cacert-policy - Re: [s20100225.49] Secure E-Mal to Vattenfall Group

Subject: Policy-Discussion

List archive

Re: [s20100225.49] Secure E-Mal to Vattenfall Group

From: Pieter van Emmerik <pve.cacert AT gmail.com>
To: cacert-policy AT lists.cacert.org
Subject: Re: [s20100225.49] Secure E-Mal to Vattenfall Group
Date: Sat, 27 Feb 2010 12:01:05 +0100
Authentication-results: lists.cacert.org; dkim=pass (1024-bit key) header.i= AT gmail.com; dkim-asp=none
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type; b=jFdrbK2IF2P/x9VtMKC5QypYqjHyB6FKJ63FaaJKdyNxgKx8aBjtOUOfP1UtoPazzB J460e9I3UTbUnDxAQCSsPhgyiWIT3aVn9VriCRcXDpyV2saz08kbijxU09YSbhKuzEap D4zgVJzbR/u8QfFkgm6JdPzoZlIdYu4gvuLIA=

Op 26-2-2010 23:17, Bernhard Fröhlich schreef:

Someone from support list wrote:

[...]
Hello,

the CAcert roots are available for download at http://www.cacert.org/index.php?id=3 together with their fingerprints. According to your request I've attached a ZIP-compressed root certificate in the PEM format.
Best regards

Hmm, a question to discuss: shouldn't such a reply include a link to the "Condition of Usage", that is, to the NRP-DaL https://www.cacert.org/policy/NRPDisclaimerAndLicence.php and the CCA https://www.cacert.org/policy/CAcertCommunityAgreement.php?

Since I guess Vattenfall is not a CAcert (Org) Member, the NRP-DaL says that they must not make any decisions based on any CAcert certificate.

I know that would probably be bad for the spreading of CAcert, but maybe it would be good for the reputation...

Regards
Ted
;)

The NRP-Dal is mentioned on the CAcert webpage - http://www.cacert.org/
If you want to use certificates issued by CAcert, read the CAcert Disclaimer and Licence .

Here Disclaimer and Licence is a link to http://www.cacert.org/policy/NRPDisclaimerAndLicence.php

We probaly should also add a reference to the CPS - Certification Practice Statement, either via the wiki:
http://wiki.cacert.org/CPS
or directly via:
http://www.cacert.org/policy/CertificationPracticeStatement.php

It describes rules and procedures used by CAcert for operating its CA, and applies to all CAcert PKI Participants,
including Assurers, Members, and CAcert itself.

As far as I know the publication of a CPS is mandatory for a CA, but it is normally hard to find.
To see CPS's of other CA's have a look at:
http://www.mozilla.org/projects/security/certs/included/
This is a list of companies and certificates included in the Mozilla project Root CA store after March 1st, 2007,
it includes references to CP's and CPS's of the CA's issuing the included root certificates.

I have added this reference to http://wiki.cacert.org/CPS

Regards,
Pieter

-- 
Pieter van Emmerik
Email: pve.cacert AT gmail.com

CAcert assurer 000419

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Re: [s20100225.49] Secure E-Mal to Vattenfall Group, Bernhard Fröhlich, 02/26/2010
- RE: [s20100225.49] Secure E-Mal to Vattenfall Group, Peter Williams, 02/27/2010
- Re: [s20100225.49] Secure E-Mal to Vattenfall Group, Pieter van Emmerik, 02/27/2010
  - Re: [s20100225.49] Secure E-Mal to Vattenfall Group, Ian G, 02/27/2010
    - Re: [s20100225.49] Secure E-Mal to Vattenfall Group, Pieter van Emmerik, 02/27/2010
      - Policy Officer may make minor editorial changes?, Ian G, 02/27/2010
        
        RE: Policy Officer may make minor editorial changes?, ulrich, 02/27/2010
        
        Re: Policy Officer may make minor editorial changes?, Ian G, 02/27/2010
        
        Re: Policy Officer may make minor editorial changes?, Morten Gulbrandsen, 02/27/2010
        
        Re: Policy Officer may make minor editorial changes?, Pieter van Emmerik, 02/27/2010
        
        RE: Policy Officer may make minor editorial changes?, ulrich, 02/27/2010
        
        Re: Policy Officer may make minor editorial changes?, Lambert Hofstra, 02/28/2010

List archive

Re: [s20100225.49] Secure E-Mal to Vattenfall Group