Skip to Content.
Sympa Menu

cacert-policy - Re: Results of Audit session 2015.1

Subject: Policy-Discussion

List archive

Re: Results of Audit session 2015.1


Chronological Thread 
  • From: Benny Baumann <benbe AT cacert.org>
  • To: cacert-policy AT lists.cacert.org
  • Subject: Re: Results of Audit session 2015.1
  • Date: Fri, 14 Aug 2015 18:51:30 +0200

Am 14.08.2015 um 10:39 schrieb Karl-Heinz Gödderz:
> Hi, I'm new here.
>
> So my question:
>
> Can't
>
> 'Using the same CAP form for reciprocal assurance is not recommended'
>
> be meant as to change the AP so that in reciprocal Assurance there have
> to be two CAPs?
As each assurer is required to keep the original CAP form you have to
produce two originals in the first place: One for each direction of
assurance.

IMHO the paragraph can be removed; if at all necessary a remark in the
AH could be done two clarify handling in this situation. But AFAIC the
policy is clear even with both Benedikt's change AND without a
clarification in the AH; thus no further work needed than to remove the
paragraph as suggested.

>
> best regards
> Karl-Heinz
Kind regards,
BenBE.
>
> Am 13.08.2015 um 00:29 schrieb Eva Stöwe:
>> Hello Benedikt,
>>
>> if you make a proposal for a policy change can you please post the
>> situation before and after the change, or better, mark what you want to
>> have deleted, so that everybody can see the context of the change?
>>
>> Thank you.
>>
>>> @Policy Group:
>>> As result of the audit session, I propose to change the Assurance Policy:
>>>
>>> Remove the sentence "Optional: If the Assurance is reciprocal, then the
>>> Assurer's email address and Secondary Distinguishing Feature are
>>> required as well;" from § 4.5 of the Assurance Policy. (see [3]).
>>>
>>> The new text will be then:
>>>
>>> 4.5. CAcert Assurance Programme (CAP) form
>>>
>>> The CAcert Assurance Programme (CAP) form requests the following details
>>> of each Member or Prospective Member:
>>> * Name(s), as recorded in the on-line account;
>>> * Primary email address, as recorded in the on-line account;
>>> * Secondary Distinguishing Feature, as recorded in the on-line
>>> account (normally, date of birth);
>>> * Statement of agreement with the CAcert Community Agreement;
>>> * Permission to the Assurer to conduct the Assurance (required for
>>> privacy reasons);
>>> * Date and signature of the Assuree.
>>>
>>> The CAP form requests the following details of the Assurer:
>>> * A least one Name as recorded in the on-line account of the Assurer;
>>> * Assurance Points for each Name in the identity document(s);
>>> * Statement of Assurance;
>>> * Date, location of Assurance and signature of Assurer.
>>>
>>> The CAP forms are to be kept at least for 7 years by the Assurer.
>> Anyway: I am definitely against this change. NAY from me.
>>
>> While I do not like the idea of a reciprocal assurance being performed
>> with one CAP form, but it is allowed to do. Also the AP allows to have
>> the CAP forms hold by the assuree, if the Assurer has issues to do so.
>> If only one document is used for both assurances, than both are assurer
>> and assuree, so the information of both is required.
>>
>


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature




Archive powered by MHonArc 2.6.18.

Top of Page