I really don’t think a consensus was reached over the issue of what to do with unassured people issuing certificates. Long term my thoughts were to disable most functions from anyone not assured, but that requires some kind of critical mass which I just don’t think we have at present.
I think intent plays a big part here, by that I mean if you are utilising CAcert for certificates to secure emails, or even just IRC you’re more likely to stop using CAcert and go back to self signing if you’re not assured, where as those pushing to stop having unassured people issue certificates tend to fall into one of two camps, those assured, or those that think SSL can in some way greatly increase security, and I guess to an extent those already assured are perhaps leaning towards the latter as well.
So I guess here is my challenge to those wanting for a more secure internet, get out there and start assuring more people, because this then leads to critical mass which allows us the ability of making decisions based on merit rather then knee jerk.
I agree on the side that unassured people shouldn’t issue their certificates. But on the other side reaching the critical mass to shut the unassured certificates down is somewhat hard. For example in my Country (Hungary) actually we have 1 (ONE) assurer. A he can only issue 35 points, if he had time to meet someone (as a big company’s director). There are only a few notaries who can underdstand english, or even the logic behind the TTP programme. So there are obstacles, and i think this isn’t a local problem for us, and to manage these obstacles it needs time.
And in that time there is need of translated information, so for my side i begun to create a site in my language.
That is actually the most I can do, until i can meet my 2 independent english speaking TTP 🙂