cacert-sysadm AT lists.cacert.org
Subject: CAcert System Admins discussion list
List archive
- From: IanG <iang AT cacert.org>
- To: Sam Johnston <samj AT samj.net>
- Cc: Philipp Guehring <philipp AT cacert.org>, CAcert System Administrators <cacert-sysadm AT lists.cacert.org>
- Subject: Re: [Cacert-sysadm] CAcert email address snafu
- Date: Wed, 27 Aug 2008 15:46:32 +0200
- List-archive: <http://lists.cacert.org/pipermail/cacert-sysadm>
- List-id: CAcert System Admins discussion list <cacert-sysadm.lists.cacert.org>
Sam Johnston wrote:
Ian,
If you propose something which is mandatory you will raise the bar /significantly/ for adding domains to accounts (currently you have to do nothing - my proposal assuming we need to 'fix' this is to give a number of options), and if you propose something which is optional and anything other than the path of least resistance then nobody will use it.
The bar needs to be raised /significantly/ ... right now
domain checking is an audit fail.
How it is done is preferably not being proposed by me. It doesn't have to be mandatory, but something needs to be mandatory, that's the nature of checks.
I imagine it is a combination of things.
* email check on any usage
* statement of ownership or delegated control
* some sort of expiry check
* one of the below:
1. regular control checks
2. showing of control of DNS
3. showing of authority via registry
4. showing of control via website change.
many variations are possible.
How were you expecting that this check would work anyway, given it can't be automated? We need to have domains 'assured' too now?
$ whois iang.org | grep CAcert-auth
It looks a lot simpler to me than checking DNS, but I gather
DNS is checkable via other programs. Or, have I missed something?
iang
- Re: [Cacert-sysadm] CAcert email address snafu, (continued)
- Re: [Cacert-sysadm] CAcert email address snafu, IanG, 08/12/2008
- Re: [Cacert-sysadm] CAcert email address snafu, samj, 08/12/2008
- Message not available
- Re: [Cacert-sysadm] CAcert email address snafu, samj, 08/17/2008
- Message not available
- Re: [Cacert-sysadm] CAcert email address snafu, samj, 08/17/2008
- Message not available
- Re: [Cacert-sysadm] CAcert email address snafu, IanG, 08/18/2008
- Re: [Cacert-sysadm] CAcert email address snafu, Sam Johnston, 08/19/2008
- Re: [Cacert-sysadm] CAcert email address snafu, IanG, 08/19/2008
- Re: [Cacert-sysadm] CAcert email address snafu, Sam Johnston, 08/20/2008
- Re: [Cacert-sysadm] CAcert email address snafu, IanG, 08/22/2008
- Re: [Cacert-sysadm] CAcert email address snafu, Sam Johnston, 08/22/2008
- Re: [Cacert-sysadm] CAcert email address snafu, IanG, 08/28/2008
- Re: [Cacert-sysadm] CAcert email address snafu, Sam Johnston, 08/28/2008
- Re: [Cacert-sysadm] CAcert email address snafu, IanG, 08/29/2008
- Re: [Cacert-sysadm] CAcert email address snafu, Sam Johnston, 08/29/2008
- Re: [Cacert-sysadm] CAcert email address snafu, Philipp Guehring, 08/16/2008
- Re: [Cacert-sysadm] CAcert email address snafu, IanG, 08/17/2008
- Re: [Cacert-sysadm] CAcert email address snafu, samj, 08/17/2008
- Re: [Cacert-sysadm] CAcert email address snafu, samj, 08/17/2008
- Re: [Cacert-sysadm] CAcert email address snafu, IanG, 08/17/2008
- Re: [Cacert-sysadm] CAcert email address snafu, samj, 08/18/2008
- Re: [Cacert-sysadm] CAcert email address snafu, IanG, 08/18/2008
Archive powered by MHonArc 2.6.16.