cacert
/
cacert-policies
8
1
Fork 0
Code Issues 3 Pull Requests 1 Packages Projects Releases Wiki Activity

fix of

Browse Source 
~65 html errors -and-
 ~14 html warnings


git-svn-id: http://svn.cacert.org/CAcert/Policies@2473 14b1bab8-4ef6-0310-b690-991c95c89dfd
pull/1/head
Ulrich Schroeter 12 years ago
parent 6cbe2fc8b3
commit 2fc63e4118
1 changed files with 84 additions and 82 deletions
Show Stats Download Patch File Download Diff File

166
CertificationPracticeStatement.html
Unescape Escape View File

@ -1,4 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<!-- !DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta name="copyright" content="CAcert Inc http://www.cacert.org/">
@ -83,7 +85,7 @@ a:hover {
Suggested <span class="change">additions in BLUE</span>, <span class="strike">strikes in blue</span>.<br />
</span>
Michael T&auml;nzer <span class="change">20111113</span>: CPS #7.1.2 "Certificate Extensions" adjustments<br />
Ulrich Schroeter <span class="change">20130309</span>: several minor fixes according to <a href="https://svn.cacert.org/CAcert/Policies/PolicyOnPolicy.html">PoP 2.5</a> and <a href="https://bugs.cacert.org/view.php?id=1131">Bug #1131</a>
Ulrich Schroeter <span class="change">20130309</span>: several minor fixes according to <a href="https://svn.cacert.org/CAcert/Policies/PolicyOnPolicy.html">PoP 2.5</a> and <a href="https://bugs.cacert.org/view.php?id=1131">Bug #1131</a></p>
<ul>
<li><span class="change">20111113</span> changes are still incorporated in the revision on main website but not in the svn revision, so therefor copied over CPS revision from CAcert main website to SVN policy working directory as source of changes</li>
<li>header reformated to reflect new header style</li>
@ -94,8 +96,8 @@ a:hover {
<li>img src images/ fixes</li>
<li>.php to .html fixes per <a href="https://bugs.cacert.org/view.php?id=1131">Bug #1131</a></li>
<li>replace all NRP-DaL references with text Root Distribution License and RootDistributionLicense.html link</li>
</ul><br />
</p>
<li>fix of ~65 html errors and ~14 html warnings</li>
</ul>
<hr />
@ -126,7 +128,7 @@ Licence: <a style="color: steelblue" href="https://wiki.cacert.org/Policy#Licenc
<!-- $Id: CertificationPracticeStatement.html,v 1.3 2012-07-27 16:00:29 wytze Exp $ -->
<font size="-1">
<div style="font size:-1;">
<ol>
<li> <a href="#p1">INTRODUCTION</a>
@ -234,7 +236,7 @@ Licence: <a style="color: steelblue" href="https://wiki.cacert.org/Policy#Licenc
</li>
</ol>
</font>
</div>
@ -252,7 +254,7 @@ and applies to all CAcert PKI Participants,
including Assurers, Members, and CAcert itself.
</p>
<p>
<p><br />
</p>
<h3><a name="p1.2" id="p1.2">1.2. Document name and identification</a></h3>
@ -330,8 +332,8 @@ for each class of certificate.
<!--
<li>
Some content is incorporated under
<!-- <a href="http://xkcd.com/license.html">Creative Commons license</a> -->
<!-- from <a href="http://xkcd.com/">xkcd.com</a>. -->
<a href="http://xkcd.com/license.html">Creative Commons license</a>
from <a href="http://xkcd.com/">xkcd.com</a>.
198 177 515
</li>
-->
@ -470,8 +472,8 @@ and risks, liabilities and obligations in
<center>
<table border="1" cellpadding="5">
<tr>
<td colspan="2"><center><i>Type</center></i></td>
<td colspan="2"><center><i>Appropriate Certificate uses</center></i></th>
<td colspan="2"><center><i>Type</i></center></td>
<td colspan="2"><center><i>Appropriate Certificate uses</i></center></td>
</tr>
<tr>
<th>General</th>
@ -728,7 +730,7 @@ and will be submitted to vendors via the (Top-level) Root.
