cacert-policy - Re: Board inquisition of Multi-member escrow

Subject: Policy-Discussion

List archive

Re: Board inquisition of Multi-member escrow

From: Ian G <iang AT cacert.org>
To: cacert-policy AT lists.cacert.org
Cc: cacert-root AT lists.cacert.org, "cacert-board AT lists.cacert.org" <cacert-board AT lists.cacert.org>
Subject: Re: Board inquisition of Multi-member escrow
Date: Wed, 24 Mar 2010 15:52:38 +1100
Authentication-results: lists.cacert.org; dkim=pass (1024-bit key) header.i= AT cacert.org; dkim-asp=none

On 24/03/2010 11:47, Andreas Bürki wrote:

Thoughts at random:

*    Why multi-member approach is not more focused on organizations?
         *    CAcert ORGA assured organizations are CAcert members as well
         *    Organizations will probably "live" longer than an human member
         *    Organizations have very often something to loose, at least
their reputation.
         *    Organizations have very often the physical infrastructure
to protect root keys

An illustrative example to this would be Oophaga.

One incidental comment was the audit experiences. There was serious resistance from Oophaga to being reviewed in any sense. I also wondered at how reliable the boundary is across organisations. Typically this is often done with an SAS70 review, but I doubt that would work in the more specific case of a security-oriented audit.

(These experiences resulted in a substantial reworking of SP so as to place the Access Engineers under SP, directly as part of CAcert.)

iang

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Re: Board inquisition of Multi-member escrow, (continued)

List archive

Re: Board inquisition of Multi-member escrow