Subject: Policy-Discussion
List archive
- From: Alexander Prinsier <aphexer AT cacert.org>
- To: cacert-policy AT lists.cacert.org
- Cc: Daniel Black <daniel AT cacert.org>
- Subject: Re: proposal to stop issuing class3 certificates
- Date: Thu, 14 Jan 2010 12:22:25 +0100
- Authentication-results: lists.cacert.org; dkim=pass (1024-bit key) header.i= AT cacert.org; dkim-asp=none
On 01/14/2010 02:49 AM, Daniel Black wrote:
>> I am against it, since we still have users that require Class3
>> certificates for their applications.
>> One such application I know of is http://registeredcommons.org/
>> There might be others as well that I have not heard about yet.
>
> it seems as though they could achieve the same thing with class1
> certificates.
>
> SSLVerifyDepth 3
> SSLCACertificatePath /usr/share/ca-certificates/cacert.org/
> SSLCADNRequestPath /usr/share/ca-certificates/cacert.org/
> SSLOptions +StdEnvVars +ExportCertData
> SSLRequire %{SSL_CLIENT_S_DN_CN} != 'CAcert WoT Member'
Why doesn't registeredcommons use the class3 as their trusted root, and
not the class1? (at least for the purpose of verification in apache). It
looks more simple to me.
Same idea for those 2 universities: why don't they install the class3 as
their trusted root instead of class1?
Alexander
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
- proposal to stop issuing class3 certificates, Daniel Black, 01/13/2010
- Re: proposal to stop issuing class3 certificates, Tomáš Trnka, 01/13/2010
- Re: proposal to stop issuing class3 certificates, Philipp Guehring, 01/13/2010
- Re: proposal to stop issuing class3 certificates, Andreas Bürki, 01/13/2010
- Re: proposal to stop issuing class3 certificates, Philipp Guehring, 01/13/2010
- Re: proposal to stop issuing class3 certificates, Brian McCullough, 01/13/2010
- Re: proposal to stop issuing class3 certificates, Philipp Guehring, 01/13/2010
- Re: proposal to stop issuing class3 certificates, Faramir, 01/13/2010
- Re: proposal to stop issuing class3 certificates, Philipp Guehring, 01/14/2010
- Re: proposal to stop issuing class3 certificates, Daniel Black, 01/14/2010
- Re: proposal to stop issuing class3 certificates, Alexander Prinsier, 01/14/2010
- current class3 usage of registeredcommons and issue mixup was: Re: proposal to stop issuing class3 certificates, Daniel Black, 01/14/2010
- Re: current class3 usage of registeredcommons and issue mixup was: Re: proposal to stop issuing class3 certificates, Alexander Prinsier, 01/14/2010
- current class3 usage of registeredcommons and issue mixup was: Re: proposal to stop issuing class3 certificates, Daniel Black, 01/14/2010
- Re: proposal to stop issuing class3 certificates, Alexander Prinsier, 01/14/2010
- Re: proposal to stop issuing class3 certificates, Andreas Bürki, 01/13/2010
- Re: proposal to stop issuing class3 certificates, Lambert Hofstra, 01/13/2010
- Re: proposal to stop issuing class3 certificates, Philipp Guehring, 01/13/2010
- Re: proposal to stop issuing class3 certificates, Alexander Prinsier, 01/13/2010
- Re: proposal to stop issuing class3 certificates, Ian G, 01/13/2010
- Re: proposal to stop issuing class3 certificates, Philipp Guehring, 01/13/2010
- Re: proposal to stop issuing class3 certificates, Ian G, 01/14/2010
- why this is a policy vote. impact for current class3 users. why not newroots. was Re: proposal to stop issuing class3 certificates, Daniel Black, 01/15/2010
- Re: why this is a policy vote. impact for current class3 users. why not newroots. was Re: proposal to stop issuing class3 certificates, Ian G, 01/15/2010
- Re: why this is a policy vote. impact for current class3 users. why not newroots. was Re: proposal to stop issuing class3 certificates, Faramir, 01/15/2010
- why this is a policy vote. impact for current class3 users. why not newroots. was Re: proposal to stop issuing class3 certificates, Daniel Black, 01/15/2010
Archive powered by MHonArc 2.6.16.