Policy-Discussion

[Ian G <iang AT cacert.org>]

On 20/01/2010 20:05, Alexander Prinsier wrote:
> On 01/20/2010 07:27 PM, Bernhard Fröhlich wrote:
> > The discussion should go first and then the voting should be done!
>
> Well I was thinking about doing it at the same time ;) You can still
> reverse your vote ;)


well, the approach certainly started a discussion :)


> > Having said this I'm not solidly against your idea, but for now I'm not
> > sure if it makes sense define more details in the AP.
> > It's clearly stated in PracticeOnNames that your proposed rules should
> > be the standard.
>
> Well that's only the PracticeOnNames... It's not a policy, just a
> guideline. At least I haven't seen an arbitrator rule that content on
> the wiki is as binding as a policy.


What has happened over time is that the policies have got more explicit 
about the role of "practices manuals/handbooks."  See SP for an example. 
 The model is that the policy kicks out the detail to the manual, and 
the manual kicks out complicated parts to various "practices".

However, because the policy authorises the manual, the manual is also 
binding.  But probably less binding than a policy ...  although what 
that means before an Arbitrator has to be tested.

(Even though it can be changed on the wiki ... there is version control, 
and that is sufficient to solve most issues.)


> > And I'd prefer to leave it to Arbitration to allow some
> > specific "name mapping", like Johannes ->  Hans in germany. For me it is
> > very hard to see if explicitly forbidding this for ever and everyone
> > won't get us in troubles somehow.
>
> A lot of people probably would have to file a dispute to get their names
> fixed according to the new requirements yes :)

Better recruit some more Arbitrators :)

> > If you absolutely want to add something to the AP, why not something
> > like "Exceptions to 2.1 need to be approved by an Arbitration."? OK, I
> > must admit this somehow sounds stupid... But maybe someone else has a
> > better idea?
>
> Hm, outsourcing policy decisions to an arbitrator... :) I'd prefer to
> stick with my idea of requiring an ID (at least for those places that
> have them, like Ian pointed out).
>
> What about a Europe subpolicy that requires government issued ID explicitly?


I'm curious what the point of that would be?

Pretty much all european assurances will rely on g-i-Id.  It's one of 
the things that is done best by Assurers, the tests last year confirmed 
that to me at least.  If it seems like there is no problem with the 
current state of affairs, what would be the point in tightening up the rule?


iang

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature