Subject: Policy-Discussion
List archive
- From: Iang <iang AT iang.org>
- To: Policy-Discussion <cacert-policy AT lists.cacert.org>
- Subject: Re: [CAcert-Policy] Policy about code signing certificate
- Date: Mon, 17 Dec 2007 15:59:27 +0100
- List-archive: <https://lists.cacert.org/cgi-bin/mailman/private/cacert-policy>
- List-id: Policy-Discussion <cacert-policy.lists.cacert.org>
Lambert.Hofstra AT ins.com
wrote:
Let's say that we agree with that principle, and CAcert is out of the
picture.
Do we also say that the end-user also is never to be held responsible?
Or do we say that the end-user *is* to be held responsible?
Define "end user": is this
a) the owner of the CSC?
b) the person running the code?
c) someone else?
Above, I meant the NRP, the poor sod who's computer just got trashed, or worse, bank account raided.
That is, there are these parties:
a. code author
b. code distributor
c. CAcert
d. Assurer(s)
e. Browser vendor
f. end-user / NRP
g. attacker
For now. The question for the moment is to allocate the Risks, liabilities and obligations amongst that set.
Please sum the numbers to 100% :)
(all rest in your email, ok.)
iang
PS: darn it, my computer is installing an unsigned quicktime bug fix... restart required.
- Re: [CAcert-Policy] Proposal to stop issuing code signing certificates, (continued)
- Re: [CAcert-Policy] Proposal to stop issuing code signing certificates, Bernhard Froehlich, 12/14/2007
- Re: [CAcert-Policy] Proposal to stop issuing code signing certificates, Philipp Gühring, 12/14/2007
- [CAcert-Policy] Policy about code signing certificate, Bernhard Froehlich, 12/14/2007
- Re: [CAcert-Policy] Policy about code signing certificate, Lambert.Hofstra, 12/16/2007
- Re: [CAcert-Policy] Policy about code signing certificate, Bernhard Froehlich, 12/17/2007
- Re: [CAcert-Policy] Policy about code signing certificate, Lambert.Hofstra, 12/17/2007
- Re: [CAcert-Policy] Policy about code signing certificate, Iang, 12/17/2007
- Re: [CAcert-Policy] Policy about code signing certificate, Lambert.Hofstra, 12/17/2007
- Re: [CAcert-Policy] Policy about code signing certificate, Lambert.Hofstra, 12/16/2007
- [CAcert-Policy] Policy about code signing certificate, Bernhard Froehlich, 12/14/2007
- Re: [CAcert-Policy] Policy about code signing certificate, Iang, 12/17/2007
- Re: [CAcert-Policy] Policy about code signing certificate, Lambert.Hofstra, 12/17/2007
- Re: [CAcert-Policy] Policy about code signing certificate, Iang, 12/17/2007
- Re: [CAcert-Policy] Policy about code signing certificate, Lambert.Hofstra, 12/17/2007
- Re: [CAcert-Policy] Policy about code signing certificate, Bernhard Froehlich, 12/18/2007
- [CAcert-Policy] Revocation, Philipp Gühring, 12/18/2007
- Re: [CAcert-Policy] Revocation, Lambert.Hofstra, 12/18/2007
- Re: [CAcert-Policy] Revocation, Teus Hagen, 12/18/2007
- Re: [CAcert-Policy] Revocation, Philipp Gühring, 12/18/2007
- Re: [CAcert-Policy] Revocation, Lambert.Hofstra, 12/18/2007
- Re: [CAcert-Policy] Proposal to stop issuing code signing certificates, Philipp Gühring, 12/14/2007
- Re: [CAcert-Policy] Proposal to stop issuing code signing certificates, Bernhard Froehlich, 12/14/2007
- Re: [CAcert-Policy] Revocation, Iang, 12/18/2007
- Re: [CAcert-Policy] Revocation, Philipp Gühring, 12/18/2007
- Re: [CAcert-Policy] Revocation, Iang, 12/18/2007
Archive powered by MHonArc 2.6.16.