David A. Bandel
Tue, 24 Aug 1999 10:04:23 -0700
This is going to be a sticky issue. But I recommend that if you do this it be done this way: Anyone wishing to verify a candidate's status would have to do the following (and via Apache w/ SSL or some other secure server): 1. enter both the candidates last name and an LPI assigned ID number 2. enter their own e-mail address (They would only receive information regarding the date and level of current certification(s), nothing about failures or attempts or even scores.) 3. have a way for candidates to receive an e-mail (if desired) with the e-mail of the querying party (and a secure way to change this option at any time) 4. let those who are querying the database know beforehand that the candidate may receive information regarding the query. I am not familiar with the laws of many countries, but some are sticklers for privacy. Records of accesses will need to be maintained (the suggested Apache w/ SSL will log this). This is assuming the laws of all countries with candidates even allows what is suggested in the contents of this message. Otherwise, some dispensation would be required for that candidate (obviously). Ciao, David A. Bandel ________________________________________________________________________ This message was sent by the linux-cert mailing list. To unsubscribe: echo unsubscribe | mail -s '' [EMAIL PROTECTED]