2008-04-16 15:04:47 +00:00
<?xml version="1.0" encoding="utf-8"?>
2008-04-16 15:40:19 +00:00
< !DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
2008-04-16 15:04:47 +00:00
< html xmlns = "http://www.w3.org/1999/xhtml" >
< head >
< title >
CAcert Communication Policy (CCP)
< / title >
< / head >
< body >
< h1 >
CAcert Communication Policy (CCP)
< / h1 >
< p >
2008-04-16 15:09:07 +00:00
< a href = "../PolicyOnPolicy.html" > < img src = "Images/cacert-wip.png" alt = "CAcert Work In Progress" height = "31" width = "88" style = "border-style: none;" / > < / a > < br / >
2008-04-16 15:04:47 +00:00
Author: Sam Johnston< br / >
Creation date: 2008-04-16< br / >
Status: WIP 2008-04-16< br / >
Next status: DRAFT 2008-04-XX< br / >
<!-- $Id$ -->
< / p >
< h2 >
0. Preliminaries
< / h2 >
< p >
This CAcert policy describes how CAcert communicates as required for achieving its mission.
< / p >
< h2 >
1. Scope
< / h2 >
2008-04-24 09:51:16 +00:00
< p >
CAcert Community Members are subjected to the CAcert Communication Agreement (CCA).
< / p >
2008-04-16 15:04:47 +00:00
< p >
This policy is applicable to:< br / >
< / p >
< ol >
2008-04-21 11:38:26 +00:00
< li > Press Releases and Announcements
2008-04-16 15:08:28 +00:00
< / li >
< li > Internet Email
< / li >
2008-04-18 16:28:19 +00:00
< li > Internet Relay Chat (IRC)
< / li >
2008-04-16 15:04:47 +00:00
< / ol >
< h2 >
2. Requirements
< / h2 >
< p >
This section describes all CAcert communication channels.< br / >
< / p >
< ol >
2008-04-16 15:08:28 +00:00
< li >
2008-04-21 11:38:26 +00:00
< strong > Press Releases and Announcements< / strong > < br / >
2008-04-16 15:04:47 +00:00
< ol style = "list-style-type: lower-alpha;" >
2008-04-24 09:51:16 +00:00
< li > CAcert Community Members MAY communicate on their areas, but these are considered community views.
2008-04-21 11:38:26 +00:00
< / li >
< li > Targeted announcements MAY be sent to a minority subset of users who have opted-in to receiving information on the topic.
< / li >
< li > Press releases and official announcements MUST be approved by the board and issued via:< br / >
2008-04-16 15:04:47 +00:00
< ol style = "list-style-type: lower-roman;" >
2008-04-19 08:49:56 +00:00
< li > Digitally signed email to appropriate mailing list(s).
2008-04-16 15:08:28 +00:00
< / li >
< li > Posting and indefinite archiving on the official CAcert web site(s)
< / li >
2008-04-16 15:04:47 +00:00
< / ol >
< / li >
< / ol >
2008-04-16 15:08:28 +00:00
< / li >
< li >
< strong > Internet Email< / strong > < br / >
2008-04-16 15:04:47 +00:00
< ol style = "list-style-type: lower-alpha;" >
< li >
2008-04-19 08:49:56 +00:00
< strong > Email Aliases< / strong > are official email addresses within the CAcert domain(s) (eg john@cacert.org).< br / >
2008-04-16 15:04:47 +00:00
< ol style = "list-style-type: lower-roman;" >
2008-04-19 08:49:56 +00:00
< li > All official CAcert communications MUST be conducted using an official address, which is typically a forwarding service.
2008-04-16 15:04:47 +00:00
< / li >
2008-04-19 08:49:56 +00:00
< li > Access to full accounts (available only to officials listed on the organisation chart) SHALL be available via web interface and standard mail protocols.
2008-04-16 15:04:47 +00:00
< / li >
2008-04-19 08:49:56 +00:00
< li > Outbound mail SHOULD contain the full name and short reference to the official capacity of the user: < i > John Citizen (CAcert AO) < john@cacert.org> < / i > .
2008-04-16 15:04:47 +00:00
< / li >
< li > Role accounts (eg support@cacert.org) SHALL be implemented as a mailing list or automated issue tracking system as appropriate.
< / li >
< / ol >
< / li >
< li >
2008-04-19 08:49:56 +00:00
< strong > Mailing Lists< / strong > are automated distribution lists containing CAcert community members.< br / >
2008-04-16 15:04:47 +00:00
< ol style = "list-style-type: lower-roman;" >
2008-04-19 08:49:56 +00:00
< li > List management (new list creation, dead list removal) SHALL be managed by the board.
