diff --git a/CAcertCommunicationPolicy.html b/CAcertCommunicationPolicy.html
new file mode 100644
index 0000000..d079145
--- /dev/null
+++ b/CAcertCommunicationPolicy.html
@@ -0,0 +1,181 @@
+
+
+
+
+
+ CAcert Communication Policy (CCP)
+
+
+
+
+ CAcert Communication Policy (CCP)
+
+
+
+ Author: Sam Johnston
+ Creation date: 2008-04-16
+ Status: WIP 2008-04-16
+ Next status: DRAFT 2008-04-XX
+
+
+
+ 0. Preliminaries
+
+
+ This CAcert policy describes how CAcert communicates as required for achieving its mission.
+
+
+ 1. Scope
+
+
+ This policy is applicable to:
+
+
+ - Press Releases
+ - Internet Email
+
+
+ 2. Requirements
+
+
+ This section describes all CAcert communication channels.
+
+
+ - Press Releases
+
+ - Press releases MUST be approved by the board and issued via:
+
+ - Digitally signed email to appropriate mailing list(s) by the president.
+ - Posting and indefinite archiving on the official CAcert web site(s)
+
+
+
+
+ - Internet Email
+
+ -
+ Email Accounts are official email accounts within the CAcert domain(s) (eg john@cacert.org).
+
+ - All official CAcert communications MUST be conducted using an official address.
+
+ - All new accounts MUST be approved by the M-SC who SHOULD act conservatively.
+
+ - Applicants MUST be assigned a role/office on the CAcert organisation chart.
+
+ - Role accounts (eg support@cacert.org) SHALL be implemented as a mailing list or automated issue tracking system as appropriate.
+
+ - All access SHALL be via POP, IMAP, HTTP and SMTP and MUST be authenticated.
+
+ - Outbound mail SHOULD contain the full name and short reference to the official capacity of the user (eg John Citizen (CAcert AO) <john@cacert.org>).
+
+ - Outbound mail MUST be relayed via CAcert infrastructure (eg smtp.cacert.org).
+
+
+
+ -
+ Mailing Lists are distribution lists containing CAcert community members.
+
+ - All new mailing lists MUST be approved by the M-SC who SHOULD act conservatively (regional lists are discouraged).
+
+ - List membership SHALL be restricted to CAcert Community members who are subject to the CCA (to be reflected in list info) and all posts are contributions.
+
+ - Lists SHALL follow the naming convention of cacert-<listname>@lists.cacert.org, with important lists (eg support, board) aliased @cacert.org
+
+ - List policy SHALL be set on a per-list basis (eg open/closed, searchable archives, etc.)
+
+ - Open lists (eg cacert-policy) shall be accessible by anyone (including Internet search engines)
+
+ - Closed lists (eg cacert-board) shall be accessible only by list members.
+
+ - Subscriber lists MUST NOT be revealed, even to list members.
+
+ - Posting to discussion lists (eg cacert-policy) MUST be restricted to list members and MUST NOT be restricted for role lists (eg cacert-board).
+
+ - Messages which do not meet list policy (eg size, non-member) MUST be immediately rejected.
+
+
+
+ - List management MUST be automated (eg Mailman).
+
+ - Subscription requests MUST be confirmed by the requestor.
+
+ - Web based archives MUST be maintained and accessible over HTTP and HTTPS.
+
+ - All authentication and authorisation MUST reflect list policy.
+
+
+
+ -
+ Automated Email is sent by various CAcert systems automatically.
+
+ - All new automated emails MUST be approved by the M-SC.
+
+ - Automated emails SHOULD only be sent in response to a user action.
+
+
+
+ -
+ Personal Email is individual personal addresses of CAcert Community members (eg john@gmail.com).
+
+ - Personal email MUST NOT be used for official CAcert purposes.
+
+ - Personal email MAY be used for unofficial tasks (eg assurers coordinating assurances)
+
+ - In the event that email accounts are made available to all community members these MUST be used, and personal email MUST NOT be used at all.
+
+
+
+
+
+
+
+ 3. Implementation
+
+
+ This section describes how CAcert communication channels are to be implemented.
+
+
+ - General
+
+ - CAcert System Administrators SHALL have discretion as to the technical implementation of this policy and SHALL report status to the board periodically.
+
+
+
+ -
+ Security
+
+ - Authentication (where required) MUST be done via username and password and/or CAcert certificate.
+
+ - Transport encryption MUST be used where possible.
+
+ - Content encryption MAY be used where appropriate.
+
+ - All outbound mail SHOULD be digitally signed.
+
+
+
+ - Internet Email
+
+ - All mails MUST be securely archived for a period of 10 years.
+
+ - All mails MUST be subject to appropriate spam prevention mechanisms (eg SpamAssassin, greylisting).
+
+ - All mails MUST be subject to appropriate virus and content filtering (eg ClamAV, content types).
+
+
+
+
+
+
+
+ 4. Acceptable Usage Policy
+
+
+ CAcert infrastrucutre is for official, lawful, non-commercial, non-abusive CAcert use only.
+
+
+
+
+
+