Policy-Discussion

[Iang <iang AT iang.org>]

Sebastian Kueppers wrote:
> Hi!
>
> Evaldo: Thank your for starting this discussion, I'm begging for such a
> policy for about a year now...


Yes, the CPS also begs...  Hmmm, it says:

3.1.4. Rules for interpreting various name forms

Names are administered by means of the User's account. The 
rules themselves may be varied on short notice by CAcert as 
fraud such as phishing is moving too quickly for 'policy' 
documents.

http://svn.cacert.org/CAcert/policy.htm#p3.1


> > Another one not so uncommon around here:
> > - People changing their last name after marriage
>
> I think that is a minor problem, because (at least in germany) you'll
> get an official certificate stating the change of name.


OK, so the assurer can work with it.  Is the system set up 
to support that change?


> If there are still issues with CAcert certificates and UTF-8 I think we
> should (better: we have to) provide a possibility to avoid these issues.
> Either by making the certificates working with UTF-8 or by allowing
> transliteration of problematic characters.


Hmm.  Good point.  OK, so what does the system do if your 
name includes an umlaut?


> > For example one thing I always considered ok was the german "eszet" (�)
> > character which is represented in ID cards as SZ, since ID cards only
> > use capital chars. But of course the name might have been czech or
> > hungarian where "sz" is a not so uncommon combination...
>
> Another problem are the Certificates itself. If I remember correctly
> there have been some issues about UTF-8 and X.509 certificates...
> And if we allow substitution of loacal special chars into some
> ASCII-counterpart we would need a comprehensive list of allowed
> substitutions.


Yes, ok so potentially we have:

User's Name(s) ==> CAcert-assigned Name(s) ==> x.509 Name(s)



iang