcert

Support CAcert: http://www.cacert.org/index.php?id=13
                http://wiki.cacert.org/wiki/HelpingCAcert

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature