Skip to Content.
Sympa Menu

cacert-policy - Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC

Subject: Policy-Discussion

List archive

Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC


Chronological Thread 
  • From: Philipp Dunkel <p.dunkel AT cacert.org>
  • To: Policy-Discussion <cacert-policy AT lists.cacert.org>
  • Subject: Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC
  • Date: Thu, 16 Oct 2008 14:31:45 +0200
  • List-archive: <https://lists.cacert.org/cgi-bin/mailman/private/cacert-policy>
  • List-id: Policy-Discussion <cacert-policy.lists.cacert.org>

Right,

which is why I think it is time to define in in the OA-Policy that the organisation is the member and has all the duties of the member. (See previous E-Mail)

R,P

On 2008-10-16, at 14:09, 
samj AT samj.net
 wrote:

Employees can't, shouldn't and won't be held responsible for
[in]actions taken in re line of duty. Personal liability won't hold so
it's upto the company.

Sam on iPhone

On 10/16/08, Bernhard Froehlich 
<ted AT convey.de>
 wrote:
maurice Kellenaers schrieb:

Philipp Dunkel wrote:

On 2008-10-16, at 12:40, maurice Kellenaers wrote:



Philipp Dunkel wrote:


There are several ways this could be accomplished. The first would
be to rely on assurances. Someone suggested that if there were 2
assurers in HR they could assure all new employees. That would be
one way. But since the statement is verified and not assured
another way could be to check the CN against a paycheck database or
other such database available to the employer.
I opt for the second; check against dB. Small companies don't have 2
persons on HR (maybe not even 2 persons employed), maybe just the
o-admin as sole assurer.

Well actually I think this is not an either or decision we have to
make? Leave it to the organisation itself. What is good for one may
not be for the other. So why not just leave all options open?

true, and that brings us back to the question: how can/does CAcert
verify the info.

The Org's admin is CAcert's agent to verify the information (just like
the other Assurers are). S/he is obliged to verify the informattion to a
certain standard because s/he is in a contract with CAcert (just like
the other Assurers are). If s/he is (grossly?) negligant s/he may face a
"fine" as a result from a dispute (just like the other Assurers are).
The only difference is that s/he not only verifies names but also
membership to the organisation and maybe org unit.

And I guess the term is "verify" and not "assure" because the
4-eyes-principle does not necessarily apply for the organisation info.

Or did I misunderstand something?
Ted
;)

--
PGP Public Key Information
Download complete Key from http://www.convey.de/ted/tedkey_convey.asc
Key fingerprint = 31B0 E029 BCF9 6605 DAC1  B2E1 0CC8 70F4 7AFB 8D26


_______________________________________________
Have you passed the Assurer Challenge yet?
http://wiki.cacert.org/wiki/AssurerChallenge

CAcert-Policy mailing list
CAcert-Policy AT lists.cacert.org
https://lists.cacert.org/cgi-bin/mailman/listinfo/cacert-policy

---
Philipp Dunkel
p.dunkel AT cacert.org
---
Your reality and mine may not entirely coincide. Therefore you may not rely on this message meaning what you believe it means.
---



Attachment: smime.p7s
Description: S/MIME cryptographic signature




Archive powered by MHonArc 2.6.16.

Top of Page