CAcert System Admins discussion list

[Daniel Black <daniel AT cacert.org>]

On Tuesday 15 December 2009 00:19:22 
dieter.hennig AT id.ethz.ch
 wrote:
> Dear all,
> 
> In reference to the two CAcert root certificates, both hashed by the
> MD5-algorithm, I would like to ask you to please follow instructions as
>  seen below:
> 
> http://wiki.cacert.org/Brain/Study/Bug665
> 

I mentioned a plan to replace an intermediary certificate before. As a 
simpler 
alternate can we stop issuing certificates of the class3 and only issue them 
of the current class1/root cert?

1. get policy group to ok us moving all issuing off this the current root 
cert 
only.

2. prepare software changes and documentation changes to account for this

3. prepare blog press release and FAQ

4. switch software and release blog press release

5. answer all support questions

6. relax

I think we've established that this bug 665 issue:
1. this is about the perception of security and its real risk is irrelevant
2. removing blocks to Universitaet Zuerich - Informatikdienste (UZH) and 
Institute of Technology Zurich (ETHZ) deploying it
3. is a separate issue from the new roots program

This will make our software more incompatible with our planned CPS however I 
think the benefits are worth it. We've proved we can run multiple roots 
before 
and we can do it again when the audit comes around.

Is this good/better/bad/ugly and why?

-- 
Daniel Black
Infrastructure Administrator
CAcert