<table border="1" cellpadding="5">
<tr>
<td></td>
<td colspan="5"><center><i>Level of Assurance</center></i></td>
<td colspan="5"><center><i>Level of Assurance</i></center></td>
<th> </th>
</tr>
<tr>
@ -736,7 +738,7 @@ and will be submitted to vendors via the (Top-level) Root.
<th colspan="2"><center> Members &dagger; </center></th>
<th colspan="2"><center> Assured Members</center></th>
<th colspan="1"><center> Assurers </center></th>
<th colspan="1"><center> </center></th>
<th colspan="1"><center>&nbsp; </center></th>
</tr>
<tr>
<td><i>Class of Root</i></td>
@ -745,12 +747,12 @@ and will be submitted to vendors via the (Top-level) Root.
<td>Anon</td>
<th>Name</th>
<td>Name+Anon</td>
<td colspan="1"><center><i>Remarks</center></i></td>
<td colspan="1"><center><i>Remarks</i></center></td>
</tr>
<tr>
<td><center>Top level<br><big><b>Root</b></big></center></td>
<td> <center> <font title="pass." color="green" size="+3"> &bull; </font> </center> </th>
<td> <center> <font title="pass." color="green" size="+3"> &bull; </font> </center> </th>
<td> <center> <font title="pass." color="green" size="+3"> &bull; </font> </center> </td>
<td> <center> <font title="pass." color="green" size="+3"> &bull; </font> </center> </td>
<td> <center> <font title="pass." color="green" size="+3"> &bull; </font> </center> </td>
<td> <center> <font title="pass." color="green" size="+3"> &bull; </font> </center> </td>
<td> <center> <font title="pass." color="green" size="+3"> &bull; </font> </center> </td>
@ -759,7 +761,7 @@ and will be submitted to vendors via the (Top-level) Root.
<tr>
<td><center><big><b>Member</b></big><br>SubRoot</center></td>
<td> <center> <font title="pass." color="green" size="+3"> &#10004; </font> </center> </td>
<td> <center> <font title="pass." color="red" size="+3"> &#10008; </font> </center> </th>
<td> <center> <font title="pass." color="red" size="+3"> &#10008; </font> </center> </td>
<td> <center> <font title="pass." color="green" size="+3"> &#10004; </font> </center> </td>
<td> <center> <font title="pass." color="green" size="+3"> &#10004; </font> </center> </td>
<td> <center> <font title="pass." color="green" size="+3"> &#10004; </font> </center> </td>
@ -767,8 +769,8 @@ and will be submitted to vendors via the (Top-level) Root.
</tr>
<tr>
<td><center><big><b>Assured</b></big><br>SubRoot</center></td>
<td> <center> <font title="pass." color="red" size="+3"> &#10008; </font> </center> </th>
<td> <center> <font title="pass." color="red" size="+3"> &#10008; </font> </center> </th>
<td> <center> <font title="pass." color="red" size="+3"> &#10008; </font> </center> </td>
<td> <center> <font title="pass." color="red" size="+3"> &#10008; </font> </center> </td>
<td> <center> <font title="pass." color="green" size="+3"> &#10004; </font> </center> </td>
<td> <center> <font title="pass." color="green" size="+3"> &#10004; </font> </center> </td>
<td> <center> <font title="pass." color="green" size="+3"> &#10004; </font> </center> </td>
@ -776,8 +778,8 @@ and will be submitted to vendors via the (Top-level) Root.
