Policy-Discussion

[Alex Robertson <alex-uk AT cacert.org>]

Hi all

On 27/05/2014 22:39, Benedikt Heintel wrote:
> Dear Alex,
>
> Can we agree, that you are okay with the concept with not sharing keys
> but not okay with not sharing accounts?
It might be worth considering "At what point does an account become 
"shared"?"

I'm actually not against the general principle of "not sharing" - I'm 
perhaps rather more pragmatic about it - it is likely to happen whatever 
we may say here so I would rather reinforce the liability on the account 
holder if this happens - so it's probably more a matter of agreeing 
wording. "Should" and "should not" indicate expected behaviour and 
better allow for the reiteration of the consequences if a person should 
stray.... we need to encourage as much as we can rather than coerce.

Please also note IanG's comment in the side-discussion that he would 
have written it as I did - so it may come to a "culture" difference - 
anglo v euro - one difference is that the anglo system tends to leave 
rather more leeway for judges (in our case arbitrators) to interpret

I'd also rather not *totally* block unforeseen "legitimate" reasons for 
sharing an account - one such might be assistance to disabled members in 
the community (Unlike Eva, I see that as a level of sharing) and 
similarly accounts set up by parents for children (although these days 
it is probably more likely to be the other way round!) I know that we do 
have minors as members (we wouldn't need POJAM otherwise! :)  )

> I see a majority here, that agrees on not sharing accounts and keys
> (2.3.5 and 2.5.3/2.5.4).[1]
I see it as nearing that - again I raise a caution that any division 
appears to be euro v anglo so perhaps we need to take care that both 
sides are reasonably happy about the wording- CAcert still operates 
under anglo based law - which is where IanG and I both come from....
> Not sharing means of course the voluntary sharing.
Not sharing = voluntaty sharing?? (I know what you mean though :)  )
> I do not see a forced
> (by force or law) revelation of credentials as sharing.
I'd really, really like to see that made explicit somewhere - although I 
suspect Eva might see this somewhat differently...
>   This is the
> reason, I oppose the change in 2.5.4.
Agree in principle - don't add excessive or unnecessary verbiage - KISS 
(Keep is short and simple) is a good thought. In practice I can take it 
"either way"
> Regards,
> Benedikt
>
> [1] Personally, I would not add "and not share" in 2.5.3, because the
> clause is about Security.
Agree - whatever is said should be in one place only - either would 
work, but 2.3 is probably a little more appropriate.

Regards

Alex

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature