cacert-sysadm AT lists.cacert.org
Subject: CAcert System Admins discussion list
List archive
Re: [Cacert-sysadm] important element missing from Security Policy and Security Manual
Chronological Thread
- From: "Ian G (Audit)" <iang AT cacert.org>
- To: CAcert System Administrators <cacert-sysadm AT lists.cacert.org>, CAcert Board <cacert-board AT lists.cacert.org>
- Subject: Re: [Cacert-sysadm] important element missing from Security Policy and Security Manual
- Date: Thu, 26 Feb 2009 23:04:19 +0100
- Authentication-results: lists.cacert.org; dkim=neutral header.i= AT cacert.org; dkim-asp=none
- List-archive: <http://lists.cacert.org/pipermail/cacert-sysadm>
- List-id: CAcert System Admins discussion list <cacert-sysadm.lists.cacert.org>
On 26/2/09 22:26, Robert Cruikshank BOARD wrote:
I have obtained the domain password but have not arranged to move the
domains to an Australian registrar yet. Rob
Teus Hagen wrote:
No there are efforts going on to put DNS fully under direct control of
CAcert Inc. by Robert Cruikshank. There is a board decision about this.
I do not know how far Robert is progressing on this.
OK, so we can say that the CAcert domain name is under direct CAcert control, or the control of the Board.
Need we say more? The domain doesn't say anything about the DNS. Normally we'd expect that the DNS servers are one of the following:
* DNS servers operated by the registry (in this case the aussie one).
* DNS servers operated by a commercial party (I use DNSmadeeasy.com).
* DNS servers operated by "friends" ... such as Members.
* DNS servers operated by CAcert.
Do we have a view on that?
(Maybe we are waiting for the domain registry to be moved before touching the DNS question ... sure. But maybe we can also think about it now.)
iang
On 02/26/2009 04:36 PM, Wytze van der Raay wrote:
Hi Ian (and others),
I think we are still missing one important element in the Security
Policy
and Security Manual. This concerns the management of the DNS for
cacert.org.
CAcert's operations are critically dependent on the correctness of
some of
the DNS entries under the cacert.org domain. So I think this needs to be
specified in some detail in the security documentation.
(Un?)fortunately I don't know how this is organised right now. All I
know
is from observing the contents of 'whois cacert.org' and the NS
entries for
cacert.org. Apparently CAcert Inc., owner of the domain, has
subcontracted
its DNS service to an Austrian organisation operating under the domain
go-now.at. It is *not* under control of the critical system
administrators.
Probably the CAcert board and/or Philipp can give you more information.
Best regards,
-- wytze
------------------------------------------------------------------------
_______________________________________________
CAcert-sysadm mailing list
CAcert-sysadm AT lists.cacert.org
https://lists.cacert.org/cgi-bin/mailman/listinfo/cacert-sysadm
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
- [Cacert-sysadm] important element missing from Security Policy and Security Manual, Wytze van der Raay, 02/26/2009
- Re: [Cacert-sysadm] important element missing from Security Policy and Security Manual, Teus Hagen, 02/26/2009
- Re: [Cacert-sysadm] important element missing from Security Policy and Security Manual, Robert Cruikshank BOARD, 02/26/2009
- Re: [Cacert-sysadm] important element missing from Security Policy and Security Manual, Ian G (Audit), 02/26/2009
- Re: [Cacert-sysadm] important element missing from Security Policy and Security Manual, Robert Cruikshank BOARD, 02/26/2009
- Re: [Cacert-sysadm] important element missing from Security Policy and Security Manual, Teus Hagen, 02/26/2009
Archive powered by MHonArc 2.6.16.