</tr>
<tr>
<td><center><big><b>Organisation</b></big><br>SubRoot</center></td>
<td> <center> <font title="pass." color="red" size="+3"> &#10008; </font> </center> </th>
<td> <center> <font title="pass." color="red" size="+3"> &#10008; </font> </center> </th>
<td> <center> <font title="pass." color="red" size="+3"> &#10008; </font> </center> </td>
<td> <center> <font title="pass." color="red" size="+3"> &#10008; </font> </center> </td>
<td> <center> <font title="pass." color="green" size="+3"> &#10004; </font> </center> </td>
<td> <center> <font title="pass." color="green" size="+3"> &#10004; </font> </center> </td>
<td> <center> <font title="pass." color="green" size="+3"> &#10004; </font> </center> </td>
@ -785,14 +787,14 @@ and will be submitted to vendors via the (Top-level) Root.
</tr>
<tr>
<th>Expiry of Certificates</th>
<td colspan="2"><center>6 months</center></th>
<td colspan="3"><center>24 months</center></th>
<td colspan="2"><center>6 months</center></td>
<td colspan="3"><center>24 months</center></td>
</tr>
<tr>
<th>Types</th>
<td colspan="2"><center>client, server</center></th>
<td colspan="2"><center>wildcard, subjectAltName</center></th>
<td colspan="1"><center>code-signing</center></th>
<td colspan="2"><center>client, server</center></td>
<td colspan="2"><center>wildcard, subjectAltName</center></td>
<td colspan="1"><center>code-signing</center></td>
<td> (Inclusive to the left.) </td>
</tr>
</table>
@ -817,14 +819,14 @@ look at the CPS to figure it out.
<table border="1" cellpadding="5">
<tr>
<td></td>
<td colspan="4"><center><i>Level of Assurance</center></i></td>
<td colspan="4"><center><i>Level of Assurance</i></center></td>
<th> </th>
</tr>
<tr>
<th></th>
<th colspan="2"><center>Members</center></th>
<th colspan="2"><center>Assured Members</center></th>
<th colspan="1"><center> </center></th>
<th colspan="1"><center>&nbsp; </center></th>
</tr>
<tr>
<td><i>Class of Root</i></td>
@ -832,7 +834,7 @@ look at the CPS to figure it out.
<td>Named</td>
<td>Anonymous</td>
<th>Named</th>
<td colspan="1"><center><i>Remarks</center></i></td>
<td colspan="1"><center><i>Remarks</i></center></td>
</tr>
<tr>
<td><center>Class<br><big><b>1</b></big></center></td>
@ -844,21 +846,21 @@ look at the CPS to figure it out.
</tr>
<tr>
<td><center>Class<br><big><b>3</b></big></center></td>
<td> <center> <font title="pass." color="red" size="+3"> &#10008; </font> </center> </th>
<td> <center> <font title="pass." color="red" size="+3"> &#10008; </font> </center> </th>
<td> <center> <font title="pass." color="red" size="+3"> &#10008; </font> </center> </td>
<td> <center> <font title="pass." color="red" size="+3"> &#10008; </font> </center> </td>
<td> <center> <font title="pass." color="green" size="+3"> &#10004; </font> </center> </td>
<td> <center> <font title="pass." color="green" size="+3"> &#10004; </font> </center> </td>
<td> Assured Members only.<br> Intended for Reliance. </center> </td>
<td> <center> Assured Members only.<br> Intended for Reliance. </center> </td>
</tr>
<tr>
<th>Expiry of Certificates</th>
<td colspan="2"><center>6 months</center></th>
<td colspan="2"><center>24 months</center></th>
<td colspan="2"><center>6 months</center></td>
<td colspan="2"><center>24 months</center></td>
</tr>
<tr>
<th>Types available</th>
<td colspan="2"><center>simple only</center></th>
<td colspan="2"><center>wildcard, subjectAltName</center></th>
<td colspan="2"><center>simple only</center></td>
<td colspan="2"><center>wildcard, subjectAltName</center></td>
</tr>
</table>
@ -992,7 +994,7 @@ As per above.
<b><a name="d_assured" id="d_assured">Assured Member</a></b>.
