add DRAFT reference,

fix of links and img src to bug #1131
removing transfer revision of p20080401 to production


git-svn-id: http://svn.cacert.org/CAcert/Policies@2476 14b1bab8-4ef6-0310-b690-991c95c89dfd
This commit is contained in:
Ulrich Schroeter 2013-03-10 00:37:43 +00:00
parent cf8a0f8748
commit 4d29c8eca2
2 changed files with 71 additions and 461 deletions

View file

@ -1,4 +1,3 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <html xmlns="http://www.w3.org/1999/xhtml">
@ -11,37 +10,46 @@
} }
--> -->
</style> </style>
</head> </head>
<body> <body>
<div class="comment">
<table width="100%"><tr><td>
Name: OAP <a style="color: steelblue" href="//svn.cacert.org/CAcert/Policies/ControlledDocumentList.html">COD11</a><br />
Author: Jens Paul<br />
Creation date: 2007-09-18<br />
Status: POLICY/DRAFT 2007-09-18 <a style="color: steelblue" href="//wiki.cacert.org/wiki/TopMinutes-20070917">m20070918.x </a><br />
Licence: <a style="color: steelblue" href="//wiki.cacert.org/Policy#Licence" title="this document is Copyright &copy; CAcert Inc., licensed openly under CC-by-sa with all disputes resolved under DRP. More at wiki.cacert.org/Policy" > CC-by-sa+DRP </a><br />
</td><td align="right"> <div class="comment">
<a href="//www.cacert.org/policy/PolicyOnPolicy.html"><img src="images/cacert-policy.png" alt="Security Policy Status == POLICY" style="border-width:0" /></a> <table width="100%">
</td></tr></table>
<tr>
<td>
Name: OAP <a style="color: steelblue" href="https://svn.cacert.org/CAcert/Policies/ControlledDocumentList.html">COD11</a><br />
Status: POLICY/DRAFT <a style="color: steelblue" href="https://wiki.cacert.org/TopMinutes-20070917">m20070918.x </a><br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <span class="draftadd">DRAFT <a href="https://wiki.cacert.org/PolicyDecisions#p20080401.1">p20080401.1</a> </span> <br />
Editor: Jens Paul <br />
Licence: <a style="color: steelblue" href="https://wiki.cacert.org/Policy#Licence" title="this document is Copyright &copy; CAcert Inc., licensed openly under CC-by-sa with all disputes resolved under DRP. More at wiki.cacert.org/Policy" > CC-by-sa+DRP </a><br /></td>
<td valign="top" align="right">
<a href="https://www.cacert.org/policy/PolicyOnPolicy.html"><img src="images/cacert-policy.png" alt="OAP Status - POLICY" height="31" width="88" style="border-style: none;" /></a><br />
<a href="https://www.cacert.org/policy/PolicyOnPolicy.html"><img src="images/cacert-draft.png" alt="OAP Status - DRAFT" height="31" width="88" style="border-style: none;" /></a>
</td>
</tr>
</table>
</div> </div>
<h1> Organisation&nbsp;Assurance&nbsp;Policy </h1> <h1> Organisation&nbsp;Assurance&nbsp;Policy </h1>
<h2 id="s0">0. Preliminaries </h2> <h2 id="s0">0. Preliminaries </h2>
<p> <p>
This policy describes how Organisation Assurers ("OAs") This policy describes how Organisation Assurers ("OAs")
conduct assurances on organisations. conduct Assurances on Organisations.
Organisation assurance fits within the overall web-of-trust It fits within the overall web-of-trust
or assurance process of CAcert. or Assurance process of CAcert.
</p> </p>
<p> <p>
This policy is subsidiary to Assurance Policy ("AP" COD13). This policy is not a Controlled document, for purposes of
It is itself a controlled document ("OAP" COD11) under Configuration Control Specification ("CCS").
Configuration Control Specification ("CCS" COD2).
</p> </p>
<h2 id="s1"> 1. Purpose </h2> <h2 id="s1"> 1. Purpose </h2>
@ -73,19 +81,19 @@ and as described in the CPS.
