Skip to Content.
Sympa Menu

cacert-sysadm - [Cacert-sysadm] secured mail through CAcert now working (why?)

cacert-sysadm AT lists.cacert.org

Subject: CAcert System Admins discussion list

List archive

[Cacert-sysadm] secured mail through CAcert now working (why?)


Chronological Thread 
  • From: IanG <iang AT cacert.org>
  • To: Evaldo Gardenali <evaldo AT gardenali.biz>, Teus Hagen <teus AT theunis.org>, Rasika Dayarathna <dayarathna AT gmail.com>, CAcert System Administrators <cacert-sysadm AT lists.cacert.org>
  • Cc: Jens Paul <cacert AT canyonsport.de>, Greg Stark <17_gs AT rubyservices.com>, Henrik Heigl <henrik AT cacert.org>, CAcert Board <cacert-board AT lists.cacert.org>, audit AT cacert.org, Sebastian Kueppers <cacert AT kueppers.ath.cx>, Mario Lipinski <cacert AT l4w.info>
  • Subject: [Cacert-sysadm] secured mail through CAcert now working (why?)
  • Date: Tue, 08 Apr 2008 13:20:04 +0200
  • List-archive: <http://lists.cacert.org/pipermail/cacert-sysadm>
  • List-id: CAcert System Admins discussion list <cacert-sysadm.lists.cacert.org>
I've gone through Daniel's email process and set up the email for the address above, and got it working [1]. He has set up some instructions over at the wiki, which we can all follow and improve:

    http://wiki.cacert.org/wiki/CommunityEmail



It's probably worthwhile to recall why he is doing this.

At the 'top' there was a discussion about setting up better support for encrypting email, a little because of general threats to our email [2] but mostly because as a CA we should be able to show we can do it, comprehensively. "Eat your own dogfood" the Americans say. A way to meet our mission.

Encrypting everything somehow conflicted with another discussion about escrowing official email, coming out of the Arbitration and Threats discussions. Escrow was considered to be a serious benefit if we ever get hit by legal discovery, because the email is then already collected. This will save us a heap of bureaucracy [3].

=============
m20070920.2: Agreed to ask that the new email system can be set up to automatically archive everything on "official" lists. Privacy officer to be consulted before actually implementing it.
=============

As we know, encrypted lists are a "hard problem". The rough high level design was felt to be using CAcert servers as the IMAP/POP/SMTP servers for all official traffic. This way, we could do both encrypted mail (over TLS) and also do the escrow part (by central capture).

The first phase of this work is now complete, there is a complete setup of encrypted servers available.



This leaves some phases left.

1.  the escrowed system as mentioned in m20070920.2.

2. a policy by which people are allocated email addresses @ cacert.org . This is currently before M-SC, see wiki.

3. a related initiative to give wider access to the community access to this sort of protected email. The current working title for this is community.cacert.org. Who then is to be given this access? Full Assurers? All Members? 150 point Assurers?

For these items, there are a lot of details to work out. Of course, all this can change. But the basic work done so far is good and useful.

Meanwhile, all, it will help to setup your email addresses so we can move over to this method, as per the decision(s) agreed at 'top'.



iang @ cacert . org



[1] Temporarily, as I don't want an "official" address, I'll work with the "community" address when it turns up.

[2] Which created an unusual and delicious tension with the policy to be open in all things.

[3] I agree that this benefit can only be appreciated by those who've been through American-style legal discovery :)


Archive powered by MHonArc 2.6.16.

Top of Page