cacert/cacert-policies
9
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

extra alignments found from Security Manual, lost heading, moved some text

Browse source 
git-svn-id: http://svn.cacert.org/CAcert/Policies@1219 14b1bab8-4ef6-0310-b690-991c95c89dfd
This commit is contained in:
Ian Grigg 2009-03-13 15:07:21 +00:00
parent 6afcc0253f
commit 5cf6d32d9c
1 changed files with 10 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
SecurityPolicy.html
View file

@ -1133,18 +1133,15 @@ All conflicts of interest should be examined.
<h4> <a name="9.1.6"> 9.1.6. </a> Security</h4>
<p>
It is the responsibility of all individuals to observe and report on security issues.
It is the responsibility of all individuals to
observe and report on security issues.
All of CAcert observes all where possible.
It is the responsibility of each individual to resolve it satisfactorily,
or to ensure that it is reported fully.
</p>
<p>
Only information subject to a specific and documented exception
may be kept secret or confidential.
The exception itself must not be secret or confidential.
All secrets and confidentials are reviewable under Arbitration,
and may be reversed.
See &sect;9.5.
</p>
<h4> <a name="9.1.7"> 9.1.7. </a> Termination of staff</h4>
@ -1173,7 +1170,7 @@ to coordinate technical testing and training,
especially of new team members.
</p>
<h3> <a name="9.2"> 9.2. </a> Key generation/transfer</h3>
<h3> <a name="9.2"> 9.2. </a> Root Key Management</h3>
<h4> <a name="9.2.1"> 9.2.1. </a> Root Key generation</h4>
@ -1202,13 +1199,15 @@ Subroots may be escrowed by either Board or Systems Administration Team.
Recovery must only be conducted under Arbitrator authority.
</p>
<h4> <a name="9.2.4"> 9.2.4. </a> Revocation </h4>
<h3> <a name="9.3"> 9.3. </a> Legal</h3>
<h4> <a name="9.3.1"> 9.3.1. </a> Responsibility</h4>
<p>
The board is responsible for the CA at the executive level.
The board is responsible to the Community to manage
the CA at the executive level.
</p>
<h4> <a name="9.3.2"> 9.3.2. </a> Response to external (legal) inquiry</h4>
@ -1287,6 +1286,9 @@ In concrete terms,
only under a defined exception under policy,
or under the oversight of the Arbitrator,
may confidentiality or secrecy be maintained.
The exception itself must not be secret or confidential.
All secrets and confidentials are reviewable under Arbitration,
and may be reversed.
All should strive to reduce or remove any such
restriction.
</p>