created communication policy document

git-svn-id: http://svn.cacert.org/CAcert/Policies@757 14b1bab8-4ef6-0310-b690-991c95c89dfd

CAcertCommunicationPolicy.html

@@ -0,0 +1,181 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
+	"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+	<head>
+		<title>
+			CAcert Communication Policy (CCP)
+		</title>
+	</head>
+	<body>
+		<h1>
+			CAcert Communication Policy (CCP)
+		</h1>
+		<p>
+			<a href="../PolicyOnPolicy.html"><img src="../Images/cacert-wip.png" alt="CAcert Work In Progress" height="31" width="88" style="border-style: none;" /></a><br />
+			Author: Sam Johnston<br />
+			Creation date: 2008-04-16<br />
+			Status: WIP 2008-04-16<br />
+			Next status: DRAFT 2008-04-XX<br />
+			<!-- $Id$ -->
+		</p>
+		<h2>
+			0. Preliminaries
+		</h2>
+		<p>
+			This CAcert policy describes how CAcert communicates as required for achieving its mission.
+		</p>
+		<h2>
+			1. Scope
+		</h2>
+		<p>
+			This policy is applicable to:<br />
+		</p>
+		<ol>
+			<li>Press Releases</li>
+			<li>Internet Email</li>
+		</ol>
+		<h2>
+			2. Requirements
+		</h2>
+		<p>
+			This section describes all CAcert communication channels.<br />
+		</p>
+		<ol>
+			<li><strong>Press Releases</strong><br/>
+				<ol style="list-style-type: lower-alpha;">
+					<li>Press releases MUST be approved by the board and issued via:<br />
+						<ol style="list-style-type: lower-roman;">
+							<li>Digitally signed email to appropriate mailing list(s) by the president.</li>
+							<li>Posting and indefinite archiving on the official CAcert web site(s)</li>
+						</ol>
+					</li>
+				</ol>
+			</li>	
+			<li><strong>Internet Email</strong><br />
+				<ol style="list-style-type: lower-alpha;">
+					<li>
+						<strong>Email Accounts</strong> are official email accounts within the CAcert domain(s) (eg john@cacert.org).<br />
+						<ol style="list-style-type: lower-roman;">
+							<li>All official CAcert communications MUST be conducted using an official address.
+							</li>
+							<li>All new accounts MUST be approved by the M-SC who SHOULD act conservatively.
+							</li>
+							<li>Applicants MUST be assigned a role/office on the CAcert organisation chart.
+							</li>
+							<li>Role accounts (eg support@cacert.org) SHALL be implemented as a mailing list or automated issue tracking system as appropriate.
+							</li>
+							<li>All access SHALL be via POP, IMAP, HTTP and SMTP and MUST be authenticated.
+							</li>
+							<li>Outbound mail SHOULD contain the full name and short reference to the official capacity of the user (eg John Citizen (CAcert AO) &lt;john@cacert.org&gt;).
+							</li>
+							<li>Outbound mail MUST be relayed via CAcert infrastructure (eg smtp.cacert.org).
+							</li>
+						</ol>
+					</li>
+					<li>
+						<strong>Mailing Lists</strong> are distribution lists containing CAcert community members.<br />
+						<ol style="list-style-type: lower-roman;">
+							<li>All new mailing lists MUST be approved by the M-SC who SHOULD act conservatively (regional lists are discouraged).
+							</li>
+							<li>List membership SHALL be restricted to CAcert Community members who are subject to the CCA (to be reflected in list info) and all posts are contributions.
+							</li>
+							<li>Lists SHALL follow the naming convention of cacert-&lt;listname&gt;@lists.cacert.org, with important lists (eg support, board) aliased @cacert.org
+							</li>
+							<li>List policy SHALL be set on a per-list basis (eg open/closed, searchable archives, etc.)<br />
+								<ol>
+									<li>Open lists (eg cacert-policy) shall be accessible by anyone (including Internet search engines)
+									</li>
+									<li>Closed lists (eg cacert-board) shall be accessible only by list members.
+									</li>
+									<li>Subscriber lists MUST NOT be revealed, even to list members.
+									</li>
+									<li>Posting to discussion lists (eg cacert-policy) MUST be restricted to list members and MUST NOT be restricted for role lists (eg cacert-board).
+									</li>
+									<li>Messages which do not meet list policy (eg size, non-member) MUST be immediately rejected.
+									</li>
+								</ol>
+							</li>
+							<li>List management MUST be automated (eg Mailman).
+							</li>
+							<li>Subscription requests MUST be confirmed by the requestor.
+							</li>
+							<li>Web based archives MUST be maintained and accessible over HTTP and HTTPS.
+							</li>
+							<li>All authentication and authorisation MUST reflect list policy.
+							</li>
+						</ol>
+					</li>
+					<li>
+						<strong>Automated Email</strong> is sent by various CAcert systems automatically.<br />
+						<ol style="list-style-type: lower-roman;">
+							<li>All new automated emails MUST be approved by the M-SC.
+							</li>
+							<li>Automated emails SHOULD only be sent in response to a user action.
+							</li>
+						</ol>
+					</li>
+					<li>
+						<strong>Personal Email</strong> is individual personal addresses of CAcert Community members (eg john@gmail.com).<br />
+						<ol style="list-style-type: lower-roman;">
+							<li>Personal email MUST NOT be used for official CAcert purposes.
+							</li>
+							<li>Personal email MAY be used for unofficial tasks (eg assurers coordinating assurances)
+							</li>
+							<li>In the event that email accounts are made available to all community members these MUST be used, and personal email MUST NOT be used at all.
+							</li>
+						</ol>
+					</li>
+				</ol>
+			</li>
+		</ol>
+		<h2>
+			3. Implementation
+		</h2>
+		<p>
+			This section describes how CAcert communication channels are to be implemented.
+		</p>
+		<ol>
+			<li><strong>General</strong><br />
+				<ol style="list-style-type: lower-alpha;">
+					<li>CAcert System Administrators SHALL have discretion as to the technical implementation of this policy and SHALL report status to the board periodically.
+							</li>
+						</ol>
+					</li>
+					<li>
+						<strong>Security</strong><br />
+						<ol style="list-style-type: lower-roman;">
+							<li>Authentication (where required) MUST be done via username and password and/or CAcert certificate.
+							</li>
+							<li>Transport encryption MUST be used where possible.
+							</li>
+							<li>Content encryption MAY be used where appropriate.
+							</li>
+							<li>All outbound mail SHOULD be digitally signed.
+							</li>
+						</ol>
+					</li>
+					<li><strong>Internet Email</strong><br />
+						<ol style="list-style-type: lower-roman;">
+							<li>All mails MUST be securely archived for a period of 10 years.
+							</li>
+							<li>All mails MUST be subject to appropriate spam prevention mechanisms (eg SpamAssassin, greylisting).
+							</li>
+							<li>All mails MUST be subject to appropriate virus and content filtering (eg ClamAV, content types).
+							</li>
+						</ol>
+					</li>
+				</ol>
+			</li>
+		</ol>
+		<h2>
+			4. Acceptable Usage Policy
+		</h2>
+		<p>
+			CAcert infrastrucutre is for official, lawful, non-commercial, non-abusive CAcert use only.
+		</p>
+		<p>
+			<a href="http://validator.w3.org/check?uri=referer"><img src="../Images/valid-xhtml11-blue" alt="Valid XHTML 1.1" height="31" width="88" style="border-style: none;" /></a>
+		</p>
+	</body>
+</html>