Policy-Discussion

[Ian G <iang AT cacert.org>]

On 29/05/2014 03:51 am, Benny Baumann wrote:
> Hi ianG,
>
> text near end of mail.
>
> Am 28.05.2014 05:03, schrieb Ian G:
>> ...
>> Speaking for myself, I would not want an addition that did not solve a
>> problem.  As stated above c.f., "context", it doesn't solve a problem
>> that I can see.  We already have text that says the keys & account have
>> to be secured.  Which implies or dominates the term "context" as far as
>> I can see.
> It doesn't fully cover the case where I as an Org Admin deploy an Org
> Server certificate (without explicit agreement) on my private webserver.

How can you represent yourself as the Org if you haven't explicit
agreement?  Isn't that a deception, plain and simple?

> The addition tells you exactly that this is not allowed (because context
> of Org Server Cert = the servers of that organization vs. Conext of use
> = my private webserver do not match up --> forbidden).


?  You worked that out without a rule.  Why wouldn't the Arbitrator find
it so?



iang


> Yes, 2.54. only
> covers small details and most people won't notice them in their dayly
> live, but when confronted with edge cases this addition solves quite a
> lot of questions by providing a easy to follow guideline.
>> iang
> Regards,
> BenBE.
>