cacert-sysadm AT lists.cacert.org

Subject: CAcert System Admins discussion list

List archive

[Cacert-sysadm] important element missing from Security Policy and Security Manual

From: Wytze van der Raay <wytze AT deboca.net>
To: Ian G <iang AT cacert.org>, CAcert System Administrators <cacert-sysadm AT lists.cacert.org>
Subject: [Cacert-sysadm] important element missing from Security Policy and Security Manual
Date: Thu, 26 Feb 2009 16:36:41 +0100
List-archive: <http://lists.cacert.org/pipermail/cacert-sysadm>
List-id: CAcert System Admins discussion list <cacert-sysadm.lists.cacert.org>

Hi Ian (and others),

I think we are still missing one important element in the Security Policy
and Security Manual. This concerns the management of the DNS for cacert.org.
CAcert's operations are critically dependent on the correctness of some of
the DNS entries under the cacert.org domain. So I think this needs to be
specified in some detail in the security documentation.
(Un?)fortunately I don't know how this is organised right now. All I know
is from observing the contents of 'whois cacert.org' and the NS entries for
cacert.org. Apparently CAcert Inc., owner of the domain, has subcontracted
its DNS service to an Austrian organisation operating under the domain
go-now.at. It is *not* under control of the critical system administrators.
Probably the CAcert board and/or Philipp can give you more information.

Best regards,
-- wytze

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

[Cacert-sysadm] important element missing from Security Policy and Security Manual, Wytze van der Raay, 02/26/2009
- Re: [Cacert-sysadm] important element missing from Security Policy and Security Manual, Teus Hagen, 02/26/2009
  - Re: [Cacert-sysadm] important element missing from Security Policy and Security Manual, Robert Cruikshank BOARD, 02/26/2009
    - Re: [Cacert-sysadm] important element missing from Security Policy and Security Manual, Ian G (Audit), 02/26/2009