diff --git a/ConfigurationControlSpecification.html b/ConfigurationControlSpecification.html
index 2e2447e..2443efa 100644
--- a/ConfigurationControlSpecification.html
+++ b/ConfigurationControlSpecification.html
@@ -49,7 +49,7 @@ a:hover {
 <a href="http://www.cacert.org/policy/PolicyOnPolicy.php"><img align="right" src="Images/cacert-wip.png" alt="Configuration-Control Specification Status == work-in-progress" border="0"></a><p>
 Creation date: 20091214<br>
 Editor: Iang<br>
-Status: 20100227 <i>WIP </i><br><br>
+Status: 20100407 <i>WIP </i><br><br>
 
 
 
@@ -63,54 +63,75 @@ The Configuration-Control Specification (CCS) controls and tracks those document
 
 <p>
 This document is the procedure for CCS.
-This document itself is a component of the CCS.
+This document itself is a component of the CCS,
+see &sect;2.
+<!-- A.1.c The configuration-control specification controls its own revision process. -->
 All other documentation and process specified within
 is derivative and is ruled by the CCS. 
 </p>
 
+<p>
+CCS is formated, inspired and designed to meet the needs of
+DRC-A.1.
+CCS may be seen as the index to systems audit under DRC.
+</p>
+
 <h3> <a name="2">2</a> <a name="Documents"> Documents </a> </h3>
 
-<!-- This section from A.1.c through A.1.h -->
+<!-- A.1.c-h: The configuration-control specification controls the revision process for the CCS,CP,CPS,PP,SP,R/L/O  -->
 
 <h4> <a name="2.1">2.1</a> <a name="doc_list"> Controlled Document List </a> </h4>
 
 <p>
-This CCS creates a list of Primary or "root" documents.
+This CCS creates a list of Primary or "root" documents known as Policies.
+Primary documents may authorise other secondary documents
+into the list, or "practices" outside the list.
 </p>
 
 <p>
-Primary Documents may authorise other secondary documents
-under the same process (PoP).
-Policy Officer manages the controlled documents list
-containing numbers, locations and versions of all controlled documents.
+The controlled documents list
+contains numbers, locations and versions of all controlled documents.
 The list is part of this CCS, and is located at
 <a href="http://svn.cacert.org/CAcert/Policies/ControlledDocumentList.html">
 http://svn.cacert.org/CAcert/Policies/ControlledDocumentList.html</a>
-
+Policy Officer is to manage the list.
+Policy Officer is to log the changes at
+<a href="http://wiki.cacert.org/PolicyDecisions">
+http://wiki.cacert.org/PolicyDecisions</a>.
+<!-- See A.1.k, logging of documents. -->
 </p>
 
 <h4> <a name="2.2">2.2</a> <a name="doc_change"> Change </a> </h4>
 
 
 <p>
-Overall responsibility for change to documents resides with the policy mailgroup,
-as specified in Policy on Policy.
-CAcert Inc., board maintains a veto on new policies while in DRAFT.
-Fully approved documents (POLICY status) are published on the CAcert website at
-<a href="http://www.cacert.org/policy/">
-http://www.cacert.org/policy/</a>
-in plain HTML format.
+Change to the documents is as specified by
+Policy on Policy (PoP).
 </p>
 
+<p class="q"> The following would possibly be better off in PoP (when a change cycle comes around), or a practices manual. </p>
+
 <p>
+Policies in effect (DRAFT and POLICY status) are to be under change control.
+Fully approved documents (POLICY status)
+are published on the CAcert website at
+<a href="http://www.cacert.org/policy/">
+http://www.cacert.org/policy/</a>
+in plain HTML format,
+under the same control as critical source code
+under Security Policy (SP).
 Pre-final work (DRAFT status) and working documents (work-in-progress status)
-are made available on publically-accessible version management systems
+are made available on community-controlled version management systems
 (rooted at Subversion:
 <a href="http://svn.cacert.org/CAcert/Policies">
 http://svn.cacert.org/CAcert/Policies</a>
 wiki:
-<a href="http://wiki.cacert.org/wiki/PolicyDrafts">
-http://wiki.cacert.org/wiki/PolicyDrafts</a>).
+<a href="http://wiki.cacert.org/PolicyDrafts">
+http://wiki.cacert.org/PolicyDrafts</a>).
+Documents of lower status (work-in-progress or DRAFT)
+must not be confusable with
+documents of higher status (DRAFT or POLICY).
+Copies should be eliminated where not being worked on.
 </p>
 
 <h4> <a name="2.3">2.3</a> <a name="doc_control"> Control </a> </h4>
@@ -145,13 +166,21 @@ The ownership responsibility is delegated by agreement to Oophaga.
 
 
 <h3> <a name="4">4</a> <a name="Software"> Software </a> </h3>
-<!-- This section from A.1.i -->
+<!-- A.1.i: The configuration-control specification controls changes to software involved in: certs; data; comms to public -->
 <h4> <a name="4.1">4.1</a> <a name="hard_list"> Controlled Software List </a> </h4>
 
 <p>
 Critical software is defined by Security Policy.
 </p>
 
+<ul class="q">
+<li>One thing that is not so well covered by CAcert is the last bullet point of A.1.i
+<li>"communicating with subscribers and with the general public."
+<li>website is under SP;  maillists,blogs,etc are not.
+<li>as community has deliberately gone this direction, I suggest we argue it that way.
+<li> What is far more problematic is the failure to do CCA & Challenge notification.
+</ul>
+
 <h4> <a name="4.2">4.2</a> <a name="soft_change"> Change </a> </h4>
 
 <p> See Security Policy.  </p>
@@ -190,22 +219,36 @@ and a registry of software under approved open source licences.
 
 
 
-<h3> <a name="5">5</a> <a name="Logs"> Logs </a> </h3>
+<h3> <a name="5">5</a> <a name="Certs"> Certificates </a> </h3>
 
-<!-- This section from A.1.k -->
+<!-- This section from A.1.b -->
 
-<h4> <a name="5.1">5.1</a> <a name="logs_list"> Controlled Logs List </a> </h4>
+<h4> <a name="5.1">5.1</a> <a name="certs_list"> Certificates List </a> </h4>
 
-<p>
-Logs are defined by Security Policy.
-</p>
+<p> Root Certificates are to be listed in the CPS.  </p>
 
 <h4> <a name="5.2">5.2</a> <a name="logs_change"> Changes </a> </h4>
 
-<p> Changes to Hardware and Software are logged according to Security Policy.  </p>
+<p> Creation and usage of Root Certificates is to be controlled by Security Policy.  </p>
 
 <h4> <a name="5.3">5.3</a> <a name="logs_archive"> Archive </a> </h4>
 
 <p> See Security Policy.  </p>
 
+<h3> <a name="6">6</a> <a name="Logs"> Logs </a> </h3>
+
+<!-- This section from A.1.k -->
+
+<h4> <a name="6.1">6.1</a> <a name="logs_list"> Controlled Logs List </a> </h4>
+
+<p> Logs are defined by Security Policy.  </p>
+
+<h4> <a name="6.2">6.2</a> <a name="logs_change"> Changes </a> </h4>
+
+<p> Changes to Hardware, Software and Root Certificates are logged according to Security Policy.  </p>
+
+<h4> <a name="6.3">6.3</a> <a name="logs_archive"> Archive </a> </h4>
+
+<p> See Security Policy.  </p>
+
 </body></html>