CAcert System Admins discussion list

[Philipp Dunkel <p.dunkel AT cacert.org>]

I agree 100% w/ Teus on this.

---
Philipp Dunkel
p.dunkel AT cacert.org
---
I am not balding, you just can't see the encrypted portions of my hair.
---

On 2008-12-04, at 14:22, Teus Hagen wrote:

> ....
> > OK, let's ask the board directly:
> >
> > Does the board have any objection if the network layout information  
> > be
> > published?
> >
> > As a wider question, how would we deal with this issue?  There  
> > might be
> > another 100 documents that are currently private, secret, because of
> > fears that they be used against us by attackers.  But those fears are
> > often overdone, and they cause costs.
> >
> > How about this:  if we come across a private, secret document that we
> > reasonably can now claim to be better off being published, then we
> > notify the appropriate lists that in 1 month, the document will be
> > published, unless there are any comments to the contrary?
> >
> > And in that month, people can ask for a private copy to review and  
> > think
> > about the disclosure?  If no objections are filed, then in 1 month,  
> > we
> > shove it on a wiki, and it is now public.
> At the TOP secrecy of documents were discussed. I cannot find a clear
> decision of the board at that time in the TOP-minutes, but my
> interpretation (and handling of this matter in the board at the time I
> was on the board) is as follows:
> Documents are open and for inspection (Greg Rose at that time  
> president
> of CAcert said (my memory): "Of course it is open and present for  
> public
> inspection...". For those documents which are not disclosed this has  
> to
> be defined per document. At the TOP-meeting: privacy info on disputes
> and arbiters (for decision by the arbiter). More well: info from
> background checks, private part of Rootkey, passwords. That is as  
> far as
> I am aware of.
>
> I am not turning the question around now for the infrastructure
> question: If infrastructure info is advised from the system admin  
> group
> (the only experts on this) then ask the board to agree and it will be
> closed info.
>
> Personal opinion: infrastructure should be disclosed. For an  
> attacker it
> saves him a few seconds but that is all. For us it save a lot of  
> time as
> others will review it and it saves us errors, but not time...:-) due  
> to
> never ending discussions.
>
> teus
> > .....
> > > Probably not. I don't see much benefit in secrecy of the network  
> > > layout.
> >
> >
> > My thoughts too.  Thanks for debating this!
> >
> > iang
> >
> > _______________________________________________
> > CAcert-sysadm mailing list
> > CAcert-sysadm AT lists.cacert.org
> > https://lists.cacert.org/cgi-bin/mailman/listinfo/cacert-sysadm
> _______________________________________________
> CAcert-Board mailing list
> CAcert-Board AT lists.cacert.org
> https://lists.cacert.org/cgi-bin/mailman/listinfo/cacert-board

Attachment: smime.p7s
Description: S/MIME cryptographic signature