Policy-Discussion

[Ian G <iang AT systemics.com>]

mfolimun AT elitemail.org
 wrote:

> It would seem the ability to create subdomains, post webpages, and
> answer root/postmaster's email should conclusively demonstrate domain
> ownership, especially since the whois information has nothing to do
> with my real identity anyways. So I don't understand why someone needs
> to see government issued ID for me to be trusted to have an ssl cert
> for 2 years as opposed to 6 months, especially given that it would
> seem I can just keep requesting new certs every 6 months forever
> without providing any ID. 


So your actual request is more to do with figuring out why 
anonymous certificates are issued only for 6 months?

Curiously, the CPS does not say.  Section 6.3.2 of the draft 
 just has a pretty green question asking exactly that

http://www2.futureware.at/svn/sourcerer/CAcert/policy.htm#p6.3

================
6.3.2. Certificate operational periods and key pair usage 
periods

How long is it?

No stipulation.
================

Does anyone know why this is?  Indeed, why are named certs 
in the class 3 root good for 2 years?  Why not 3 years?

(No stipulation means that the CA has decided not to 
standardise this issue in the CPS.  This might be a 
reflection on the arbitrariness of 2 years versus 6 months, 
or might not...)


iang