Skip to Content.
Sympa Menu

cacert-policy - Re: [CAcert-Policy] Reminder - SSL Certificate for *.blahblah.org expires in 10 Days

Subject: Policy-Discussion

List archive

Re: [CAcert-Policy] Reminder - SSL Certificate for *.blahblah.org expires in 10 Days


Chronological Thread 
  • From: Peter Williams <home_pw AT msn.com>
  • To: Policy-Discussion <cacert-policy AT lists.cacert.org>
  • Subject: Re: [CAcert-Policy] Reminder - SSL Certificate for *.blahblah.org expires in 10 Days
  • Date: Mon, 29 Dec 2008 17:21:50 -0800
  • Importance: Normal
  • List-archive: <https://lists.cacert.org/cgi-bin/mailman/private/cacert-policy>
  • List-id: Policy-Discussion <cacert-policy.lists.cacert.org>

Some CAs claim that a third party making statements about an identified cert (issuer+ serial) are (a) confusing the market for status/repository information (b) and it is NOT fair use to cite their copyrighted fields (issuer + serial). Often, on of those fields (the issuer name) contains a trademark. Yes those CA are American corporations, and yes they are corporates bullys. Whats new.
 
Whether its free speech or not, the point is to remove FUD (for the CAcert case). A couple of lines can make a point, and thus set an expectation of admissable conduct:
 
Under this license Non-Members are granted all applicable rights to cite the issuer and serial number fields of CAcert issued certificates when communicating OCSP messages to members and Non-members alike.  Copryright marks, Trademarks, Servicemarks and legal names cited during such communications may be specifically cited, providing they are retained essentially in their original form.
 
One can think more about the precise wording, obviously.
 
OCSP is a new frontier, if used INDEPENDENTLY. Used by the CA, its just a 1 line CRL on steroids.
 

> Date: Tue, 30 Dec 2008 02:10:40 +0100
> From: philipp AT cacert.org
> To: cacert-policy AT lists.cacert.org
> Subject: Re: [CAcert-Policy] Reminder - SSL Certificate for *.blahblah.org expires in 10 Days
>
> Hi,
> > On Policy: are we sure that the OCSP elements of the CAcert policy licenses
> > non-members to apply the above model? It's basically what OpenID discovery
> > uses of OCSP (will) require. Quite suitably, no "reliance" is required on
> > the CA, since the user's OCSP server's will be signing the Response's that
> > the ultimate relying party (OCSP client) will consume.
> >
> OCSP responses just contain the serial number of the certificate + a
> hash of the issuer.
> I would say that OCSP responses that aren't signed with certificates
> from CAcert
> would fall under the "free speech" amendments, since they are just
> independent statements
> about the validity of a serial number and the hash of the issuer.
> I think this is unrelated enough that a certificate-related license of
> CAcert can't cover it,
> since it's outside the jurisdiction of the license.
>
> Best regards,
> Philipp Gühring
> _______________________________________________
> Have you passed the Assurer Challenge yet?
> http://wiki.cacert.org/wiki/AssurerChallenge
>
> CAcert-Policy mailing list
> CAcert-Policy AT lists.cacert.org
> https://lists.cacert.org/cgi-bin/mailman/listinfo/cacert-policy


Life on your PC is safer, easier, and more enjoyable with Windows Vista®. See how

Archive powered by MHonArc 2.6.16.

Top of Page