Skip to Content.
Sympa Menu

cacert-policy - Question about Remote Assurance Policy (RAP)

Subject: Policy-Discussion

List archive

Question about Remote Assurance Policy (RAP)


Chronological Thread 
  • From: Faramir <faramir.cl AT gmail.com>
  • To: Cacert-Policy <cacert-policy AT lists.cacert.org>
  • Subject: Question about Remote Assurance Policy (RAP)
  • Date: Mon, 25 May 2009 15:25:04 -0400
  • Authentication-results: lists.cacert.org; dkim=pass (1024-bit key) header.i= AT gmail.com; dkim-asp=none
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject :x-enigmail-version:openpgp:content-type:content-transfer-encoding; b=SIxv74E6l800IENZAmIHAmzFu885co83aI3ojJ0QYlOJ5cfBsPDg48GGMvmyVTwhgv zs4bH+FNQP55BISMHva4AViU5pS+N6nLCnEsP8zKT6x109LTMQ7cougWM1rt+T/Xe8Iu 9xdWAco5012lw7gUBl1tDNeMrmPIw6LtRApns=
  • Openpgp: id=4319410E; url=http://tinyurl.com/0x4319410E

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

What do we need to move RAP to draft status?

I have been reading RAP and RVP proposed policies, and while both are
interesting, I think RVP is a bit more complex and depends on
organization assurance, which, IIRC, has some problems to work.

I think it would be a good idea to move RAP to draft status, since
currently TTP assurance is not working, and latter we can create a
policy ruling about things like CAs being valid as TTPs, as well as
creating a policy for remote assurance of organizations (maybe based on
RVP).

I feel it is important to enable RAP (or equivalent policy) soon, since
currently people living in deserts (CAcert deserts) doesn't have any way
to get assured.

By the way, on RAP, point 3.1 e vi, there is a comment:
"iang:  this clause is similar to the requirement DRC C.9.b: "RAs
provide the CA with complete documentation on each verified applicant
for a certificate." What is different is that the criteria requires the
TTP to send the form, not the Member."

  Does it mean there is actually a requirement for the forms to be sent
by the TTP, instead of the asuree?

  Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJKGvCQAAoJEMV4f6PvczxA62UIAKUYxq1PEp/Aqch3PRqZU99M
JeaDjy55TxZq4NftA7XHvv0Lg7gkJt1i/WePB+SsBgN83KytV5NEdfHvYOJ1QvBl
mCoOqyCMYAmxMM62d2qCvBpPB8OHhaBGjMdOchgx0YwV4+w4rnK4FEtlgI2tTjvb
6WcX90Immy59+GKr5Qf4+WLfQ8tpVYOI/Ojmf+qthKrNL+rE6hZtWd6u59pvAtGa
MWymJn4yi+ozO+OAmb9NPrHgdb6jGQ37nFBSM5uhLVCm4ahH7Kgko8Uzwr6+54N4
w7RetYAd6uRs0rBLHWBr5vp/pxYMQGN0uX0HUXjFkztRa0Zyva4w6IPIgoF9ayU=
=tJFE
-----END PGP SIGNATURE-----



Archive powered by MHonArc 2.6.16.

Top of Page