A better approach to security

[Hans Witvliet <hwit AT a-domani.nl>]

On Sat, 2010-02-06 at 14:54 -0500, John W. Moore III wrote:
> Dominik George wrote:
> 
> > My general question is: Shouldn't there be a limit as to how many 
> > accounts a 
> > single person can have? Of course this is hard to handle, but what we 
> > experience here rather reselmbles vandalism and makes CAcert work 
> > inefficient 
> > (it keeps at least one case manager and one arbitrator plus several 
> > assurers 
> > working, while there are far too few arbitrators).
> 
> Actually, the crux of the Question should be "How many Accounts should a
> single individual _control_?"  Imagine the scenario where a single
> entity controlled 4 Accounts.  What, if any, 'check' exists to prevent
> this individual from using all the Accounts to assure each other thereby
> allowing self-assurance up to the 100pt Assurer level on all 4?
> 
I don't think that the number of accounts should matter.
However, it should perhaps stated more clearly that if one holds more
then one account:
a) one can not assure them selves (by means of the oher identity)
b) one can not assure somebody else using the multiple identities.

Afaics that should be obvious