Policy-Discussion

[Philipp Gühring <pg AT futureware.at>]

Jac,

> I'm confused. 

Me too. Don´t worry, it usually only gets more confusing over time in the PKI 
world.

> According to your statement (above) binding server 
> certificates to an individual is not a good idea.

Usually, yes. I am sure there are good excpetions, though.

> Yet all organizational 
> certificates issues by CAcert seem to do this:
> ...
> Subject: C=NL, L=Groningen, O=The-Box Development,
> CN=<someserver>.the-box.com/emailAddress=j.kersing AT the-box.com

Server certificates? Or client certificates?

> As you might be able to imagine I would much rather use a generic e-mail
> address in the certificates, not my personal address. 

Ah, yes, I can see it. It can be changed by CAcert personnell, so if you 
contact support@ they can change it for you.
I think the internal admin interface is a bit confusing here, the field says 
"Contact Email", which gives the impression that it´s an internal email 
address for CAcert to contact someone from that organisation, it doesn´t look 
much like it would go into the certificate. 
I guess that we could (/should?) even leave the field empty.
So I guess that´s the reason why CAcert staff fills out the field with 
personal addresses.
(Just likey many people fill their personal name into the field CommonName 
when they want a server certificate, or many people fill in their company 
name into the Suffix field. A lot of people haven´t heard the word Suffix 
before, and don´t know what it means ...)

> However, I have not 
> found a way to change this. My mistake or is it not possible?

Please contact support@ . They will happily change it for you!

Ah, I just saw that Guillaume was faster, replying. Good, he agrees that it 
can be easily changed!

Best regards,
Philipp Gühring