Policy-Discussion

[Jac Kersing <j.kersing AT the-box.com>]

On Tue, 20 Feb 2007, Jens Paul wrote:

> If we can make sure that those assurances are supervised ...

By definition we can as we're defining what is acceptable and what isn't.

> Seems that no one is joining in :-)

May-be we need a little more time to consider things?? ;-)

> >  There are now 4 options:
> >
> >  1.  Have a Guardian sign a Youth Assurer into the system, and Guardian 
> >  picks up the residual liability not attributable to the Youth Assurer.
>
> I don't think we find anyone taking all the liabillity for a stranger on his 
> shoulders ...

There might be some, however I don't think this will be a large group. 
Would it be hard to implement this technically? (And in the rules?) If not 
hard to implement, why not allow it? (For the paranoid, one adult might 
accept the liabillity for a lot of youths, now he orders/bribes all of 
them to assure a couple of his mates and those mates start spamming the 
world with links to phishing sites secured with CAcert certs)

> >  2.  Have a Supervising Assurer add a countersignature on every assurance 
> >  done by the Youth Assurer.
>
> I like this idea, but is it possible and controlable?

> From a policy point of view I like this option best. Technically this 
might be (a bit) harder to implement. Is the supervising assurer allowed 
to assure the person as well? (That might make it more actractive for the 
person to be assured) And is an supervising assurer allowed to supervise 
for multiple youths for someone seeking assurance? (That opens the door 
for another paranoid abuse case)

> >  3.  The null option -- we leave the system as is, with Youth Assurers 
> >  limited to 10 points, and that's it.
>
> Than we keep all those problems. Big NO from me-

NO +1

> >  4.  The zero option -- turn off all Youth Assurance.
>
> I don't like loosing all those youth assurers, but I think it is the only way 
> we could handle that issue.

I think option 2 shows promise.

> So for example I use CAcert certs to strenghten the evidence of my mails. But 
> if this cert was assured by a youth assurer will it be still called 
> "trustworthy" by a court? If not, while I expected a strenghtened evidence I 
> got a weakened one. So as a "user" of CAcert certs I need to check the age of 
> the assurers to decide wheter my certs are good or not to strengthen an 
> evidence. Tough decission then.

If one needs to check the assurance path in order to find the level of 
convidence the certs signed by that CA are doomed in my book. Joe 
*average* User will not be able to do so and I honestly won't be inclined 
to do so even if I could. I simply would assign a very low trust value to 
all certs from that CA.

> Or the other example was that a bunch of criminals hire some youth (which 
> cannot made liable as we assume) to issue fake certs which they for example 
> use with spam mails (especially nice when we are in the browsers) or anything 
> else. As soon as we know we can block those certs and the yout assurers, but 
> "seconds" later they hire the next youth. So my main point was that this 
> could lead to a point which makes CAcert certs totally useless.

A youth does not have to be an assurer to get fake certs. So are we going 
to have to stop issuing certs to legal minors as well? Consider three 
assurers going to a collega and assuring everyone for some perfectly legal 
purpose (like client certs to access a website.) Now someone with less 
honest intentions offers a significant number of those assured $$$ for a 
certificate. Are we going to revoke the assurances for everyone those 
three assurers have assured?

> Than we should work together. I know a lot of youth you can pas that 
> test and after that giving them 50? they are willing to issue whatever 
> cert I like ....

They're only able to assure you. Not issue any certs.


Best regards,

Jac

---
 Jac Kersing            Technical Consultant   The-Box Development
 
j.kersing AT the-box.com
         CISSP           http://www.the-box.com