Subject: Policy-Discussion
List archive
- From: <Lambert.Hofstra AT ins.com>
- To: <cacert-policy AT lists.cacert.org>
- Subject: Re: [CAcert-Policy] Policy about code signing certificate
- Date: Mon, 17 Dec 2007 21:51:35 -0000
- List-archive: <https://lists.cacert.org/cgi-bin/mailman/private/cacert-policy>
- List-id: Policy-Discussion <cacert-policy.lists.cacert.org>
> The key part to look at is Claim 4, which says that CAcert's
> Arbitration rules. Now, this can bring the person before an
> Arbitrator. That Arbitrator can rule up to 100 Euros of fines, etc.
> The Arbitrator can also do other things, without particular limit, see
> below.
So the question is: when could a user not be bound by arbitration? In
those cases where the CAcert policy was unclear, probably when the
effects of relying on a CSC are not understood by the majority of the
users?
[...]
> >> * Do we want an additional agreement of the applicant?
Something
> >> like she is no bad gal or that he knows that signing binaries
> >> impose additional risks/obligations.
> >>
> > Yes: Lambert, Ted
> > No:
>
>
> I'm interested to hear your logic why? What would that
> agreement impose?
>
Either in here or in the CPS or another official document you have to
explain that the person is responsible for his/her own code, that
signing is just a way to make the author traceable, and that it does not
in any way shape or form indicate a "statement of approval" from CAcert
regarding the code.
In other words, make sure CAcert took enough steps to point the code
signer to the effects of signing code, and the role CAcert plays in the
process (none). This will be used in a court case, sort of a CAcert CYA
>
Lambert
- [CAcert-Policy] Proposal to stop issuing code signing certificates, Bernhard Fröhlich, 12/13/2007
- Re: [CAcert-Policy] Proposal to stop issuing code signing certificates, Iang, 12/13/2007
- Re: [CAcert-Policy] Proposal to stop issuing code signing certificates, Jac Kersing, 12/13/2007
- Re: [CAcert-Policy] Proposal to stop issuing code signing certificates, Bernhard Froehlich, 12/14/2007
- Re: [CAcert-Policy] Proposal to stop issuing code signing certificates, Philipp Gühring, 12/14/2007
- [CAcert-Policy] Policy about code signing certificate, Bernhard Froehlich, 12/14/2007
- Re: [CAcert-Policy] Policy about code signing certificate, Lambert.Hofstra, 12/16/2007
- Re: [CAcert-Policy] Policy about code signing certificate, Bernhard Froehlich, 12/17/2007
- Re: [CAcert-Policy] Policy about code signing certificate, Lambert.Hofstra, 12/17/2007
- Re: [CAcert-Policy] Policy about code signing certificate, Iang, 12/17/2007
- Re: [CAcert-Policy] Policy about code signing certificate, Lambert.Hofstra, 12/17/2007
- Re: [CAcert-Policy] Policy about code signing certificate, Lambert.Hofstra, 12/16/2007
- [CAcert-Policy] Policy about code signing certificate, Bernhard Froehlich, 12/14/2007
- Re: [CAcert-Policy] Policy about code signing certificate, Iang, 12/17/2007
- Re: [CAcert-Policy] Policy about code signing certificate, Lambert.Hofstra, 12/17/2007
- Re: [CAcert-Policy] Policy about code signing certificate, Iang, 12/17/2007
- Re: [CAcert-Policy] Policy about code signing certificate, Lambert.Hofstra, 12/17/2007
- Re: [CAcert-Policy] Policy about code signing certificate, Bernhard Froehlich, 12/18/2007
- [CAcert-Policy] Revocation, Philipp Gühring, 12/18/2007
- Re: [CAcert-Policy] Revocation, Lambert.Hofstra, 12/18/2007
- Re: [CAcert-Policy] Revocation, Teus Hagen, 12/18/2007
- Re: [CAcert-Policy] Revocation, Philipp Gühring, 12/18/2007
- Re: [CAcert-Policy] Revocation, Lambert.Hofstra, 12/18/2007
- Re: [CAcert-Policy] Proposal to stop issuing code signing certificates, Philipp Gühring, 12/14/2007
- Re: [CAcert-Policy] Proposal to stop issuing code signing certificates, Bernhard Froehlich, 12/14/2007
- Re: [CAcert-Policy] Proposal to stop issuing code signing certificates, Jac Kersing, 12/13/2007
- Re: [CAcert-Policy] Proposal to stop issuing code signing certificates, Iang, 12/13/2007
Archive powered by MHonArc 2.6.16.