Policy-Discussion

[Ian Grigg <iang AT systemics.com>]

On Wednesday 20 July 2005 20:55, Philipp Gühring wrote:
> Hi,
> 
> > > However I was able to change my name on the website until I got 100
> > > points.
> 
> Problem is already fixed. I had already changed the Assurer Handbook that 
> it 
> states 50 points, because I thought it might be changed to that. But I will 
> change it now to reflect the new policy. Thanks for pointing it out.
> 
> > Which sort of implies that the name does not leave
> > the organisation, therefore the name is an internal
> > datum only?
> 
> No, the user can decide, whether he wants an anonymous certificate (without 
> the name), or a personal certificate (with the name in it).
> 
> > Is there any document that describes this?  I'm new
> > to CACert dox so would appreciate a pointer to this.
> 
> I am not sure, whether that specifically is documented somewhere explicitly 
> yet.
> Does the sourcecode count for you as documentation? ;-)
> 
> Could you try to rephrase the question you want answered more specifically?


CACert is collecting a lot of information on people.
That information becomes a bit of a datamine when
there is enough of it.  What system or policy is in
place to protect the information?

There is a reason you are collecting all this information.
Why is that?  What is the reason you have to have my
name and my dob on file?

We can answer this question by looking at when you
would use this information.  There must be some use
intended for the information, otherwise it would not be
kept.

So let's say something goes wrong.  And the files get
dragged out.  What is it that would "go wrong" and
cause the files to be dragged out?  What are these
use cases, and how are they controlled?

iang
-- 
Advances in Financial Cryptography, Issue 2:
   https://www.financialcryptography.com/mt/archives/000498.html
Mark Stiegler, An Introduction to Petname Systems
Nick Szabo, Scarce Objects
Ian Grigg, Triple Entry Accounting