<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#ffffff">
On 12/16/2008 01:11 AM, Peter Williams:
<blockquote
cite="mid:BFBC0F17A99938458360C863B716FE463981A6FAD9@simmbox01.rapnt.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-priority:99;
mso-style-link:"Plain Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.5pt;
font-family:Consolas;}
span.PlainTextChar
{mso-style-name:"Plain Text Char";
mso-style-priority:99;
mso-style-link:"Plain Text";
font-family:Consolas;}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 92.4pt 1.0in 92.4pt;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="Section1">
<p class="MsoPlainText">Oh, it’s got just so much so very more
interesting!</p>
</div>
</blockquote>
<br>
I really, really don't want to get into this here....but a few hints
nevertheless ;-)<br>
<br>
<blockquote
cite="mid:BFBC0F17A99938458360C863B716FE463981A6FAD9@simmbox01.rapnt.com"
type="cite">
<div class="Section1">
<p class="MsoPlainText"><o:p></o:p></p>
<br>
<p class="MsoPlainText">On looking into this with trivial effort (far
below the level
of reasonableness of a security professional) :-<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText" style="margin-left: 0.5in;">"Note that
certificate
authorities whose certificates are included in this package are not in
any way
audited for trustworthiness and RFC 3647 compliance, and that full
responsibility to assess them rests with the user."<o:p></o:p></p>
<p class="MsoPlainText" style="margin-left: 0.5in;">[<a class="moz-txt-link-freetext" href="http://packages.debian.org/etch/ca-certificates">http://packages.debian.org/etch/ca-certificates</a>]</p>
</div>
</blockquote>
<br>
They added this disclaimer after we almost succeeded in getting a
friends hobby CA certificate included about two years ago. The
maintainer apparently realized it and removed the bug - and added this
disclaimer.<br>
<br>
<br>
<blockquote
cite="mid:BFBC0F17A99938458360C863B716FE463981A6FAD9@simmbox01.rapnt.com"
type="cite">
<div class="Section1">
<p class="MsoPlainText" style="margin-left: 0.5in;"><o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">Now, yesterday the CA parties on whom the
election software
was configured to rely may have been (though strangely, Eddy CA's is
also
reputed to have worked:)</p>
</div>
</blockquote>
<br>
Because it's in the Mozilla builtin CA certificates.<br>
<br>
<blockquote
cite="mid:BFBC0F17A99938458360C863B716FE463981A6FAD9@simmbox01.rapnt.com"
type="cite">
<div class="Section1">
<p class="MsoPlainText"><o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">Now, don’t I recall Eddy recommend (as a
purported member,
and claiming Nominator of a Candidate) that CA.Cert is not a body the
Foundation
would really want to associate to closely with -- let alone be partly
responsible for the integrity of its election process?<o:p></o:p></p>
<p class="MsoPlainText" style="margin-left: 0.5in;"><o:p> </o:p></p>
<p class="MsoPlainText" style="margin-left: 0.5in;">" Give me a
break....not
going to argue here at OpenID about the use of CAcert, but it's
basically crap!
Not even worth the digital paper those certs are issued on. And their
relying
parties agreement is worse than anything else I've seen in this
industry so
far. Even worse than VeriSign! Neither does CAcert represent Open
Source (sick)
nor anything open at all. Read their subscriber agreement, my friend,
educate
yourself!"
[<a class="moz-txt-link-freetext" href="http://openid.net/pipermail/general/2008-December/006831.html">http://openid.net/pipermail/general/2008-December/006831.html</a>]<o:p></o:p></p>
<p class="MsoPlainText"><o:p><br>
</o:p></p>
</div>
</blockquote>
<br>
Here some hints for the interested. Check out
blog.CAcert.org/2008/09/327.html and quoting from
wiki.cacert.org/wiki/PolicyDrafts/FAQ:<br>
<br>
<blockquote>...where as in CAcert's Community, only members are
permitted to be relying parties. For us, the net users are covered in
the NRP-DaL and are permitted to USE not RELY.<br>
</blockquote>
Therefore, do what you think is best for the foundation. <br>
<br>
<br>
<div class="moz-signature">
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td colspan="2">Regards </td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td>Signer: </td>
<td>Eddy Nigg, <a href="http://www.startcom.org">StartCom Ltd.</a></td>
</tr>
<tr>
<td>Jabber: </td>
<td><a href="xmpp:startcom@startcom.org">startcom@startcom.org</a></td>
</tr>
<tr>
<td>Blog: </td>
<td><a href="http://blog.startcom.org">Join the Revolution!</a></td>
</tr>
<tr>
<td>Phone: </td>
<td>+1.213.341.0390</td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
</tbody>
</table>
</div>
</body>
</html>