CAcert System Admins discussion list

[IanG <iang AT cacert.org>]

samj AT samj.net
 wrote:
> CN schotzophrenia absolutely needs to be nailed down. I believe the
> world believes that when CAcert sets CN it is via the WoT, and we
> should work to make reality match expectation.


OK.  What change should be made to Organisation Assurance to 
make the CN be an assured name?


> For domain ownership forget about registry databases and whois-we
> can't access them universally and corrupting whois data can result in
> domain loss.


I'm not sure I understand either of those parts.  What do 
you mean by "we can't access them universally?" ... unless 
you mean the oddity that Philipp posted on microsoft.com 
(what is happening there, btw?)

Corrupting:  I didn't see mention of corruption, what do you 
mean?


> On the other hand, random, repeated, automated checks are kosher, but
> not for humans as this leads to phishing. So, checking a cname record
> exists or a HTML file or a metatag or just some cookie could raise the
> bar somewhat, essentially for free.


OK, checking DNS, like a cname record.  Checking a HTML file 
or a metatag works also.

As Philipp pointed out it doesn't cover all the territory. 
But neither does the status quo.

iang