Skip to Content.
Sympa Menu

cacert-policy - Re: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification

Subject: Policy-Discussion

List archive

Re: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification


Chronological Thread 
  • From: Ian G <iang AT systemics.com>
  • To: Policy-Discussion <cacert-policy AT lists.cacert.org>
  • Subject: Re: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification
  • Date: Tue, 21 Feb 2006 13:53:14 +0100
  • List-archive: <http://lists.cacert.org/cgi-bin/mailman/private/cacert-policy>
  • List-id: Policy-Discussion <cacert-policy.lists.cacert.org>
  • Organization: http://financialcryptography.com/

Lambert.Hofstra AT ins.com
 wrote:

Before going into further detail on how to create technical solutions to
solve all these interesting challenges, we (CAcert) probably first have
to decide whether CAcert will require some kind of dual control, or is
happy with changes being made a single individual without formal
approval or audit by another person.

So, who feels that it is acceptable for a single individual to "have the
keys to the vault"?
Do we need dual control on critical infrastructure elements and key
access?


Well, anything's possible!  The Internet ran with one
guy dishing out the numbers and TLDs for decades :)

As a principle of auditing, though, this is a non-starter.

No audit will accept a single individual being in control
of even the tea money.  A basic principle of governance
is "separation of control."

iang




Archive powered by MHonArc 2.6.16.

Top of Page