Skip to Content.
Sympa Menu

cacert-policy - Re: [website form email]: Accreditation by other Certificate Root

Subject: Policy-Discussion

List archive

Re: [website form email]: Accreditation by other Certificate Root


Chronological Thread 
  • From: Faramir <faramir.cl AT gmail.com>
  • To: cacert-policy AT lists.cacert.org
  • Subject: Re: [website form email]: Accreditation by other Certificate Root
  • Date: Wed, 21 Oct 2009 10:58:01 -0300
  • Authentication-results: lists.cacert.org; dkim=pass (1024-bit key) header.i= AT gmail.com; dkim-asp=none
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:x-enigmail-version:openpgp:content-type :content-transfer-encoding; b=mjl4c5sOa/hCjCCkfWpZAUTKnb62GJexyrW6Tq7C5mIXrpUX4MbxYlKiYi0lwKHa/a 0An8kavYUfZe5Y8qV87CkQne/XtS73Eo+KVjy35YgVuTy1uEshjVImprqhEMT7yWNbJK EwJMa/78xP6jXtCk0KzE/kTSozK7fJ/wJLlXU=
  • Openpgp: id=4319410E; url=http://tinyurl.com/0x4319410E
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Ian G escribió:
> On 15/10/2009 20:07, Brian McCullough wrote:
> 
>> We have talked about extending the "TVerify" Policy, or perhaps more
>> properly, a "Third Party Certificate" Policy, to include either
>> different policies for various CAs or perhaps a list of CAs that can
...

> Right.  Just to add to that; it is not out of the question that we rely
> on the results of other CAs without an agreement and without an audit.
> For years we have been doing exactly that with passports, etc, issued by
> various government "CAs" a.k.a. passport issuing offices.  We haven't
> got an agreement with them nor have we audited them.

  As an example of possible usages of that "other CA verify": in my
country, the law about digital signatures talk about 2 different
signatures: "simple electronic signature", which can be anything that
allows to identify the sender's identity (it says it can be a sound, an
image, etc. but I think the only practical implementation is something
like PGP, or digital certificates), and "advanced electronic
signatures", which mean a digital certificate from an accredited CA.

  CA's are accredited by the minister of economy, and the list is very
short. I think it also requires enhanced security measures, like the
certificates stored in encrypted tokens. It is the only kind of
signature valid to be used in "public documents", and has legal value of
"full proof" (I hope I'm translating it right, I'm not familiar with
legal terms).
  I think CAcert can trust without any doubt these "accredited CA's",
but I am NOT proposing CAcert should trust them... this is just an example.

  By the way, if I understood chilean law right, even signatures from
self signed certificates can be considered as valid as handwritten
signatures, if the court decides so. But certainly, I can have
understood it wrong.

  Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBCAAGBQJK3xNpAAoJEMV4f6PvczxAcfoH/1d0Ht3d3LqIGbsFCCHfYfv7
SClgXwbgUrS0Rr34WJtZr1g01kUBDQRD6Y51rDyjFSBLs0dd4KLT2ZCXwiD2zVly
tY2HTLScpYroSOsK3Oe/gCYQpf4XGC3lUnJkVZpEzsSHVQdHWDNdK+ogqYuM5DoW
RsVMuigFJ23FuX/0IQZWZYPZIp0pSeTC0b3zGWFG9SC0sru660SJWEW3Ac6OSIcv
rYjOYie6eL2UxJUb2Ku0T5ykR77EEiHuVKoeY+mB6fbhu8VvqVUSij+KrjV/ksZ1
UQZhWRVvl0ByjYb1rc2kD3NVGX/oiFGk0QjuvY0dXsUvf0K7FUE8anNr/AS3w7U=
=cxOL
-----END PGP SIGNATURE-----

Archive powered by MHonArc 2.6.16.

Top of Page