A better approach to security

[Luca Capello <luca AT pca.it>]

Hi there!

On Sat, 09 Apr 2011 11:45:24 +0200, Mario Lipinski wrote:
> Am 2011-04-09 01:47, schrieb Frank Brückner:
>> CAcert Inc. secretary's certificate with common name "CAcert WoT User"
>> doesn't look that nice.
>
> the reason for this is because the private key is available to CAcert
> Inc. So I do not want this for a personalized certificate. I consider
> this as necessary as CAcert Inc. still needs to be able to decrypt
> information sent to an office bearer if he becomes unavailable.

Well, your first post contained:

  From: "CAcert Inc. Secretary (Mario Lipinski)" 
<secretary AT cacert.org>

You used a "personalized address", so what is really the problem in
using that as CN as well?

FYI, at least another CAcert.org official address already does the same
(Bcc:ed so he is aware I mentioned it):

  Subject: CN=Bernhard 
Froehlich,EMAIL=education AT cacert.org

> The sent certificate contains the email address 
> secretary AT cacert.org,
>  so
> it is to some extent someone who is allowed to use the address. And it
> is Class 3, this means it has been created on an account which identity
> is at least know to CAcert.
>
> So this should suffice.

I am sorry but it is not: you have an official position, so you are not
"yet another CAcert WoT User".

Thx, bye,
Gismo / Luca

Attachment: pgpQSZsC5tBqN.pgp
Description: PGP signature