Subject: Policy-Discussion
List archive
- From: SK <sk.list AT gmail.com>
- To: pg AT futureware.at
- Cc: Policy-Discussion <cacert-policy AT lists.cacert.org>
- Subject: Re: [CAcert-Policy] Want to help
- Date: Tue, 8 Mar 2005 14:45:58 +0100
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=SMgMqQfIcW3COJg8mxRAP6w1jF8xxXkLjHF0ZAyxVvnPRiYZRkd7MeMPN4Claah60+JFIZxzJgH7CVSU3GUCOEabRGQFNmEvyRHMQj0G0lmOxY7DLD8YC/D5J76aHOKGAGZtdzdj8YW6bl8hIeKTULsCslZKkbcun9F4yPOguK4=
- List-archive: <http://lists.cacert.org/cgi-bin/mailman/private/cacert-policy>
- List-id: Policy-Discussion <cacert-policy.lists.cacert.org>
> > section 3.2.5 - Do we support ping to email address in the whois
> > database?
>
> Yes.
>
> > As far as I know, we do not. Even if we plan to support that
> > feature, we still neeed to decide which email address to honor.
>
> Just try it out, login -> Domains -> Add Domain -> yourdomain.com
> Then you will see the email addresses you can choose from.
Well I just tried using "mydomain.com" as domain name (mydomain = a
domain I control, using a nick in this email) and I was presented with
these choices for email ping:
root AT mydomain.com
hostmaster AT mydomain.com
postmaster AT mydomain.com
admin AT mydomain.com
webmaster AT mydomain.com
None of these include the email address I used in the whois. So I
don't think CACert queries whois db as of now.
> > Billing as well as technical address may not be the actual owner of a
> > domain.
>
> Well, everyone who is in the whois database, is somehow administratively
> responsible for the domain.
I agree, but of all the three contacts I really think the billing
contact is very different from the other two in terms of actual
administration (especially for organisations and institutions).
> > section 5.2 - Even though the "identity Verification Form" has the
> > space to specify two photoID, there is *nothing* in the form that
> > specifies that two IDs are a requirement for verification. I
> > personally know of several people who have verified people based on
> > single ID!
>
> You need minimum 1 Photo ID, but you can also use several IDs. Since paper
> is
> a limited ressource, the author decided to put only two fields on it.
> The Assurer has to decide himself, whether he trusts the person, or he wants
> more than the minimum evidence, and how many points he will give for it.
If the absolute minimum is 1 photoID (i.e if I can certify a person
after seeing his passport alone and still be obeying CACert's polciy),
then it sentence in section 5.2 should read
"the person issuing the trust points must see atleast one form of
photo ID that is issued by a government body. Acceptable forms of ID
include passports, drivers licenses national ID cards".
> > section 6.1.5 - what about the specs of the CA's root cert? Shouldn't
> > this be mentioned?
>
> Could you send me the details?
The OpenPGP key of CACert is 1024 (DSA).
X.509 - I am not sure, most probably 1024 again.
Rgds,
SK
- [CAcert-Policy] Want to help, SK, 03/02/2005
- Re: [CAcert-Policy] Want to help, Philipp Gühring, 03/02/2005
- Re: [CAcert-Policy] Want to help, SK, 03/02/2005
- Message not available
- Fwd: [CAcert-Policy] Want to help, SK, 03/07/2005
- Message not available
- Re: [CAcert-Policy] Want to help, Philipp Gühring, 03/08/2005
- Re: [CAcert-Policy] Want to help, SK, 03/08/2005
- Re: [CAcert-Policy] Want to help, Philipp Gühring, 03/08/2005
- Re: [CAcert-Policy] Want to help, Philipp Gühring, 03/02/2005
Archive powered by MHonArc 2.6.16.