Policy-Discussion

[Teus Hagen <teus AT theunis.org>]

On 12/18/2007 02:37 PM, 
Lambert.Hofstra AT ins.com
 wrote:
>>> ....
>> Why should the certificates be revoked? Is there any good reason why we
>> want to retroactively invalidate all signatures that were made with
>> those certificates? This would clearly violate our current CPS.
>>
>>     
> Well, that's easy, when you join CAcert, you can rely on CAcert certs and 
> agree to be bound by arbitration.
>   
you are bound to arbitration also after you "unjoin" CAcert community if
I read the CCA well.
> When you're not part of the community you cannot rely on CAcert and CAcert 
> (members) cannot rely on you.
>
> So when you leave the community, but are allowed to use the certs after 
> that moment, Cacert members will rely on that cert although the owner of 
> the cert is not a member.
>   
What is defined as "unjoining"?
If you end the CCA agreement you are ending also the CAcert services and
your certificates are revoked (see: termination in the CAcert Community
Agreement
http://svn.cacert.org/CAcert/RegisteredUserAgreement.html ;).
> So I would say: revoke all certs at time of leave (date X).
> This does not invalidate the cert completely, it just says that anything 
> signed after date X is not valid
>   
agree

teus
> Lambert Hofstra  
>
> _______________________________________________
> Have you subscribed to our RSS News Feed yet?
>
> CAcert-Policy mailing list
> CAcert-Policy AT lists.cacert.org
> https://lists.cacert.org/cgi-bin/mailman/listinfo/cacert-policy
>