Skip to Content.
Sympa Menu

cacert-policy - Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC

Subject: Policy-Discussion

List archive

Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC


Chronological Thread 
  • From: "Sam Johnston" <samj AT samj.net>
  • To: Policy-Discussion <cacert-policy AT lists.cacert.org>
  • Subject: Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC
  • Date: Mon, 20 Oct 2008 10:50:22 +0800
  • List-archive: <https://lists.cacert.org/cgi-bin/mailman/private/cacert-policy>
  • List-id: Policy-Discussion <cacert-policy.lists.cacert.org>

On Thu, Oct 16, 2008 at 6:03 PM, maurice Kellenaers <maurice AT gkbikes.com> wrote:

maybe a strange idea, but is there a way to say :  "verified by Acme, who is verified by CAcert.org" or something like this?
that way Acme can use cn="" at their discretion in their cert while CAcert MAY/COULD ask to evaluate/verify the cn= of the cert.

That is *exactly* what is proposed - the user will see 'Sam Johnston verified by Australian Online Solutions' or some such thing and if they look at the chain they will see that the reason their browser accepted this assertion is because Australian Online Solutions was verified by CAcert, who is satisfied that they are who they say they are and that they will follow the rules when requesting certificates be issued by CAcert on their behalf using their escrowed root.

The alternative (and status quo) is to say 'Sam Johnston verified by CAcert' even though CAcert has not had anything to do with the individual.

Sam




Archive powered by MHonArc 2.6.16.

Top of Page