A Member whose identity has been sufficiently
verified by Assurers or other
approved methods under Assurance Policy.</p>
approved methods under Assurance Policy.
</p>
<p>
<b><a name="d_assurer" id="d_assurer">Assurer</a></b>.
@ -1029,14 +1031,14 @@ As per above.
Root Distribution License (<a href="https://www.cacert.org/policy/RootDistributionLicense.html">COD14</a>).
</p>
<p>
<b><a name="rel" id="d_reliance">Reliance</a></b>.
<b><a name="d_reliance" id="d_reliance">Reliance</a></b>.
An industry term referring to
the act of making a decision, including taking a risk,
which decision is in part or in whole
informed or on the basis of the contents of a certificate.
</p>
<p>
<b><a name="rel" id="rel">Relying Party</a></b>.
<b><a name="d_relparty" id="d_relparty">Relying Party</a></b>.
An industry term refering to someone who relies
(that is, makes decisions or takes risks)
in part or in whole on a certificate.
@ -1050,19 +1052,19 @@ As per above.
are not used here.
</p>
<p>
<b><a name="ver" id="d_verification">Verification</a></b>.
<b><a name="d_verification" id="d_verification">Verification</a></b>.
An industry term referring to
the act of checking and controlling
the accuracy and utility of a single claim.
</p>
<p>
<b><a name="ver" id="d_validation">Validation</a></b>.
<b><a name="d_validation" id="d_validation">Validation</a></b>.
An industry term referring to the process of
inspecting and verifying the information and
subsidiary claims behind a claim.
</p>
<p>
<b><a name="rel" id="rel">Usage</a></b>.
<b><a name="usage" id="usage">Usage</a></b>.
The event of allowing a certificate to participate in
a protocol, as decided and facilitated by a user's software.
Generally, Usage does not require significant input, if any,
@ -1091,7 +1093,7 @@ As per above.
The audit criteria that controls this CPS.
The CCS is documented in COD2, itself a controlled document under CCS.
</p>
<p>
<p>
<b><a name="d_cod" id="d_cod">CAcert Official Document</a></b> (COD).
Controlled Documents that are part of the CCS.
@ -1316,7 +1318,7 @@ See
Certificates containing International Domain Names, being those containing a
ACE prefix (<a href="http://www.ietf.org/rfc/rfc3490#section-5">RFC3490
Section 5</a>), will only be issued to domains satisfying one or more
of the following conditions:
of the following conditions:</p>
<ul>
<li>The Top Level Domain (TLD) Registrar associated with the domain has a policy
that has taken measures to prevent two homographic domains being registered to
@ -1327,14 +1329,14 @@ excluding the "Common" script, with the additionally allowed numberic
characters [0-9], and an ACSII hyphen '-'.
</li>
</ul>
</p>
<p>Email address containing International Domain Names in the domain portion of
the email address will also be required to satisfy one of the above conditions.
</p>
<p>
The following is a list of accepted TLD Registrars:
The following is a list of accepted TLD Registrars:</p>
<table>
<tr>
@ -1465,8 +1467,8 @@ The following is a list of accepted TLD Registrars:
</tr>
<tr>
<td>.lt</td>
<td><a href="http://www.domreg.lt/public?pg=&sp=&loc=en">Registry</a></td>
<td><a href="http://www.domreg.lt/public?pg=8A7FB6&sp=idn&loc=en">Policy</a> (<a href="http://www.domreg.lt/static/doc/public/idn_symbols-en.pdf">character list</a>)</td>
<td><a href="http://www.domreg.lt/public?pg=&amp;sp=&amp;loc=en">Registry</a></td>
<td><a href="http://www.domreg.lt/public?pg=8A7FB6&amp;sp=idn&amp;loc=en">Policy</a> (<a href="http://www.domreg.lt/static/doc/public/idn_symbols-en.pdf">character list</a>)</td>
</tr>
<tr>
@ -1533,7 +1535,7 @@ The following is a list of accepted TLD Registrars:
<td><a href="http://www.vnnic.vn/english/5-6-300-2-2-04-20071115.htm">Policy</a> (<a href="http://vietunicode.sourceforge.net/tcvn6909.pdf">character list</a>)</td>
</tr>
</table>
</p>
<p>
This criteria will apply to the email address and server host name fields for all certificate types.
