Policy-Discussion

[<Lambert.Hofstra AT ins.com>]

> > > It is possible to join CAcert, can you "unjoin"? Would all your
> > > certs be revoked?
> >
> > There should be a policy about that... ;) AKAIK you can quit by
> > sending a mail to support. IMHO all certificates should be revoked at
> > that time, but I'm not sure if it is currently done.
> 
> Why should the certificates be revoked? Is there any good reason why we
> want to retroactively invalidate all signatures that were made with
> those certificates? This would clearly violate our current CPS.
>
Well, that's easy, when you join CAcert, you can rely on CAcert certs and 
agree to be bound by arbitration.
When you're not part of the community you cannot rely on CAcert and CAcert 
(members) cannot rely on you.

So when you leave the community, but are allowed to use the certs after that 
moment, Cacert members will rely on that cert although the owner of the cert 
is not a member.

So I would say: revoke all certs at time of leave (date X).
This does not invalidate the cert completely, it just says that anything 
signed after date X is not valid

Lambert Hofstra