Policy-Discussion

[Mario Lipinski <mario AT cacert.org>]

Naye from me. I do not have the feeling that this solves anything right now.

First of all I'd like to have a clean summary where the problem resides
and what has to be considered for completely fixing it and how certain
points could be addressed as well. For now this seems just hacking a
little around trying to satisfy some minor individual needs and even not
even getting further.

Deploying a completely new root seems to add too much confusion and
inconveniences for our users. So unless it proves to be audit proof and
so can be rolled out with browsers we should delay this step.

I have the feelings that our current roots are not very good and maybe
just hacking up a new Class 3 root with the current root and signing it
with SHA-1 could solve this issue. This could just be done by the
critical team ad-hoc without a decent ceremony.

-- 
Mit freundlichen Grüßen / Best regards

Mario Lipinski
Organisation Assurer (Germany),     E-Mail: 
mario AT cacert.org
Wiki/Issue admin                    Internet: http://www.cacert.org
CAcert.org

Support CAcert: http://www.cacert.org/index.php?id=13
                http://wiki.cacert.org/wiki/HelpingCAcert

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature