cacert
/
cacert-policies
8
1
Fork 0
Code Issues 3 Pull Requests 1 Packages Projects Releases Wiki Activity

git-svn-id: http://svn.cacert.org/CAcert/Policies@1495 14b1bab8-4ef6-0310-b690-991c95c89dfd

Browse Source
pull/1/head
Greg Rose 16 years ago
parent 115d38ea9c
commit 85efb085d2
1 changed files with 207 additions and 240 deletions
Show Stats Download Patch File Download Diff File

447
TVerifyAssurancePolicy.html
Unescape Escape View File

@ -1,240 +1,207 @@
<html> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<head> <HTML>
<title>Third Party Verification System Policy</title> <HEAD>
</head> <META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=windows-1252">
<body> <TITLE>Third Party Verification System Policy</TITLE>
<h1>Third Party Verification System Policy</h1> <META NAME="GENERATOR" CONTENT="OpenOffice.org 3.0 (Win32)">
<META NAME="CREATED" CONTENT="0;0">
<h2> Preamble </h2> <META NAME="CHANGED" CONTENT="20090504;23580100">
</HEAD>
<p> <BODY LANG="fr-FR" DIR="LTR">
This is a subsidiary policy under Assurance Policy (COD13). <H1>Third Party Verification System Policy</H1>
It documents the acceptance of Thawte-issued certificates <H2>Preamble
and disclosers as inputs into the assurance process. </H2>
</p> <P>This is a subsidiary policy under Assurance Policy (COD13). It
documents the acceptance of Thawte-issued certificates and disclosers
<h2> Third Party Certificate </h2> as inputs into the assurance process.
</P>
<H2>Third Party Certificate
<p> </H2>
The CAs listed in Appendix A are approved to "this system". <P>The CAs listed in Appendix A are approved to &quot;this system&quot;.
</p> </P>
<P>If a certificate is examined by an Assurer (e.g., signed email)
<p> and determined to provide evidence of a Name and email address that
If a certificate is examined by an Assurer (e.g., signed email) matches the Name stored in the CAcert system, the Assurer may
and determined to provide evidence of a Name and email address that allocate 25 (???) Assurance Points (or as determined in the Appendix
matches the Name stored in the CAcert system, A).
the Assurer may allocate 25 (???) Assurance Points </P>
(or as determined in the Appendix A). <P>This is only available to Assurers who are:
</p> </P>
<OL>
<p> <LI><P STYLE="margin-bottom: 0cm">Full Assurer with 50 Experience
This is only available to Assurers who are: Points
</p> </P>
<LI><P>Assigned the Tverify role by support.
<ol><li> </P>
Full Assurer with 50 Experience Points </OL>
</li><li> <P>This may be only awarded once per Member.
Assigned the Tverify role by support. </P>
</li></ol> <P>This may be done automatically by the existing Tverify system.
</P>
<p> <H2>Other Web of Trust
This may be only awarded once per Member. </H2>
</p> <P>Webs of Trust listed in Appendix B are approved for this system.
</P>
<p> <P>If evidence of full &quot;assurer status&quot; in the other Web of
This may be done automatically by the existing Trust is provided to an Assurer, then the Assurer may award 25
Tverify system. Assurance Points, in addition to the above 25 points from the
</p> certificate.
</P>
<P>The Assurer must go to the other system and verify the Name. And
<h2> Other Web of Trust </h2> DoB??? But the user has to enable each Assurer to check the DoB by
means of the permitting an assurance in the other system.
<p> </P>
Webs of Trust listed in Appendix B are approved for this system. <P>Assurers enabled for this system must be:
</p> </P>
<OL>
<p> <LI><P STYLE="margin-bottom: 0cm">Full Assurer with 50 Experience
If evidence of full "assurer status" in the other Web of Trust Points
is provided to an Assurer, </P>
then the Assurer may award 25 Assurance Points, <LI><P STYLE="margin-bottom: 0cm">Assigned the Tverify role by
in addition to the above 25 points from the certificate. support.
<p> </P>
<LI><P>Full &quot;assurer status&quot; in the other system.
<p> </P>
The Assurer must go to the other system and verify the </OL>
Name. <P>This may be only awarded once per Member.
And DoB??? But the user has to enable each Assurer to </P>
check the DoB by means of the permitting an assurance in the <P><I>What about voting system....</I>
other system. </P>
</p> <UL>
<LI><P>optional : the user provides the web link in the directory of
<p> Thawte notaries. The user must display his name and CAcert account
Assurers enabled for this system must be: email address in the directory assurer message. The user can get 40
</p> extra points after manual checking,
</P>
<ol><li> </UL>
Full Assurer with 50 Experience Points <UL>
</li><li> <LI><P STYLE="margin-bottom: 0cm"><I>This proves that the person is
Assigned the Tverify role by support. a &quot;Thawte Notary&quot; </I>
</li><li> </P>
