Subject: Policy-Discussion
List archive
Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC
Chronological Thread
- From: IanG <iang AT cacert.org>
- To: Policy-Discussion <cacert-policy AT lists.cacert.org>
- Subject: Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC
- Date: Thu, 16 Oct 2008 22:46:31 +0200
- List-archive: <https://lists.cacert.org/cgi-bin/mailman/private/cacert-policy>
- List-id: Policy-Discussion <cacert-policy.lists.cacert.org>
Peter Williams wrote:
> Is a subroot simply a first- or nth-level subordinate CA chained from a
> root?
>
> They are contemplating removing from the registry those roots that have
> subordinate CAs in their trust network?
I don't think they are contemplating removing the existing ones,
exactly. Instead, they are contemplating policies that mean it is
not allowed, or it requires additional work, or something. What is
somewhat clear is that they are not happy with the obvious trick
that is being played; how they deal with it is totally unclear.
(Also, to be fair, not everyone is unhappy. Some are happy ... and
the debate appears only to be in early stages, at least over at
Mozilla.)
> As that really doesn’t make any sense, technically, it makes me wondering
> if subroot is something other than a simple subordinate CA, chained up to
> the root.
It is that; the issue is not at the chaining level but at the
semantics and legal agreements level, and whether and how the
primary CA is responsible for the actions of the sub-CAs.
(At, least that's what it appears to be. I've seen a few expressed
opinions on this and the clarity & consistency level is not high.)
iang
> -----Original Message-----
> I think it time to make something quite clear. Sub roots are not an
> option. I have nothing against keeping the possibility open for some
> day in the far future but now they are not even worth contemplating.
>
> Now here is as to why. Both M$ and MZ have decided that they are not a
> [g]ood idea. They are contemplating removing subrooted CAs from their
> browsers. That means that if we want to be on browsers we won't be
> doing sub roots.
- Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC, (continued)
- Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC, Philipp Dunkel, 10/16/2008
- Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC, maurice Kellenaers, 10/16/2008
- Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC, Philipp Dunkel, 10/16/2008
- Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC, Teus Hagen, 10/16/2008
- Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC, Teus Hagen, 10/16/2008
- Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC, maurice Kellenaers, 10/16/2008
- Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC, Teus Hagen, 10/16/2008
- Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC, Philipp Dunkel, 10/16/2008
- Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC, Philipp Dunkel, 10/16/2008
- Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC, Peter Williams, 10/16/2008
- Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC, IanG, 10/16/2008
- Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC, Sam Johnston, 10/20/2008
- Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC, Peter Williams, 10/21/2008
- Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC, Philipp Dunkel, 10/16/2008
- Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC, Tomáš Trnka, 10/17/2008
- Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC, Sam Johnston, 10/18/2008
- Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC, Philipp Dunkel, 10/18/2008
- Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC, Peter Williams, 10/18/2008
- Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC, IanG, 10/18/2008
- Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC, Peter Williams, 10/19/2008
- Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC, IanG, 10/19/2008
Archive powered by MHonArc 2.6.16.