Policy-Discussion

[Andreas Bürki <abuerki AT anidor.com>]

Mark Lipscombe schrieb:
> On 3/24/2010 11:47 AM, Andreas Bürki wrote:
>> Thoughts at random:
>>
>> *    Why multi-member approach is not more focused on organizations?
>>          *    CAcert ORGA assured organizations are CAcert members as
>> well
>>          *    Organizations will probably "live" longer than an human
>> member
>>          *    Organizations have very often something to loose, at least
>> their reputation.
>>          *    Organizations have very often the physical infrastructure
>> to protect root keys
>>
>> And, yes of course, such organizations could be well known and serious
>> universities, which are member of CAcert
>
> In amongst this though is the fact that organisations are not real
> people. 


But they are CAcert community members, and as such they have the same
responsibility at least as any other individual member. Remember, they
accepted the CCA and have their responsibilities towards CAcert Inc. as
any other member, accepted the CCA as well.


> They can't lock or unlock a safe, they can't remember a passphrase and
> they are subject to morphing over time with different motives.  For an
> organisation to do something, it must use real people, and then we
> have an additional layer that disconnects us from those real people.


And these people are under responsibility of the organization. Again,
the organization accepted the CCA and has something to loose, e.g.
reputation.

And if what ever policy we take, it has to be individual members, then I
prefer public notaries. Just make them before the get the keys CAcer
assurers.

BTW -  I don't feel very comfortable, if some members have the keys or
part of it at home under the pillow.


>
> In reality, people usually outlive all but the biggest organisations.
>
> There is also still the problem of making a long stretch to define "CA
> personnel" to mean CAcert member.


CAcert Inc. has no personnel up to my knowledge. Taking your thoughts,
we would have to decide CAcert community members in organizational
members and personal members. This is not reality so far.


>
> A side thought: perhaps we can narrow this discussion down to a single
> list -- the number of copies of each mail is a bit much.  Being this
> is a policy discussion, the policy list would seem like a great place,
> so I have removed the other CCs.
>
Done. - It's not policy only, but roots as well


cheeerio, hugi

-- 
Andreas Bürki

E-Mail:
abuerki AT anidor.com
Zertifikat - SHA1-Fingerprint:
EF:7C:42:A2:AA:C3:C6:01:B5:89:B7:9A:15:58:D5:8A:BC:70:12:64

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature