Subject: A better approach to security
List archive
- From: Florian Hannemann <florian AT hannemann.me.uk>
- To: cacert AT lists.cacert.org
- Subject: Re: Member with unnormal amount of accounts
- Date: Mon, 8 Feb 2010 15:46:56 +0100
Hi
On 08.02.2010, at 01:04, Nathan Edward Tuggy wrote:
> On 2010-02-07 15:23, Florian Hannemann wrote:
>>
>> On 07.02.2010, at 01:15, Lambert Hofstra wrote:
>>
>>>> b) one can not assure somebody else using the multiple identities.
>>>>
>>>>
>>> Correct: you can only assure someone once. At the time of the
>>> face-to-face meeting the assurer and assuree check each others identity
>>> papers, and the assurer can assure (give points to) the assuree.. Any
>>> member that gets more assurances than face-to-face meetings should file a
>>> dispute.
>>>
>> hm isn't it possible to get some kind of..... lets say "assurance refresh"
>> ?
>> I mean you are right you shouldn't be allowed to assure someone with more
>> than one account, but why shouldn't you assure someone again after a while
>> (maybe years)?
>
> It seems to me this would only be safe if assurance points somehow expired
> or depreciated or something -- otherwise it would simply take a few years
> to get any number of people to full Assurer status without proper
> oversight, as a single Assurer could assure each of them every two years or
> whatever until they achieved full points. Perhaps not the worst thing in
> the world, as it's a bit hard to construct a horrible attack scenario with
> this, but not ideal either -- doesn't fit "four eyes" very well. And
> generally speaking, attack scenarios only get worse.
>
> Obviously, if assurance points expired after two years (as I think I've
> heard suggestions for occasionally), this wouldn't be a problem, but that
> would introduce its own set of problems.
Ok different idea... Why not assuring someone after some years without giving
him new points? I mean I got already someone who assured me with zero points,
don't know if that was because of a 100 Points (but no test taken) policy or
for what ever reason. but it looks like it is possible to assure someone
without giving him points.
cu Florian
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
-
Re: Member with unnormal amount of accounts
, (continued)
- Re: Member with unnormal amount of accounts, Dominik George, 02/07/2010
-
Re: Member with unnormal amount of accounts,
Mario Lipinski, 02/07/2010
- Re: Member with unnormal amount of accounts, Lambert Hofstra, 02/07/2010
- Re: Member with unnormal amount of accounts, Ian G, 02/08/2010
- Re: Member with unnormal amount of accounts, James A. Donald, 02/07/2010
- Re: Member with unnormal amount of accounts, Philipp Guehring, 02/07/2010
-
Re: Member with unnormal amount of accounts,
Lambert Hofstra, 02/07/2010
-
Re: Member with unnormal amount of accounts,
Florian Hannemann, 02/07/2010
-
Re: Member with unnormal amount of accounts,
Nathan Edward Tuggy, 02/08/2010
- Re: Member with unnormal amount of accounts, Florian Hannemann, 02/08/2010
-
Re: Member with unnormal amount of accounts,
Nathan Edward Tuggy, 02/08/2010
-
Re: Member with unnormal amount of accounts,
Florian Hannemann, 02/07/2010
Archive powered by MHonArc 2.6.24.