Skip to Content.
Sympa Menu

cacert-sysadm - Re: [Cacert-sysadm] CAcert email address snafu

cacert-sysadm AT lists.cacert.org

Subject: CAcert System Admins discussion list

List archive

Re: [Cacert-sysadm] CAcert email address snafu


Chronological Thread 
  • From: IanG <iang AT cacert.org>
  • To: Sam Johnston <samj AT samj.net>
  • Cc: Philipp Guehring <philipp AT cacert.org>, CAcert System Administrators <cacert-sysadm AT lists.cacert.org>
  • Subject: Re: [Cacert-sysadm] CAcert email address snafu
  • Date: Wed, 27 Aug 2008 15:46:32 +0200
  • List-archive: <http://lists.cacert.org/pipermail/cacert-sysadm>
  • List-id: CAcert System Admins discussion list <cacert-sysadm.lists.cacert.org>

Sam Johnston wrote:
Ian,

If you propose something which is mandatory you will raise the bar /significantly/ for adding domains to accounts (currently you have to do nothing - my proposal assuming we need to 'fix' this is to give a number of options), and if you propose something which is optional and anything other than the path of least resistance then nobody will use it.


The bar needs to be raised /significantly/ ... right now
domain checking is an audit fail.

How it is done is preferably not being proposed by me. It doesn't have to be mandatory, but something needs to be mandatory, that's the nature of checks.

I imagine it is a combination of things.

   * email check on any usage
   * statement of ownership or delegated control
   * some sort of expiry check
   * one of the below:
     1. regular control checks
     2. showing of control of DNS
     3. showing of authority via registry
     4. showing of control via website change.

many variations are possible.


How were you expecting that this check would work anyway, given it can't be automated? We need to have domains 'assured' too now?


$ whois iang.org | grep CAcert-auth

It looks a lot simpler to me than checking DNS, but I gather
DNS is checkable via other programs. Or, have I missed something?

iang





Archive powered by MHonArc 2.6.16.

Top of Page