Subject: Policy-Discussion
List archive
- From: Ian G <iang AT systemics.com>
- To: Policy-Discussion <cacert-policy AT lists.cacert.org>
- Subject: Re: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification
- Date: Tue, 21 Feb 2006 13:53:14 +0100
- List-archive: <http://lists.cacert.org/cgi-bin/mailman/private/cacert-policy>
- List-id: Policy-Discussion <cacert-policy.lists.cacert.org>
- Organization: http://financialcryptography.com/
Lambert.Hofstra AT ins.com
wrote:
Before going into further detail on how to create technical solutions to
solve all these interesting challenges, we (CAcert) probably first have
to decide whether CAcert will require some kind of dual control, or is
happy with changes being made a single individual without formal
approval or audit by another person.
So, who feels that it is acceptable for a single individual to "have the
keys to the vault"?
Do we need dual control on critical infrastructure elements and key
access?
Well, anything's possible! The Internet ran with one
guy dishing out the numbers and TLDs for decades :)
As a principle of auditing, though, this is a non-starter.
No audit will accept a single individual being in control
of even the tea money. A basic principle of governance
is "separation of control."
iang
- Re: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, (continued)
- Re: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Kyle Hamilton, 02/21/2006
- Re: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Duane, 02/21/2006
- Re: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Philipp Gühring, 02/21/2006
- Re: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Ian G, 02/21/2006
- Re: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Philipp Gühring, 02/21/2006
- Re: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Duane, 02/21/2006
- RE: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Lambert.Hofstra, 02/20/2006
- RE: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Lambert.Hofstra, 02/20/2006
- RE: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Lambert.Hofstra, 02/20/2006
- RE: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Lambert.Hofstra, 02/20/2006
- Re: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Kyle Hamilton, 02/20/2006
- RE: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Lambert.Hofstra, 02/20/2006
- Re: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Ian G, 02/21/2006
- RE: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Lambert.Hofstra, 02/20/2006
- Re: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Ian G, 02/21/2006
- RE: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Lambert.Hofstra, 02/20/2006
- Re: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Duane, 02/20/2006
- RE: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Lambert.Hofstra, 02/21/2006
- Re: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Philipp Gühring, 02/21/2006
- RE: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Lambert.Hofstra, 02/21/2006
- RE: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Lambert.Hofstra, 02/21/2006
- Re: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Philipp Gühring, 02/23/2006
- Re: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Peter Williams, 02/23/2006
- Re: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Philipp Gühring, 02/23/2006
- Re: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Kyle Hamilton, 02/21/2006
Archive powered by MHonArc 2.6.16.