Policy-Discussion

[Rasika Dayarathna <dayarathna AT gmail.com>]

Hi

what do you think about privacy of digital certificate? should it be in
a public domain. i.e. can anyone get my digital certificate or do i have
sole authority of distributing it

regards

rasika

Sven Anderson wrote:

> Jac Kersing, 12.01.2007 17:42:
>  
>
> > On Fri, 12 Jan 2007, Sven Anderson wrote:
> >
> >    
> >
> > > So here's my proposal: Why not make CAcert to a public space? All
> > > information in the CAcert databases is declared as public, who wants to be
> > > part of it, has to agree with that.
> > >      
> > As there are already several thousands users that did not get to choose 
> > when signing up, this should never happen. You could of course create a 
> > new certificate authority with this model.
> >    
>
> Of course you cannot just switch to it. But you could ask every user to
> klick on "make my data public".
>
>  
>
> > > I mean, what information does CAcert have about me anyway? My real name, 
> > > my email-address (both in my certificates and therefor public anyway), 
> > > and whom I gave and from whom I got how many assurance points and where.
> > >      
> > And your birthdate. Name and birthdate are very interesting for social 
> > engineers given that some companies use the combination for quick id
> > verification purposes on the phone (not wise, but that's another issue)
> >    
>
> Good point, why does CAcert collect the birthdate? As it doesn't apprear
> in the certificates, it is just an hidden feature for investigators? If it
> is not neccessary for the issued certificates, I would not store it, or do
> I miss something?
>
>
> Cheers,
>
> Sven
>
>  
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Have you subscribed to our RSS News Feed yet?
>
> CAcert-Policy mailing list
> CAcert-Policy AT lists.cacert.org
> http://lists.cacert.org/cgi-bin/mailman/listinfo/cacert-policy
>