Policy-Discussion

[Sam Johnston <samj AT samj.net>]

On Thu, Feb 12, 2009 at 5:55 PM, Bernhard Froehlich <ted AT convey.de> wrote:

  * IMHO Assurances should be made by people, not by organisations.
    Otherwise the org could name its own Assurers. CAcert would
    probably be able to insist on rules for appointing Assurers, but
    what would be gained if orgs would only be allowed to select
    Assurers who fulfill all Assurer requirements of CAcert?

This same conflict of interest exists for friends, family members, etc. and could easily be resolved across the board by forbidding assurance e.g. where a personal, family, employee, contractor etc. relationship exists.

The gain is that assurers can do assurances as a function of their employment, which is more natural than trying to create personal liability where there almost always is none. It is more professional and should result in the creation of a network of assurance points, thus making it far easier for users to secure themselves (no need to organise times, places, etc. - just rock up between 9 and 5 and get it all done in one go). Plus it's still more secure than commercial CA's because it's all done in person.

Sam