Subject: Policy-Discussion
List archive
- From: <ulrich AT cacert.org>
- To: <cacert-policy AT lists.cacert.org>
- Subject: RE: next steps?
- Date: Sun, 17 Feb 2013 05:23:08 +0100
- Importance: Normal
current listing of root and subroots in CPS doesn't apply
to existing keys
all roots and subroots that counts
are listed under
https://wiki.cacert.org/Roots/StateOverview
+ the new root and subroots of the upcoming
new roots ceremony
(as defined in CPS as "new root")
testserver cacert1.it-sls.de root and subroot is completely out
of discussion to CPS as its freely available to all developers
via developers image and is explicitly declared
as a testserver root and testserver subroot
without this "open" testserver root and subroot
we hadn't made it happen of the class3 subroot replacement back
in 2011
testserver root and subroot status is defined: completely unsecure
and has no relation to the CAcert root and subroot
so therefor completely independent for testing and playing only
regards, uli ;-)
-----Original Message-----
From: Benedikt Heintel
[mailto:benedikt AT cacert.org]
Sent: Saturday, February 16, 2013 11:46 PM
To:
cacert-policy AT lists.cacert.org
Subject: Re: next steps?
No Objections with PoJAM.
Security Policy (SP) should undergo a review and should be made ISO
27001 conform. It's on my task list but not on priority 1.
One Policy I like to add is CP / CPS. It is not totally compliant to RFC
3647. The RFC states one policy or at least one practice statement per
(sub-)CA. As I figured out, CAcert has 4 CAs: Test (no security),
Anonymous (low security), Named and Organisation (medium security).
Not really covered is the security need for code signing. However,
CAcert is not capable to issue high security certificates at the moment.
This is also on my task list, after SP is done.
Regards
Benedikt
Am 15.02.2013 20:58, schrieb Ian G:
>>
>> Any other suggestions?
>
> To pick up on this, some other suggestions have circulated:
>
> * move PoJAM to POLICY
>
> * move Security Policy to POLICY
--
Benedikt Heintel -
benedikt AT cacert.org
CAcert Assurer for People & Organizations
CAcert.org - Secure Together
http://www.cacert.org
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
- Re: Vote on p20130222 PoJAM to POLICY, (continued)
- Re: Vote on p20130222 PoJAM to POLICY, Martin Gummi (CAcert.org), 02/23/2013
- RE: Vote on p20130222 PoJAM to POLICY, Alex Robertson, 02/22/2013
- Re: Vote on p20130222 PoJAM to POLICY, Brian McCullough, 02/22/2013
- Re: Vote on p20130222 PoJAM to POLICY, Guillaume ROMAGNY, 02/23/2013
- Re: Vote on p20130222 PoJAM to POLICY, Werner Dworak, 02/23/2013
- Re: Vote on p20130222 PoJAM to POLICY, Jan Dittberner, 02/23/2013
- Re: Vote on p20130222 PoJAM to POLICY, Philipp Dunkel, 02/23/2013
- RE: Vote on p20130222 PoJAM to POLICY, Megan C. Robertson, 02/23/2013
- Re: Vote on p20130222 PoJAM to POLICY, Bernd Jantzen, 02/23/2013
- Re: next steps?, Benedikt Heintel, 02/16/2013
- RE: next steps?, ulrich, 02/17/2013
- Re: next steps?, Ian G, 02/17/2013
- Re: next steps?, Ian G, 02/17/2013
- Re: next steps?, Benedikt Heintel, 02/23/2013
- Re: next steps?, Werner Dworak, 02/25/2013
- Re: next steps?, Guillaume ROMAGNY, 02/25/2013
- Re: next steps?, Werner Dworak, 02/25/2013
- Re: next steps?, Benedikt Heintel, 02/23/2013
Archive powered by MHonArc 2.6.16.