Subject: Policy-Discussion
List archive
- From: Ian G <iang AT cacert.org>
- To: cacert-policy AT lists.cacert.org
- Subject: Re: next steps?
- Date: Sun, 17 Feb 2013 09:36:39 +0300
On 17/02/13 01:45 AM, Benedikt Heintel wrote:
No Objections with PoJAM.
Not me, neither. I read it, I'd vote AYE if the vote were posted.
Security Policy (SP) should undergo a review and should be made ISO
27001 conform. It's on my task list but not on priority 1.
I'm thinking the same. We could pull in the team leaders for the critical areas and ask them to work through their sections. It's too important a policy to not give it as good a thrashing as we can. So, maybe later?
These other issues below -- I'll do under another email because they are interesting but less priority.
iang
One Policy I like to add is CP / CPS. It is not totally compliant to RFC
3647. The RFC states one policy or at least one practice statement per
(sub-)CA. As I figured out, CAcert has 4 CAs: Test (no security),
Anonymous (low security), Named and Organisation (medium security).
Not really covered is the security need for code signing. However,
CAcert is not capable to issue high security certificates at the moment.
This is also on my task list, after SP is done.
Regards
Benedikt
Am 15.02.2013 20:58, schrieb Ian G:
Any other suggestions?To pick up on this, some other suggestions have circulated:
* move PoJAM to POLICY
* move Security Policy to POLICY
- RE: Vote on p20130222 PoJAM to POLICY, (continued)
- RE: Vote on p20130222 PoJAM to POLICY, Alex Robertson, 02/22/2013
- Re: Vote on p20130222 PoJAM to POLICY, Brian McCullough, 02/22/2013
- Re: Vote on p20130222 PoJAM to POLICY, Guillaume ROMAGNY, 02/23/2013
- Re: Vote on p20130222 PoJAM to POLICY, Werner Dworak, 02/23/2013
- Re: Vote on p20130222 PoJAM to POLICY, Jan Dittberner, 02/23/2013
- Re: Vote on p20130222 PoJAM to POLICY, Philipp Dunkel, 02/23/2013
- RE: Vote on p20130222 PoJAM to POLICY, Megan C. Robertson, 02/23/2013
- Re: Vote on p20130222 PoJAM to POLICY, Bernd Jantzen, 02/23/2013
- Re: next steps?, Benedikt Heintel, 02/16/2013
- RE: next steps?, ulrich, 02/17/2013
- Re: next steps?, Ian G, 02/17/2013
- Re: next steps?, Ian G, 02/17/2013
- Re: next steps?, Benedikt Heintel, 02/23/2013
- Re: next steps?, Werner Dworak, 02/25/2013
- Re: next steps?, Guillaume ROMAGNY, 02/25/2013
- Re: next steps?, Werner Dworak, 02/25/2013
- Re: next steps?, Benedikt Heintel, 02/23/2013
Archive powered by MHonArc 2.6.16.