<h3 id="s2.1"> 2.1 Assurance Officer </h3> <h3 id="s2.1"> 2.1 Assurance Officer </h3>
<p> <p>
The Assurance Officer The Assurance Officer ("AO")
manages this policy and reports to the CAcert Inc. Committee ("Board"). manages this policy and reports to the CAcert Inc. Committee ("Board").
</p> </p>
<p> <p>
The Assurance Officer manages all OAs and is responsible for process, The AO manages all OAs and is responsible for process,
the CAcert Organisation Assurance Programme ("COAP") form, the CAcert Organisation Assurance Programme ("COAP") form,
OA training and testing, manuals, quality control. OA training and testing, manuals, quality control.
In these responsibilities, other Officers will assist. In these responsibilities, other Officers will assist.
</p> </p>
<p> <p>
The Assurance Officer is appointed by the Board The OA is appointed by the Board.
and may be replaced by the Board. Where the OA is failing the Board decides.
</p> </p>
<h3 id="s2.2"> 2.2 Organisation Assurers </h3> <h3 id="s2.2"> 2.2 Organisation Assurers </h3>
@ -96,15 +104,15 @@ and may be replaced by the Board.
<ol type="a"> <li> <ol type="a"> <li>
An OA must be an experienced Assurer An OA must be an experienced Assurer
<ol type="i"> <ol type="i">
<li>Have 50 Experience Points.</li> <li>Have 150 assurance points.</li>
<li>Be fully trained and tested on all general assurance processes.</li> <li>Be fully trained and tested on all general Assurance processes.</li>
</ol> </ol>
</li><li> </li><li>
Must be trained as Organisation Assurer. Must be trained as Organisation Assurer.
<ol type="i"> <ol type="i">
<li> Global knowledge: This policy. </li> <li> Global knowledge: This policy. </li>
<li> Global knowledge: An OA manual covers how to do the process.</li> <li> Global knowledge: A OA manual covers how to do the process.</li>
<li> Local knowledge: legal forms of organisations within jurisdiction.</li> <li> Local knowledge: legal forms of organisations within jurisdiction.</li>
<li> Basic governance. </li> <li> Basic governance. </li>
<li> Training may be done a variety of ways, <li> Training may be done a variety of ways,
@ -121,7 +129,6 @@ and may be replaced by the Board.
<li> Tests are conducted manually, not online/automatic. </li> <li> Tests are conducted manually, not online/automatic. </li>
<li> Documentation to be retained. </li> <li> Documentation to be retained. </li>
<li> Tests may include on-the-job components. </li> <li> Tests may include on-the-job components. </li>
<li> Final test to be a number of supervised organisation assurances. </li>
</ol> </ol>
</li><li> </li><li>
@ -130,22 +137,28 @@ and may be replaced by the Board.
<li> Two supervising OAs must sign-off on new OA, <li> Two supervising OAs must sign-off on new OA,
as trained, tested and passed. as trained, tested and passed.
</li> </li>
<li> To appoint a new OA, the Assurance Officer must sign-off <li> AO must sign-off on a new OA,
as supervised, trained and tested. as supervised, trained and tested.
</li> </li>
</ol> </ol>
</li> </li>
<li>The OA can decide when a CAcert
(individual) Assurer
has done several OA Application Advises to appoint this
person to OA Assurer.
</li>
</ol> </ol>
<h3 id="s2.3"> 2.3 Local Assurer as Advisor </h3> <h3 id="s2.3"> 2.3 Organisation Assurance Advisor ("OAA") </h3>
<p>In countries/states/provinces where no OAs are <p>In countries/states/provinces where no OA Assurers are
operating, the OA operating for an OA Application (COAP) the OA
may rely upon the advice of an experienced local CAcert can be advised by an experienced local CAcert
(individual) Assurer in performing the organisation assurance. (individual) Assurer to take the decision
to accept the OA Application (COAP) of the organisation.
</p> </p>
<p> <p>
The local Assurer must have at least 50 Experience Points, The local Assurer must have at least 150 Points,
should know the language, and know should know the language, and know
the organisation trade office registry culture and quality. the organisation trade office registry culture and quality.
</p> </p>
@ -154,23 +167,23 @@ and may be replaced by the Board.
<h3 id="s2.4"> 2.4 Organisation Administrator </h3> <h3 id="s2.4"> 2.4 Organisation Administrator </h3>
<p> <p>
The Administrator within each organisation ("O-Admin") The Administrator within each Organisation ("O-Admin")
is the one who handles the assurance requests is the one who handles the assurance requests
and the issuing of certificates. and the issuing of certificates.
</p> </p>
<ol type="a"> <li> <ol type="a"> <li>
O-Admin must be an Assurer. O-Admin must be Assurer
<ol type="i"> <ol type="i">
<li>Have 100 assurance points.</li> <li>Have 100 assurance points.</li>
<li>Fully trained and tested as Assurer.</li> <li>Fully trained and tested as Assurer.</li>
</ol> </ol>
</li><li> </li><li>
Organisation is required to appoint an O-Admin, Organisation is required to appoint O-Admin,
and appoint additional O-Admins ones as appropriate. and appoint ones as required.
<ol type="i"> <ol type="i">
<li> O-Admins are named on COAP Request Form.</li> <li> On COAP Request Form.</li>
</ol> </ol>
</li><li> </li><li>
@ -193,7 +206,7 @@ and several subsidiary policies.
<ol type="a"> <ol type="a">
<li> This policy authorises the creation of subsidiary policies. </li> <li> This policy authorises the creation of subsidiary policies. </li>
<li> This policy is international. </li> <li> This policy is international. </li>
<li> Subsidiary policies are implementations of this policy. </li> <li> Subsidiary policies are implementations of the policy. </li>
<li> Organisations are assured under an appropriate subsidiary policy. </li> <li> Organisations are assured under an appropriate subsidiary policy. </li>
</ol> </ol>
@ -216,7 +229,7 @@ The nature of the Subsidiary Policies ("SubPols"):
</li><li> </li><li>
For OAs, For OAs,
SubPol specifies the <i>tests of local knowledge</i> SubPol specifies the <i>tests of local knowledge</i>
including the local COAP forms. including the local organisation assurance COAP forms.
</li><li> </li><li>
For assurances, For assurances,
SubPol specifies the <i>local documentation forms</i> SubPol specifies the <i>local documentation forms</i>
@ -227,7 +240,7 @@ The nature of the Subsidiary Policies ("SubPols"):
policy approval process. policy approval process.
</li></ol> </li></ol>
<h3 id="s3.3"> 3.3 Freedom to Assemble </h3> <h3 id="s3.3"> 3.3 Freedom to Assemble </h3>
<p> <p>
Subsidiary Policies are open, accessible and free to enter. Subsidiary Policies are open, accessible and free to enter.
@ -238,7 +251,7 @@ Subsidiary Policies are open, accessible and free to enter.
</li><li> </li><li>
No SubPol is a franchise. No SubPol is a franchise.
</li><li> </li><li>
Many SubPols will be on State or National lines, Many will be on State or National lines,
reflecting the legal reflecting the legal
tradition of organisations created tradition of organisations created
("incorporated") by states. ("incorporated") by states.
@ -260,11 +273,11 @@ Subsidiary Policies are open, accessible and free to enter.
</li></ol> </li></ol>
<h2 id="s4"> 4. Process </h2> <h2 id="s4"> 4. Process </h2>
<h3 id="s4.1"> 4.1 Standard of Organisation Assurance </h3> <h3 id="s4.1"> 4.1 Standard of Organisation Assurance </h3>
<p> <p>
The essential standard of organisation assurance is: The essential standard of Organisation Assurance is:
</p> </p>
<ol type="a"><li> <ol type="a"><li>
@ -282,7 +295,7 @@ The essential standard of organisation assurance is:
requestor can sign on behalf of the organisation. requestor can sign on behalf of the organisation.
</li><li> </li><li>
the organisation has agreed to the terms of the the organisation has agreed to the terms of the
CAcert Community Agreement, CAcert Community Agreement
and is therefore subject to Arbitration. and is therefore subject to Arbitration.
</li></ol> </li></ol>
@ -291,7 +304,7 @@ The essential standard of organisation assurance is:
are stated in the SubPol. are stated in the SubPol.
</p> </p>
<h3 id="s4.2"> 4.2 COAP </h3> <h3 id="s4.2"> 4.2 COAP </h3>
<p> <p>
The COAP form documents the checks and the resultant The COAP form documents the checks and the resultant
assurance results to meet the standard. assurance results to meet the standard.
@ -317,7 +330,7 @@ Additional information to be provided on form:
Statement and initials box for organisation Statement and initials box for organisation
and also for OA. and also for OA.
</li><li> </li><li>
Date of completion of assurance. Date of completion of Assurance.
Records should be maintained for 7 years from Records should be maintained for 7 years from
this date. this date.
</li></ol> </li></ol>
@ -332,7 +345,7 @@ ruling language (due to Arbitration requirements).
<h3 id="s4.3"> 4.3 Jurisdiction </h3> <h3 id="s4.3"> 4.3 Jurisdiction </h3>
<p> <p>
Organisation assurances are carried out by Organisation Assurances are carried out by
CAcert Inc. under its Arbitration jurisdiction. CAcert Inc. under its Arbitration jurisdiction.
Actions carried out by OAs are under this regime. Actions carried out by OAs are under this regime.
</p> </p>

View file

@ -1,403 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title> Organisation Assurance Policy </title>
<style type="text/css">
<!--
.comment {
color : steelblue;
}
-->
</style>
</head>
<body>
<div class="comment">
<table width="100%">
<tr>
<td>
Name: OAP <a style="color: steelblue" href="//svn.cacert.org/CAcert/Policies/ControlledDocumentList.html">COD11</a><br />
Status: POLICY/DRAFT <a style="color: steelblue" href="//wiki.cacert.org/wiki/TopMinutes-20070917">m20070918.x </a><br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <span class="draftadd">DRAFT p20080401.1 </span> <br />
Editor: Jens Paul <br />
Licence: <a style="color: steelblue" href="//wiki.cacert.org/Policy#Licence" title="this document is Copyright &copy; CAcert Inc., licensed openly under CC-by-sa with all disputes resolved under DRP. More at wiki.cacert.org/Policy" > CC-by-sa+DRP </a><br /></td>
<td valign="top" align="right">
<a href="//www.cacert.org/policy/PolicyOnPolicy.html"><img src="images/cacert-policy.png" alt="OAP Status - POLICY" height="31" width="88" style="border-style: none;" /></a><br />
<a href="//www.cacert.org/policy/PolicyOnPolicy.html"><img src="images/cacert-draft.png" alt="OAP Status - DRAFT" height="31" width="88" style="border-style: none;" /></a>
</td>
</tr>
</table>
</div>
<h1> Organisation&nbsp;Assurance&nbsp;Policy </h1>
<h2 id="s0">0. Preliminaries </h2>
<p>
This policy describes how Organisation Assurers ("OAs")
conduct Assurances on Organisations.
It fits within the overall web-of-trust
or Assurance process of CAcert.
</p>
<p>
This policy is not a Controlled document, for purposes of
Configuration Control Specification ("CCS").
</p>
<h2 id="s1"> 1. Purpose </h2>
<p>
Organisations with assured status can issue certificates
directly with their own domains within.
</p>
<p>
The purpose and statement of the certificate remains
the same as with ordinary users (natural persons)
and as described in the CPS.
</p>
<ul><li>
The organisation named within is identified.
</li><li>
The organisation has been verified according
to this policy.
</li><li>
The organisation is within the jurisdiction
and can be taken to CAcert Arbitration.
</li></ul>
<h2 id="s2"> 2. Roles and Structure </h2>
<h3 id="s2.1"> 2.1 Assurance Officer </h3>
<p>
The Assurance Officer ("AO")
manages this policy and reports to the CAcert Inc. Committee ("Board").
</p>
<p>
The AO manages all OAs and is responsible for process,
the CAcert Organisation Assurance Programme ("COAP") form,
OA training and testing, manuals, quality control.
In these responsibilities, other Officers will assist.
</p>
<p>
The OA is appointed by the Board.
Where the OA is failing the Board decides.
</p>
<h3 id="s2.2"> 2.2 Organisation Assurers </h3>
<p>
</p>
<ol type="a"> <li>
An OA must be an experienced Assurer
<ol type="i">
<li>Have 150 assurance points.</li>
<li>Be fully trained and tested on all general Assurance processes.</li>
</ol>
</li><li>
Must be trained as Organisation Assurer.
<ol type="i">
<li> Global knowledge: This policy. </li>
<li> Global knowledge: A OA manual covers how to do the process.</li>
<li> Local knowledge: legal forms of organisations within jurisdiction.</li>
<li> Basic governance. </li>
<li> Training may be done a variety of ways,
such as on-the-job, etc. </li>
</ol>
</li><li>
Must be tested.
<ol type="i">
<li> Global test: Covers this policy and the process. </li>
<li> Local knowledge: Subsidiary Policy to specify.</li>
<li> Tests to be created, approved, run, verified
by CAcert only (not outsourced). </li>
<li> Tests are conducted manually, not online/automatic. </li>
<li> Documentation to be retained. </li>
<li> Tests may include on-the-job components. </li>
</ol>
</li><li>
Must be approved.
<ol type="i">
<li> Two supervising OAs must sign-off on new OA,
as trained, tested and passed.
</li>
<li> AO must sign-off on a new OA,
as supervised, trained and tested.
</li>
</ol>
</li>
<li>The OA can decide when a CAcert
(individual) Assurer
has done several OA Application Advises to appoint this
person to OA Assurer.
</li>
</ol>
<h3 id="s2.3"> 2.3 Organisation Assurance Advisor ("OAA") </h3>
<p>In countries/states/provinces where no OA Assurers are
operating for an OA Application (COAP) the OA
can be advised by an experienced local CAcert
(individual) Assurer to take the decision
to accept the OA Application (COAP) of the organisation.
</p>
<p>
The local Assurer must have at least 150 Points,
should know the language, and know
the organisation trade office registry culture and quality.
</p>
<h3 id="s2.4"> 2.4 Organisation Administrator </h3>
<p>
The Administrator within each Organisation ("O-Admin")
is the one who handles the assurance requests
and the issuing of certificates.
</p>
<ol type="a"> <li>
O-Admin must be Assurer
<ol type="i">
<li>Have 100 assurance points.</li>
<li>Fully trained and tested as Assurer.</li>
</ol>
</li><li>
Organisation is required to appoint O-Admin,
and appoint ones as required.
<ol type="i">
<li> On COAP Request Form.</li>
</ol>
</li><li>
O-Admin must work with an assigned OA.
<ol type="i">
<li> Have contact details.</li>
</ol>
</ol>
<h2 id="s3"> 3. Policies </h2>
<h3 id="s3.1"> 3.1 Policy </h3>
<p>
There is one policy being this present document,
and several subsidiary policies.
</p>
<ol type="a">
<li> This policy authorises the creation of subsidiary policies. </li>
<li> This policy is international. </li>
<li> Subsidiary policies are implementations of the policy. </li>
<li> Organisations are assured under an appropriate subsidiary policy. </li>
</ol>
<h3 id="s3.2"> 3.2 Subsidiary Policies </h3>
<p>
The nature of the Subsidiary Policies ("SubPols"):
</p>
<ol type="a"><li>
SubPols are purposed to check the organisation
under the rules of the jurisdiction that creates the
organisation. This does not evidence an intention
by CAcert to
enter into the local jurisdiction, nor an intention
to impose the rules of that jurisdiction over any other
organisation.
CAcert assurances are conducted under the jurisdiction
of CAcert.
</li><li>
For OAs,
SubPol specifies the <i>tests of local knowledge</i>
including the local organisation assurance COAP forms.
</li><li>
For assurances,
SubPol specifies the <i>local documentation forms</i>
which are acceptable under this SubPol to meet the
standard.
</li><li>
SubPols are subjected to the normal
policy approval process.
</li></ol>
<h3 id="s3.3"> 3.3 Freedom to Assemble </h3>
<p>
Subsidiary Policies are open, accessible and free to enter.
</p>
<ol type="a"><li>
SubPols compete but are compatible.
</li><li>
No SubPol is a franchise.
</li><li>
Many will be on State or National lines,
reflecting the legal
tradition of organisations created
("incorporated") by states.
</li><li>
However, there is no need for strict national lines;
it is possible to have 2 SubPols in one country, or one
covering several countries with the same language
(e.g., Austria with Germany, England with Wales but not Scotland).
</li><li>
There could also be SubPols for special
organisations, one person organisations,
UN agencies, churches, etc.
</li><li>
Where it is appropriate to use the SubPol
in another situation (another country?), it
can be so approved.
(e.g., Austrian SubPol might be approved for Germany.)
The SubPol must record this approval.
</li></ol>
<h2 id="s4"> 4. Process </h2>
<h3 id="s4.1"> 4.1 Standard of Organisation Assurance </h3>
<p>
The essential standard of Organisation Assurance is:
</p>
<ol type="a"><li>
the organisation exists
</li><li>
the organisation name is correct and consistent:
<ol type="i">
<li>in official documents specified in SubPol.</li>
<li>on COAP form.</li>
<li>in CAcert database.</li>
<li>form or type of legal entity is consistent</li>
</ol>
</li><li>
signing rights:
requestor can sign on behalf of the organisation.
</li><li>
the organisation has agreed to the terms of the
CAcert Community Agreement
and is therefore subject to Arbitration.
</li></ol>
<p>
Acceptable documents to meet above standard
are stated in the SubPol.
</p>
<h3 id="s4.2"> 4.2 COAP </h3>
<p>
The COAP form documents the checks and the resultant
assurance results to meet the standard.
Additional information to be provided on form:
</p>
<ol type="a"><li>
CAcert account of O-Admin (email address?)
</li><li>
location:
<ol type="i">
<li>country (MUST).</li>
<li>city (MUST).</li>
<li>additional contact information (as required by SubPol).</li>
</ol>
</li><li>
administrator account name(s) (1 or more)
</li><li>
domain name(s)
</li><li>
Agreement with
CAcert Community Agreement.
Statement and initials box for organisation
and also for OA.
</li><li>
Date of completion of Assurance.
Records should be maintained for 7 years from
this date.
</li></ol>
<p>
The COAP should be in English. Where translations
are provided, they should be matched to the English,
and indication provided that the English is the
ruling language (due to Arbitration requirements).
</p>
<h3 id="s4.3"> 4.3 Jurisdiction </h3>
<p>
Organisation Assurances are carried out by
CAcert Inc. under its Arbitration jurisdiction.
Actions carried out by OAs are under this regime.
</p>
<ol type="a"><li>
The organisation has agreed to the terms of the
CAcert Community Agreement.
</li><li>
The organisation, the Organisation Assurers, CAcert and
other related parties are bound into CAcert's jurisdiction
and dispute resolution.
</li><li>
The OA is responsible for ensuring that the
organisation reads, understands, intends and
agrees to the
CAcert Community Agreement.
This OA responsibility should be recorded on COAP
(statement and initials box).
</li></ol>
<h2 id="s5"> 5. Exceptions </h2>
<ol type="a"><li>
<b> Conflicts of Interest.</b>
An OA must not assure an organisation in which
there is a close or direct relationship by, e.g.,
employment, family, financial interests.
Other conflicts of interest must be disclosed.
</li><li>
<b> Trusted Third Parties.</b>
TTPs are not generally approved to be part of
organisation assurance,
but may be approved by subsidiary policies according
to local needs.
</li><li>
<b>Exceptional Organisations.</b>
(e.g., Vatican, International Space Station, United Nations)
can be dealt with as a single-organisation
SubPol.
The OA creates the checks, documents them,
and subjects them to to normal policy approval.
</li><li>
<b>DBA.</b>
Alternative names for organisations
(DBA, "doing business as")
can be added as long as they are proven independently.
E.g., registration as DBA or holding of registered trade mark.
This means that the anglo law tradition of unregistered DBAs
is not accepted without further proof.
</li></ol>
</body>
</html>