@ -1784,7 +1786,7 @@ process or file a dispute.
<h2><a name="p4" id="p4">4. CERTIFICATE LIFE-CYCLE OPERATIONAL REQUIREMENTS</a></h2>
<p>
The general life-cycle for a new certificate for an Individual Member is:
The general life-cycle for a new certificate for an Individual Member is:</p>
<ol><li>
Member adds claim to an address (domain/email).
@ -1805,7 +1807,7 @@ The general life-cycle for a new certificate for an Individual Member is:
Member accepts certificate.
</li></ol>
</p>
<p>
(Some steps are not applicable, such as anonymous certificates.)
@ -1827,7 +1829,7 @@ On issuance of certificates, Members become Subscribers.
The Member can claim ownership or authorised control of
a domain or email address on the online system.
This is a necessary step towards issuing a certificate.
There are these controls:
There are these controls:</p>
<ul><li>
The claim of ownership or control is legally significant
and may be referred to dispute resolution.
@ -1838,7 +1840,7 @@ There are these controls:
the certificate application system automatically initiates the
check of control, as below.
</li></ul>
</p>
<h4><a name="p4.1.3" id="p4.1.3">4.1.3. Preparing CSR </a></h4>
@ -1889,7 +1891,7 @@ In principle, at least two controls are placed on each address.
<p>
<b><a name="ping">Email-Ping</a>.</b>
Email addresses are verified by means of an
<i><a name="ping">Email-Ping test</a></i>:
<i><a name="pingtest">Email-Ping test</a></i>:
</p>
<ul><li>
@ -1948,7 +1950,7 @@ following checks:
</li> </ol>
<p>
Notes.
Notes.</p>
<ul><li>
Other methods can be added from time to time by CAcert.
</li><li>
@ -1960,7 +1962,7 @@ Notes.
Domain control checks may be extended to apply to email control
in the future.
</li></ul>
</p>
<ul class="q">
<li> As of the time of writing, only a singular Email-ping is implemented in the technical system. </li>
@ -1996,7 +1998,7 @@ The Member has options available:
<h4><a name="p4.2.4" id="p4.2.4">4.2.4. Client Certificate Procedures</a></h4>
<p>
For an individual client certificate, the following is required.
For an individual client certificate, the following is required.</p>
<ul>
<li>The email address is claimed and added. </li>
<li>The email address is ping-tested. </li>
@ -2007,12 +2009,12 @@ For an individual client certificate, the following is required.
<li>To include a Name, the Name must be assured to at least fifty points. </li>
</ul>
</p>
<h4><a name="p4.2.5" id="p4.2.5">4.2.5. Server Certificate Procedures</a></h4>
<p>
For a server certificate, the following is required:
For a server certificate, the following is required:</p>
<ul>
<li>The domain is claimed and added. </li>
<li>The domain is checked twice as above. </li>
@ -2022,7 +2024,7 @@ For a server certificate, the following is required:
at least fifty points of Assurance. </li>
</ul>
</p>
<h4><a name="p4.2.6" id="p4.2.6">4.2.6. Code-signing Certificate Procedures</a></h4>
@ -2115,7 +2117,7 @@ algorithm following the process:
</li></ol>
<center>
<table border="1" align="center" valign="top" cellpadding="5"><tbody>
<table style="border:1; align:center; valign:top; cellpadding:5;"><tbody>
<tr>
<td><br></td>
<td>Verified Name</td>
@ -2385,7 +2387,7 @@ See Table 4.5.2.
