Subject: Policy-Discussion
List archive
Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC
Chronological Thread
- From: IanG <iang AT cacert.org>
- To: Policy-Discussion <cacert-policy AT lists.cacert.org>
- Subject: Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC
- Date: Tue, 21 Oct 2008 08:00:55 +0200
- List-archive: <https://lists.cacert.org/cgi-bin/mailman/private/cacert-policy>
- List-id: Policy-Discussion <cacert-policy.lists.cacert.org>
Peter Williams wrote:
> * *
>
> The Mozilla CA Certificate Policy
> <http://www.mozilla.org/projects/security/certs/policy/> uses wording
> like 'We consider /verification/ of certificate signing requests to be
> acceptable if it'
>
>
>
>
>
>
> This is acceptable (if you are still ‘with’ the legal formalisms). A CSR
> is (self)signed. (a) you are thus properly ”verifying”, since it’s a
> signature. Second, in a semantic leap based on policy, a CSR is
> technically a prototype cert (in a non X.509 format) in some CPSs. Thus,
> “sponsored” by an LRA (assurer in CACert), and “subscribed to” by the
> user, it gets “validated” by a/the relying party known as a CA. During
> this act, there are validation procedures – such as EV.
Speaking of EV, it seems that EV mixes the terms up without a lot of
discrimination. For the most part, CA-checks are called
"verification" but sometimes they are called Validation. The
document itself is "extended Validation."
At least once, verification is used for relying parties as well.
> As a final step
> the IA component of a CA registers the cert, turning it from
> prototype/temp to accepted cert, at which point obligations are passed
> to all types of relying party other than the CA and subscriber.
Any view on why EV did not nail down these obligations?
> Ahem.
>
> Yes, its legal bullshit. But, writing it is highly paid… and its author
> (not me) made over $50M. So…
I guess those in the EV group were on a tighter budget.
> Remember, if like VeriSign , you are going to warrant now over 25
> billion dollars, you need a strong basis to convince the “insurers”.
> Since one cannot issue US-style junk bonds to cover this kind of
> non-investment warranty, you have to go to pure risk markets, like Lloyds.
Ah, yes. You know, there is a special clause in the EV document,
that says "if you are really big, like a billion or so, then you can
claim to self-insure..."
Ah, here it is:
(3) The CA and/or its Root CA MAY self-insure for liabilities that
arise from such party's performance and obligations under these
Guidelines provided that it has at least $500 million in liquid
assets based on audited financial statements in the past twelve
months, and a quick ratio (ratio of liquid assets to current
liabilities) of not less than 1.0.
iang
- Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC, (continued)
- Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC, Philipp Dunkel, 10/16/2008
- Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC, Tomáš Trnka, 10/17/2008
- Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC, Sam Johnston, 10/18/2008
- Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC, Philipp Dunkel, 10/18/2008
- Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC, Peter Williams, 10/18/2008
- Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC, IanG, 10/18/2008
- Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC, Peter Williams, 10/19/2008
- Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC, IanG, 10/19/2008
- Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC, Sam Johnston, 10/20/2008
- Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC, Peter Williams, 10/21/2008
- Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC, IanG, 10/21/2008
- Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC, Peter Williams, 10/21/2008
- [CAcert-Policy] EV stuff, IanG, 10/21/2008
- Re: [CAcert-Policy] EV stuff, Peter Williams, 10/21/2008
- Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC, Peter Williams, 10/21/2008
- Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC, Greg Stark, 10/21/2008
- Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC, Peter Williams, 10/21/2008
- Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC, IanG, 10/21/2008
- Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC, Bernhard Fröhlich, 10/21/2008
- Re: [CAcert-Policy] CPS bugs. Vote please. Colosing date of votes21 October 12pm UTC, Greg Stark, 10/21/2008
Archive powered by MHonArc 2.6.16.