Policy-Discussion

[Sven Anderson <sven AT anderson.de>]

Hi,

Philipp Gühring, 22.02.2007 18:43:
> We want to provide the best quality possible certificates. And we want
> to be able to provide legally binding certificates as soon as secure
> enough environments exist that justify their usage. But due to the
> current situation, we do not want to claim that digital signatures
> which are made with certificates are secure and can be unrestrictedly
> relied upon. We want to be able to issue certificates that can be used
> for legally binding signatures (we have to differentiate between
> certificates and signatures that are made with them, I would say), as
> soon as secure methods exist to use the certificates, and we don´t want
> to have to change all procedures then to be able to do that. So we want
> to be prepared for it now, and do the best possible quality.

The "best quality" is sellers-talk to me, as I have no idea what it means.
But if we build up the WoT because we:
 - "want to be able to provide legally binding certificates as soon as
secure enough environments exist that justify their usage"
and
 - "don´t want to have to change all procedures then to be able to do that"
it clearly follows that we should _not_ accept assurances from minors, as
I have strong doubts, that a court would accept certificates based on
assurances done by minors.

Of course you can say "courts are not important, we just offer
certificates which have only value inside of the CAcert arbitration
system", then assurances by minors are ok. It just depends on what goal
you choose.

>>> Anything else would create a false impression of security, which we
>>>  cannot represent.
> 
>> Following that argument we _don't_ want to be included in the
>> browsers. ;-)
> 
> Browsers are something different, they aren´t there for high security
> or legal reliance. Browsers are for surfing the internet.

These two things don't exclude each other.

>> _If_ one of the goals of the assurance WoT is to be legally binding,
>> the assurances by youths _is_ a threat for this goal.
> 
> I would see that as a very long-term goal, und unlikely to be reachable
> in the forseeable future due to environmental issues.

But you just wrote:
> we don't want to have to change all procedures then
> to be able to do that. So we want to be prepared for it now


Cheers,

Sven

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature