cacert-sysadm AT lists.cacert.org
Subject: CAcert System Admins discussion list
List archive
- From: Wytze van der Raay <wytze AT deboca.net>
- To: Ian G <iang AT iang.org>
- Cc: CAcert System Administrators <cacert-sysadm AT lists.cacert.org>
- Subject: Re: [Cacert-sysadm] critical systems network/connectivity diagram
- Date: Tue, 02 Dec 2008 22:12:17 +0100
- List-archive: <http://lists.cacert.org/pipermail/cacert-sysadm>
- List-id: CAcert System Admins discussion list <cacert-sysadm.lists.cacert.org>
Hi Ian,
Ian G schreef:
> ...
> On the wider question of secrecy:
>
> It should perhaps be noted that the board last year at the September
> 'top' declared that CAcert should be an open organisation. The sense is
> that any specific exemptions would need to be argued. Clearly passwords
> fall easily into an exception. Recently, we've seen that the security
> manual, any threat modelling and so forth are all to be published, and
> the sky has not yet fallen in, but maybe we are in for a surprise there.
I am in full support of that policy.
> Although I understand the desire for keeping things private, there will
Don't get me wrong: I don't desire that these documents be kept private,
but I did not want to publish them inadvertently. I've noted that the
archive of the cacert-sysadm list is a publicly accessible resource on
the web, so anything written to this list is effectively public.
If the board (and the security manual :-)) agrees that this information
can be published, it should probably go into some wiki page, rather than
just passed along on this list.
> be a cost in administration. The present case -- those two PDFs of
> network layout -- immediately brings to mind one major question and some
> minor questions. Which leads to the next question: are the diagrams
> correct representations of the network?
They were at the time they were drawn up (October 2008), and they still are
I think.
> To answer this first question:
> a. can I ask on this list or any other list?
You can. But the only people who can provide reliable answers are people
who have been on-site recently.
> b. can I forward these diagrams to Oophaga people to confirm?
You can.
> c. do I need to organise a site visit to check myself?
You could, but it would be some kind of a last resort I guess.
> What would be a simple question -- is this correct -- is now more
> complex. Which will slow things down. Is the benefit in secrecy worth
> slowing down the administration of the CA?
Probably not. I don't see much benefit in secrecy of the network layout.
Best regards,
-- wytze
- [Cacert-sysadm] critical systems network/connectivity diagram, Ian G, 12/01/2008
- Re: [Cacert-sysadm] critical systems network/connectivity diagram, Wytze van der Raay, 12/02/2008
- Re: [Cacert-sysadm] critical systems network/connectivity diagram, Ian G, 12/02/2008
- Re: [Cacert-sysadm] critical systems network/connectivity diagram, Wytze van der Raay, 12/02/2008
- Re: [Cacert-sysadm] critical systems network/connectivity diagram, Ian G, 12/04/2008
- Re: [Cacert-sysadm] critical systems network/connectivity diagram, Teus Hagen, 12/04/2008
- Re: [Cacert-sysadm] [CAcert-Board] critical systems network/connectivity diagram, Philipp Dunkel, 12/04/2008
- Re: [Cacert-sysadm] critical systems network/connectivity diagram, Alejandro Mery Pellegrini, 12/04/2008
- Re: [Cacert-sysadm] critical systems network/connectivity diagram, Teus Hagen, 12/04/2008
- Re: [Cacert-sysadm] critical systems network/connectivity diagram, Ian G, 12/04/2008
- Re: [Cacert-sysadm] critical systems network/connectivity diagram, Wytze van der Raay, 12/02/2008
- Re: [Cacert-sysadm] critical systems network/connectivity diagram, Ian G, 12/02/2008
- Re: [Cacert-sysadm] critical systems network/connectivity diagram, Marco Hermans, 12/02/2008
- Re: [Cacert-sysadm] critical systems network/connectivity diagram, Wytze van der Raay, 12/02/2008
Archive powered by MHonArc 2.6.16.