Policy-Discussion

[Dieter Hennig <dieter.hennig AT id.ethz.ch>]

Dear Mark,

Mark Lipscombe schrieb am 24.03.2010 01:52:
> On 3/24/2010 11:47 AM, Andreas Bürki wrote:
>> Thoughts at random:
>>
>> *    Why multi-member approach is not more focused on organizations?
>>          *    CAcert ORGA assured organizations are CAcert members as well
>>          *    Organizations will probably "live" longer than an human 
>> member
>>          *    Organizations have very often something to loose, at least
>> their reputation.
>>          *    Organizations have very often the physical infrastructure
>> to protect root keys
>>
>> And, yes of course, such organizations could be well known and serious
>> universities, which are member of CAcert
> 
> In amongst this though is the fact that organisations are not real 
> people.  They can't lock or unlock a safe, they can't remember a 
> passphrase and they are subject to morphing over time with different 
> motives.  For an organisation to do something, it must use real people, 
> and then we have an additional layer that disconnects us from those real 
> people.
> 
> In reality, people usually outlive all but the biggest organisations.

Not for me. ETH is more then 150 years old, I'm not. You?  I would
really guess, that your "usually" is absolutely wrong (sorry, if you
prefer exit 1), and if you would be 150 years old, also you would pray
about to be wrong too.


> There is also still the problem of making a long stretch to define "CA 
> personnel" to mean CAcert member.

No again, please consider:

a.) organisation-member means, that for the University of Zurich the
Rektor make a decision, for the ETH the Vice-president was doing it.
This is the highest level you can reach for scientific problems here, if
you are not following living Nobel price winners directly.

b.) we have a "Sicherheistabteilung" (security department) which is
independent of IT-Services. (Because, we have chemistry too, today we
believe, chemistry is save, but in the older days, ... )

http://www.immobilien.ethz.ch/sgu/

c.) We have "Kulturgüterschutz"

http://www.kgs.ethz.ch/

which is absolute independent of IT-Services. This is really very
special, like "Geheimes Staatsarchiv", but more important (and with
quite more money, as I practical know) like in the other (German
speaking) countries. People there are really do long time archiving. And
most important, they pay for it. They really fulfill Thomas Mann's
decisions. No doubt about.


d.) If we are an org-member, all other employees could be CAcert members
as private persons. But (good for CAcert) nobody other can act as an
org-member for our approved domains.

e.) Please, do not oversee the interest we have: We deploy
CAcert-root-certificate to around 10.000 desktop computers, we would
like to use CAcert as a second source for all our SSL-certificates (I
would guess 1000 of them end of 2010). Second source means: 50%. And we
have a long term interest about this.

f.) We would educate people about SSL-certificates, and really, we think
about to (and do) limit the Mozilla- and MS-store.


Be fair, let us know, what to do more. But please, influence your
government too. We are all the same boot-people. We have to do our best,
at least I try (please forgive my mistakes, I done). It is clear, I have
to fulfill some political border conditions, to speak in terms of
differential equations. As long as this is not influence CAcert.org,
there is no conflict of interest at all.


> A side thought: perhaps we can narrow this discussion down to a single 
> list -- the number of copies of each mail is a bit much.  Being this is 
> a policy discussion, the policy list would seem like a great place, so I 
> have removed the other CCs.

Okay. Well done.


Best Regards

Dieter
-- 
Dieter Hennig
Informatikdienste/Helpdesk
ETH Zuerich, STB G 18.2
8092 Zuerich, Stampfenbachstr. 69
Tel: +41 44 632 4278
Fax: +41 44 632 1900

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature