From 5cf6d32d9c10f1e6c65b36d7e4080ed886b26561 Mon Sep 17 00:00:00 2001 From: Ian Grigg Date: Fri, 13 Mar 2009 15:07:21 +0000 Subject: [PATCH] extra alignments found from Security Manual, lost heading, moved some text git-svn-id: http://svn.cacert.org/CAcert/Policies@1219 14b1bab8-4ef6-0310-b690-991c95c89dfd --- SecurityPolicy.html | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/SecurityPolicy.html b/SecurityPolicy.html index 0e248b1..2ef4e87 100644 --- a/SecurityPolicy.html +++ b/SecurityPolicy.html @@ -1133,18 +1133,15 @@ All conflicts of interest should be examined.

9.1.6. Security

-It is the responsibility of all individuals to observe and report on security issues. +It is the responsibility of all individuals to +observe and report on security issues. All of CAcert observes all where possible. It is the responsibility of each individual to resolve it satisfactorily, or to ensure that it is reported fully.

-Only information subject to a specific and documented exception -may be kept secret or confidential. -The exception itself must not be secret or confidential. -All secrets and confidentials are reviewable under Arbitration, -and may be reversed. +See §9.5.

9.1.7. Termination of staff

@@ -1173,7 +1170,7 @@ to coordinate technical testing and training, especially of new team members.

-

9.2. Key generation/transfer

+

9.2. Root Key Management

9.2.1. Root Key generation

@@ -1202,13 +1199,15 @@ Subroots may be escrowed by either Board or Systems Administration Team. Recovery must only be conducted under Arbitrator authority.

+

9.2.4. Revocation

9.3. Legal

9.3.1. Responsibility

-The board is responsible for the CA at the executive level. +The board is responsible to the Community to manage +the CA at the executive level.

9.3.2. Response to external (legal) inquiry

@@ -1287,6 +1286,9 @@ In concrete terms, only under a defined exception under policy, or under the oversight of the Arbitrator, may confidentiality or secrecy be maintained. +The exception itself must not be secret or confidential. +All secrets and confidentials are reviewable under Arbitration, +and may be reversed. All should strive to reduce or remove any such restriction.