Skip to Content.
Sympa Menu

cacert-policy - Re: Results of Audit session 2015.1

Subject: Policy-Discussion

List archive

Re: Results of Audit session 2015.1


Chronological Thread 
  • From: Benny Baumann <benbe AT cacert.org>
  • To: cacert-policy AT lists.cacert.org
  • Subject: Re: Results of Audit session 2015.1
  • Date: Sat, 15 Aug 2015 13:11:45 +0200

Am 15.08.2015 um 00:08 schrieb Eva Stöwe:
> Hi,
>
> sure, the part does not change anything. It is just optional. And for
> the next overwork of the assurance policy it may be an idea to remove it.
>
> But as it is not doing anything, it is not a sensible investment of our
> time and resources, to do a policy change just to remove this.
>
> We would have to come to a consensus, edit the document as a DRAFT, get
> it through Software and do the same for POLICY again, shortly afterwards.
>
> So please let us discuss more relevant things. There are a lot and there
> is a huge agenda.
For example there was a proposal for Policy on Policy to loosen the form
requirement of the policy documents to only cover the policy text (and
structure).

Also there has been for nearly half a year where Policy Group could get
independent policy-wise from the Software Team thus you' just need to
modify the place to find policies and loosen the format requirements and
you can have changes up and running as fast and often as you want. The
system to host this is already available.

Kind regards,
Benny Baumann
>
>
>
> On 14.08.2015 18:51, Benny Baumann wrote:
>> Am 14.08.2015 um 10:39 schrieb Karl-Heinz Gödderz:
>>> Hi, I'm new here.
>>>
>>> So my question:
>>>
>>> Can't
>>>
>>> 'Using the same CAP form for reciprocal assurance is not recommended'
>>>
>>> be meant as to change the AP so that in reciprocal Assurance there have
>>> to be two CAPs?
>> As each assurer is required to keep the original CAP form you have to
>> produce two originals in the first place: One for each direction of
>> assurance.
>>
>> IMHO the paragraph can be removed; if at all necessary a remark in the
>> AH could be done two clarify handling in this situation. But AFAIC the
>> policy is clear even with both Benedikt's change AND without a
>> clarification in the AH; thus no further work needed than to remove the
>> paragraph as suggested.
>>
>>>
>>> best regards
>>> Karl-Heinz
>> Kind regards,
>> BenBE.
>>>
>>> Am 13.08.2015 um 00:29 schrieb Eva Stöwe:
>>>> Hello Benedikt,
>>>>
>>>> if you make a proposal for a policy change can you please post the
>>>> situation before and after the change, or better, mark what you want to
>>>> have deleted, so that everybody can see the context of the change?
>>>>
>>>> Thank you.
>>>>
>>>>> @Policy Group:
>>>>> As result of the audit session, I propose to change the Assurance
>>>>> Policy:
>>>>>
>>>>> Remove the sentence "Optional: If the Assurance is reciprocal, then the
>>>>> Assurer's email address and Secondary Distinguishing Feature are
>>>>> required as well;" from § 4.5 of the Assurance Policy. (see [3]).
>>>>>
>>>>> The new text will be then:
>>>>>
>>>>> 4.5. CAcert Assurance Programme (CAP) form
>>>>>
>>>>> The CAcert Assurance Programme (CAP) form requests the following details
>>>>> of each Member or Prospective Member:
>>>>> * Name(s), as recorded in the on-line account;
>>>>> * Primary email address, as recorded in the on-line account;
>>>>> * Secondary Distinguishing Feature, as recorded in the on-line
>>>>> account (normally, date of birth);
>>>>> * Statement of agreement with the CAcert Community Agreement;
>>>>> * Permission to the Assurer to conduct the Assurance (required for
>>>>> privacy reasons);
>>>>> * Date and signature of the Assuree.
>>>>>
>>>>> The CAP form requests the following details of the Assurer:
>>>>> * A least one Name as recorded in the on-line account of the Assurer;
>>>>> * Assurance Points for each Name in the identity document(s);
>>>>> * Statement of Assurance;
>>>>> * Date, location of Assurance and signature of Assurer.
>>>>>
>>>>> The CAP forms are to be kept at least for 7 years by the Assurer.
>>>> Anyway: I am definitely against this change. NAY from me.
>>>>
>>>> While I do not like the idea of a reciprocal assurance being performed
>>>> with one CAP form, but it is allowed to do. Also the AP allows to have
>>>> the CAP forms hold by the assuree, if the Assurer has issues to do so.
>>>> If only one document is used for both assurances, than both are assurer
>>>> and assuree, so the information of both is required.
>>>>
>>>
>>
>>
>


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature




Archive powered by MHonArc 2.6.18.

Top of Page