2008-04-18 16:31:39 +00:00
< / li >
2008-04-19 08:49:56 +00:00
< li > List membership SHALL be restricted to CAcert Community members and all posts are contributions, as described in the CCA.
2008-04-16 15:04:47 +00:00
< / li >
< li > Lists SHALL follow the naming convention of cacert-< listname> @lists.cacert.org, with important lists (eg support, board) aliased @cacert.org
< / li >
< li > List policy SHALL be set on a per-list basis (eg open/closed, searchable archives, etc.)< br / >
< ol >
2008-04-19 08:49:56 +00:00
< li > Open lists (eg cacert-policy) shall be accessible by anyone (including Internet search engines) and closed lists (eg cacert-board) only by list members.
2008-04-16 15:04:47 +00:00
< / li >
< li > Posting to discussion lists (eg cacert-policy) MUST be restricted to list members and MUST NOT be restricted for role lists (eg cacert-board).
< / li >
< li > Messages which do not meet list policy (eg size, non-member) MUST be immediately rejected.
< / li >
< / ol >
< / li >
2008-04-19 08:49:56 +00:00
< li > Subscription requests MUST be confirmed by the requestor and subscriber lists MUST NOT be revealed..
2008-04-16 15:04:47 +00:00
< / li >
2008-04-19 08:49:56 +00:00
< li > Web based archives SHALL be maintained and authentication MUST reflect list policy.
2008-04-16 15:04:47 +00:00
< / li >
< / ol >
< / li >
< li >
2008-04-21 11:38:26 +00:00
< strong > Automated Email< / strong > is sent by various CAcert systems automatically< br / >
2008-04-16 15:04:47 +00:00
< ol style = "list-style-type: lower-roman;" >
2008-04-19 08:49:56 +00:00
< li > All new automated emails MUST be approved by the board.
2008-04-16 15:04:47 +00:00
< / li >
< li > Automated emails SHOULD only be sent in response to a user action.
< / li >
< / ol >
< / li >
< li >
< strong > Personal Email< / strong > is individual personal addresses of CAcert Community members (eg john@gmail.com).< br / >
< ol style = "list-style-type: lower-roman;" >
< li > Personal email MUST NOT be used for official CAcert purposes.
< / li >
< / ol >
< / li >
< / ol >
< / li >
2008-04-18 16:28:19 +00:00
< li >
< strong > Internet Relay Chat (IRC)< / strong > < br / >
< ol style = "list-style-type: lower-alpha;" >
< li > An IRC service SHALL be maintained at irc.cacert.org which SHALL be available via SSL.
< / li >
< / ol >
< / li >
2008-04-16 15:04:47 +00:00
< / ol >
< h2 >
3. Implementation
< / h2 >
< p >
This section describes how CAcert communication channels are to be implemented.
< / p >
< ol >
2008-04-16 15:08:28 +00:00
< li >
< strong > General< / strong > < br / >
2008-04-16 15:04:47 +00:00
< ol style = "list-style-type: lower-alpha;" >
< li > CAcert System Administrators SHALL have discretion as to the technical implementation of this policy and SHALL report status to the board periodically.
< / li >
2008-04-16 15:08:28 +00:00
< / ol >
< / li >
< li >
< strong > Security< / strong > < br / >
< ol style = "list-style-type: lower-alpha;" >
< li > Authentication (where required) MUST be done via username and password and/or CAcert certificate.
2008-04-16 15:04:47 +00:00
< / li >
2008-04-16 15:08:28 +00:00
< li > Transport encryption MUST be used where possible.
< / li >
< li > Content encryption MAY be used where appropriate.
< / li >
< li > All outbound mail SHOULD be digitally signed.
< / li >
< / ol >
< / li >
< li >
< strong > Internet Email< / strong > < br / >
< ol style = "list-style-type: lower-alpha;" >
2008-04-23 14:11:08 +00:00
< li > All mails MUST be securely archived.
2008-04-16 15:08:28 +00:00
< / li >
< li > All mails MUST be subject to appropriate spam prevention mechanisms (eg SpamAssassin, greylisting).
< / li >
< li > All mails MUST be subject to appropriate virus and content filtering (eg ClamAV, content types).
2008-04-16 15:04:47 +00:00
< / li >
< / ol >
< / li >
< / ol >
< p >
2008-04-16 15:09:07 +00:00
< a href = "http://validator.w3.org/check?uri=referer" > < img src = "Images/valid-xhtml11-blue" alt = "Valid XHTML 1.1" height = "31" width = "88" style = "border-style: none;" / > < / a >
2008-04-16 15:04:47 +00:00
< / p >
< / body >
< / html >