<table border="1" cellpadding="5">
<tr>
<td></td>
<td colspan="4"><center><i>Statements of Reliance for Members</center></i></td>
<td colspan="4"><center><i>Statements of Reliance for Members</i></center></td>
</tr>
<tr>
<td><i>Class of Root</i></td>
@ -2397,7 +2399,7 @@ See Table 4.5.2.
<td rowspan="2" bgcolor="red">
<b>Do not rely.</b><BR>
Relying party must use other methods to check. </td>
<td rowspan="2" bgcolor="orange">
<td rowspan="2" bgcolor="#FFA500">
Do not rely.
Although the named Member has been Assured by CAcert,
reliance is not defined with Class 1 root.<BR>
@ -2408,7 +2410,7 @@ See Table 4.5.2.
</tr>
<tr>
<td><center>Class<br><big><b>3</b></big></center></td>
<td rowspan="2" bgcolor="orange">
<td rowspan="2" bgcolor="#FFA500">
Do not rely on the Name (being available).
The Member has been Assured by CAcert,
but reliance is undefined.</td>
@ -2670,13 +2672,13 @@ No stipulation.
<h3><a name="p5.1" id="p5.1">5.1. Physical controls</a></h3>
<p>
Refer to Security Policy (<a href="https://svn.cacert.org/CAcert/Policies/SecurityPolicy.html">COD8</a>)
Refer to Security Policy (<a href="https://svn.cacert.org/CAcert/Policies/SecurityPolicy.html">COD8</a>)</p>
<ul><li>
Site location and construction - SP2.1
</li><li>
Physical access - SP2.3
</li></ul>
</p>
<h4><a name="p5.1.3" id="p5.1.3">5.1.3. Power and air conditioning</a></h4>
@ -2777,7 +2779,7 @@ Roles strive in general for separation of duties, either along the lines of
<td><b>Role</b></td> <td><b>Policy</b></td> <td><b>Comments</b></td>
</tr><tr>
<td>Assurer</td>
<td><a href="https://www.cacert.org/policy/AssurancePolicy.html"> COD13</td>
<td><a href="https://www.cacert.org/policy/AssurancePolicy.html"> COD13</a></td>
<td>
Passes Challenge, Assured to 100 points.
</td>
@ -2909,7 +2911,7 @@ Refer to Security Policy 5, 6 (<a href="https://svn.cacert.org/CAcert/Policies/S
(Refer to <a href="#p1.4">&sect;1.4</a> for limitations to service.)
</p>
</p>
<h3><a name="p5.8" id="p5.8">5.8. CA or RA termination</a></h3>
@ -2934,11 +2936,11 @@ party for the sole purpose of issuing revocations.
Member information will be securely destroyed.
</p>
<span class="change">
<p>
<p><span class="change">
The CA cannot be transferrred to another organisation.
</p>
</span>
</span></p>
<p>
<s>
@ -2957,23 +2959,23 @@ dispute after notification
See &sect;9.13.
</s>
</p>
<s>
<ul class="error">
<ul class="error" style="text-decoration:line-through;">
<li> The ability to transfer is not given in any of CCA, PP or AP! </li>
<li> The Board does not have the power to terminate a policy, that is the role of policy group! </li>
<li> The right to transfer was against the principles of the CAcert? </li>
<li> Check Association Statutes.... </li>
</ul>
</s>
<span class="change">
<s>
<p>
<p><span class="strike">
New root keys and certificates will be made available
by the new organisation as soon as reasonably practical.
by the new organisation as soon as reasonably practical.</span>
</p>
</s>
</span>
<h4><a name="p5.8.2" id="p5.8.2">5.8.2 RA termination</a></h4>
@ -4069,7 +4071,7 @@ That is, all requests are treated as disputes,
as only a duly empanelled Arbitrator has the
authorisation and authority to rule on the
such requests.
<p>
</p>
<p>
A subpoena should

Write Preview
Loading…
Cancel
Save