diff --git a/CAcertCommunicationPolicy.html b/CAcertCommunicationPolicy.html new file mode 100644 index 0000000..d079145 --- /dev/null +++ b/CAcertCommunicationPolicy.html @@ -0,0 +1,181 @@ + + + + + + CAcert Communication Policy (CCP) + + + +

+ CAcert Communication Policy (CCP) +

+

+ CAcert Work In Progress
+ Author: Sam Johnston
+ Creation date: 2008-04-16
+ Status: WIP 2008-04-16
+ Next status: DRAFT 2008-04-XX
+ +

+

+ 0. Preliminaries +

+

+ This CAcert policy describes how CAcert communicates as required for achieving its mission. +

+

+ 1. Scope +

+

+ This policy is applicable to:
+

+
    +
  1. Press Releases
    2. +
  2. Internet Email
    3. +
+

+ 2. Requirements +

+

+ This section describes all CAcert communication channels.
+

+
    +
  1. Press Releases
    +
      +
    1. Press releases MUST be approved by the board and issued via:
      +
        +
      1. Digitally signed email to appropriate mailing list(s) by the president.
        2. +
      2. Posting and indefinite archiving on the official CAcert web site(s)
        3. +
      +
      2. +
    +
    2. +
  2. Internet Email
    +
      +
    1. + Email Accounts are official email accounts within the CAcert domain(s) (eg john@cacert.org).
      +
        +
      1. All official CAcert communications MUST be conducted using an official address. +
        2. +
      2. All new accounts MUST be approved by the M-SC who SHOULD act conservatively. +
        3. +
      3. Applicants MUST be assigned a role/office on the CAcert organisation chart. +
        4. +
      4. Role accounts (eg support@cacert.org) SHALL be implemented as a mailing list or automated issue tracking system as appropriate. +
        5. +
      5. All access SHALL be via POP, IMAP, HTTP and SMTP and MUST be authenticated. +
        6. +
      6. Outbound mail SHOULD contain the full name and short reference to the official capacity of the user (eg John Citizen (CAcert AO) <john@cacert.org>). +
        7. +
      7. Outbound mail MUST be relayed via CAcert infrastructure (eg smtp.cacert.org). +
        8. +
      +
      2. +
    2. + Mailing Lists are distribution lists containing CAcert community members.
      +
        +
      1. All new mailing lists MUST be approved by the M-SC who SHOULD act conservatively (regional lists are discouraged). +
        2. +
      2. List membership SHALL be restricted to CAcert Community members who are subject to the CCA (to be reflected in list info) and all posts are contributions. +
        3. +
      3. Lists SHALL follow the naming convention of cacert-<listname>@lists.cacert.org, with important lists (eg support, board) aliased @cacert.org +
        4. +
      4. List policy SHALL be set on a per-list basis (eg open/closed, searchable archives, etc.)
        +
          +
        1. Open lists (eg cacert-policy) shall be accessible by anyone (including Internet search engines) +
          2. +
        2. Closed lists (eg cacert-board) shall be accessible only by list members. +
          3. +
        3. Subscriber lists MUST NOT be revealed, even to list members. +
          4. +
        4. Posting to discussion lists (eg cacert-policy) MUST be restricted to list members and MUST NOT be restricted for role lists (eg cacert-board). +
          5. +
        5. Messages which do not meet list policy (eg size, non-member) MUST be immediately rejected. +
          6. +
        +
        5. +
      5. List management MUST be automated (eg Mailman). +
        6. +
      6. Subscription requests MUST be confirmed by the requestor. +
        7. +
      7. Web based archives MUST be maintained and accessible over HTTP and HTTPS. +
        8. +
      8. All authentication and authorisation MUST reflect list policy. +
        9. +
      +
      3. +
    3. + Automated Email is sent by various CAcert systems automatically.
      +
        +
      1. All new automated emails MUST be approved by the M-SC. +
        2. +
      2. Automated emails SHOULD only be sent in response to a user action. +
        3. +
      +
      4. +
    4. + Personal Email is individual personal addresses of CAcert Community members (eg john@gmail.com).
      +
        +
      1. Personal email MUST NOT be used for official CAcert purposes. +
        2. +
      2. Personal email MAY be used for unofficial tasks (eg assurers coordinating assurances) +
        3. +
      3. In the event that email accounts are made available to all community members these MUST be used, and personal email MUST NOT be used at all. +
        4. +
      +
      5. +
    +
    3. +
+

+ 3. Implementation +

+

+ This section describes how CAcert communication channels are to be implemented. +

+
    +
  1. General
    +
      +
    1. CAcert System Administrators SHALL have discretion as to the technical implementation of this policy and SHALL report status to the board periodically. +
      2. +
    +
    2. +
  2. + Security
    +
      +
    1. Authentication (where required) MUST be done via username and password and/or CAcert certificate. +
      2. +
    2. Transport encryption MUST be used where possible. +
      3. +
    3. Content encryption MAY be used where appropriate. +
      4. +
    4. All outbound mail SHOULD be digitally signed. +
      5. +
    +
    3. +
  3. Internet Email
    +
      +
    1. All mails MUST be securely archived for a period of 10 years. +
      2. +
    2. All mails MUST be subject to appropriate spam prevention mechanisms (eg SpamAssassin, greylisting). +
      3. +
    3. All mails MUST be subject to appropriate virus and content filtering (eg ClamAV, content types). +
      4. +
    +
    4. +
+ + +

+ 4. Acceptable Usage Policy +

+

+ CAcert infrastrucutre is for official, lawful, non-commercial, non-abusive CAcert use only. +

+

+ Valid XHTML 1.1 +

+ +