Skip to Content.
Sympa Menu

cacert-policy - Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC

Subject: Policy-Discussion

List archive

Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC


Chronological Thread 
  • From: "Peter Williams" <home_pw AT msn.com>
  • To: "'Policy-Discussion'" <cacert-policy AT lists.cacert.org>
  • Subject: Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC
  • Date: Sat, 18 Oct 2008 07:30:46 -0700
  • List-archive: <https://lists.cacert.org/cgi-bin/mailman/private/cacert-policy>
  • List-id: Policy-Discussion <cacert-policy.lists.cacert.org>

In the VeriSign CPS (for reference), those words mean (and they are pretty closely aligned to legal codes)

 

You “verify” the assertion of a signature (as authentic)

You “validate” the supporting certification chain (as reliable under the trust model)

You obtain assurance in the reliability of the trust model itself by considering the basis its authorities use in their assertion of validity (e.g. why and when they “issue” revocation/compromise/status notices)

 

So, note that one has a meta-relationship. Proving one assertion only ends up relying on another class of assertion.

 

It’s not a core component of the VeriSign CPS, but

 

You obtain “confidence” in the  assurance regime by testing its design, testing its implementation elements, testing its formalisms, testing its rigour, testing its completeness etc

 

 

It’s not a core component of the VeriSign CPS, but is/was implied:-

 

A legal “recording” model lies at the heart of the VeriSign CPS’s core model of validity, and represents the basis of the assurance. Once an appropriate party performs an act of “recordation” (ugh, ugly American word that is however concise and effective), the verification and validation evidence becomes a record, whose status as such transforms the value of the assurance.

 

If you are interesting in  a somewhat overly-intellectualized consideration of validity, in a post-PKI era sphere, consider reading  http://yorkporc.spaces.live.com/blog/cns!5061D4609325B60!317.entry

 

If you are interested

From: cacert-policy-bounces AT lists.cacert.org [mailto:cacert-policy-bounces AT lists.cacert.org] On Behalf Of Philipp Dunkel
Sent: Friday, October 17, 2008 10:46 PM
To: Policy-Discussion
Subject: Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC

 

We don't. But we need 3 words for 3 concepts. 

 

Assurance = verification via WoT

Validation = verifcation via lesser means

 

Verification = Assurance + Validation

 

R, Phil

---

Philipp Dunkel

Tel: +43-720-407204

Fax: +43-1-3060903-9

---

Your reality and mine may not entirely coincide. Therefore you may not rely on this message meaning what you believe it means. 

---


On Oct 18, 2008, at 6:06, "Sam Johnston" <samj AT samj.net> wrote:

2008/10/17 Tomáš Trnka <TomTrnka AT seznam.cz>

> The problem is that verified is not available.

<snip>
> Now if you have a better word for C I am eagerly awaiting it.

I would like "validated" a bit more (and even more thinking about automated
checking)...What do the others think?


Why do we need three words to describe one concept? Simplicity is the key to our success and all this sounds like academic wankery; somebody please explain what benefit is percieved from confusing the hell out of our users.

Sam

_______________________________________________
Have you passed the Assurer Challenge yet?
http://wiki.cacert.org/wiki/AssurerChallenge

CAcert-Policy mailing list
CAcert-Policy AT lists.cacert.org
https://lists.cacert.org/cgi-bin/mailman/listinfo/cacert-policy




Archive powered by MHonArc 2.6.16.

Top of Page