Skip to Content.
Sympa Menu

cacert-policy - Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC

Subject: Policy-Discussion

List archive

Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC


Chronological Thread 
  • From: maurice Kellenaers <maurice AT gkbikes.com>
  • To: Policy-Discussion <cacert-policy AT lists.cacert.org>
  • Subject: Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC
  • Date: Thu, 16 Oct 2008 14:09:22 +0200
  • List-archive: <https://lists.cacert.org/cgi-bin/mailman/private/cacert-policy>
  • List-id: Policy-Discussion <cacert-policy.lists.cacert.org>



Bernhard Froehlich wrote:
maurice Kellenaers schrieb:

Philipp Dunkel wrote:

On 2008-10-16, at 12:40, maurice Kellenaers wrote:



Philipp Dunkel wrote:


There are several ways this could be accomplished. The first would be to rely on assurances. Someone suggested that if there were 2 assurers in HR they could assure all new employees. That would be one way. But since the statement is verified and not assured another way could be to check the CN against a paycheck database or other such database available to the employer.
I opt for the second; check against dB. Small companies don't have 2 persons on HR (maybe not even 2 persons employed), maybe just the o-admin as sole assurer.

Well actually I think this is not an either or decision we have to make? Leave it to the organisation itself. What is good for one may not be for the other. So why not just leave all options open?

true, and that brings us back to the question: how can/does CAcert verify the info.

The Org's admin is CAcert's agent to verify the information (just like the other Assurers are). S/he is obliged to verify the informattion to a certain standard because s/he is in a contract with CAcert (just like the other Assurers are). If s/he is (grossly?) negligant s/he may face a "fine" as a result from a dispute (just like the other Assurers are).
The only difference is that s/he not only verifies names but also membership to the organisation and maybe org unit.

And I guess the term is "verify" and not "assure" because the 4-eyes-principle does not necessarily apply for the organisation info.

Or did I misunderstand something?
not so far, imho.
The next question is: how can CAcert verify the o-admin verified information?
Ted
;)

------------------------------------------------------------------------

_______________________________________________
Have you passed the Assurer Challenge yet?
http://wiki.cacert.org/wiki/AssurerChallenge

CAcert-Policy mailing list
CAcert-Policy AT lists.cacert.org
https://lists.cacert.org/cgi-bin/mailman/listinfo/cacert-policy

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature




Archive powered by MHonArc 2.6.16.

Top of Page