Full "assurer status" in the other system. <LI><P STYLE="margin-bottom: 0cm"><I>A TN has &quot;100 Thawte trust
</li></ol> points&quot; which means that the Name, DoB, email address (by
connecting into the system) have been checked by 3 people at least. </I>
<p> </P>
This may be only awarded once per Member. <LI><P STYLE="margin-bottom: 0cm"><I>Thawte Notary: There is no
</p> &quot;test&quot;. </I>
</P>
<p> <LI><P STYLE="margin-bottom: 0cm"><I>Thawte Notary: There are some
<i>What about voting system....</i> rules, what needs to be done, what not. <U>Find the rules</U>. </I>
</p> </P>
<UL>
<LI><P STYLE="margin-bottom: 0cm"><I>http://www.thawte.com/secure-email/web-of-trust-wot/wot_notary.html</I></P>
<LI><P STYLE="margin-bottom: 0cm"><I>http://www.thawte.com/secure-email/web-of-trust-wot/wot_rules.html</I></P>
<LI><P STYLE="margin-bottom: 0cm"><I><A HREF="http://www.thawte.com/secure-email/web-of-trust-wot/wot_validation.html">http://www.thawte.com/secure-email/web-of-trust-wot/wot_validation.html</A></I></P>
</li><li> <LI><P STYLE="margin-bottom: 0cm"><I><A HREF="http://www.thawte.com/secure-email/web-of-trust-wot/wot_points.html">http://www.thawte.com/secure-email/web-of-trust-wot/wot_points.html</A></I></P>
<LI><P STYLE="margin-bottom: 0cm"><I><A HREF="http://www.thawte.com/cps/">http://www.thawte.com/cps/</A>
optional : =&gt; section 3.1.9 Authentication of Individual Identity </I>
the user provides the web link in the directory of Thawte </P>
notaries. The user must display his name and CAcert account email </UL>
address in the directory assurer message. The user can get 40 extra <LI><P STYLE="margin-bottom: 0cm"><I>Thawte Notary: complaints are
points after manual checking, reported to Thawte support, and support then requests all forms and
documentation and copies of IDs, and support may do something ...
<ul><li><i> <U>but this was before the change of liability, they may not care
This proves that the person is a "Thawte Notary" anymore</U> </I>
</i></li><li><i> </P>
A TN has "100 Thawte trust points" which means that the Name, DoB, email address (by connecting into the system) have been checked by 3 people at least. <LI><P><I>Probably this should be 25 points? </I>
</i></li><li><i> </P>
Thawte Notary: There is no "test". </UL>
</i></li><li><i> <UL>
Thawte Notary: There are some rules, what needs to be done, what not. <LI><P>optional: The user provides a scan of a government photo id.
<u>Find the rules</u>. The user can get an extra 60 points after manual checking.
</i></li><li><i> </P>
Thawte Notary: complaints are reported to Thawte support, and support then requests all forms and documentation and copies of IDs, and support may do something ... <u>but this was before the change of liability, they may not care anymore</u> </UL>
</i></li><li><i> <UL>
Probably this should be 25 points? <LI><P STYLE="margin-bottom: 0cm"><I>May need to make this mandatory
</i></li></ul> so we can check the DoB. </I>
</P>
</li><li> <LI><P><I>Probably this should be 40 points? </I>
optional: </P>
The user provides a scan of a government photo id. The user </UL>
can get an extra 60 points after manual checking. <P><I>Agreed that experience as TN is not useful for CAcert
<ul><li><i> Experience Points. So Maximum is 100.</I>
May need to make this mandatory so we can check the DoB. </P>
</i></li><li><i> <H2>Manual Points Allocation
Probably this should be 40 points? </H2>
</i></li></ul> <P>If the user completes only step 1, the users get 50 points if the
</li></ol> Thawte name matches the CAcert name : The process is fully automated
and the user still can do later the optional steps.
<p> </P>
<i> Agreed that experience as TN is not useful for CAcert Experience Points. <P>In case the user completes steps 2 or 3, a Tverify-authorised
So Maximum is 100.</i> Assurer does the following manual checks :
</p> </P>
<OL>
<h2> Manual Points Allocation </h2> <LI><P STYLE="margin-bottom: 0cm">check if the link to the Thawte
WoT directory matches the name and email address of the CAcert
<p> account, and
If the user completes only step 1, the users get 50 points if the </P>
Thawte name matches the CAcert name : The process is fully automated and <LI><P>check if the photo id macthes the name and date of birth of
the user still can do later the optional steps. the CAcert account.
</p> </P>
</OL>
<p> <P>the CAcert Tverify community member votes Aye or Nay on the
In case the user completes steps 2 or 3, a Tverify-authorised Assurer does the following manual checks : request (faithfullness) and optionally adds a comment on the reason
</p> why they reject the request.
</P>
<P>If the requests gets 4 Naye, the requests is rejected, the user
<ol><li> has to restart the process.
check if the link to the Thawte WoT directory matches the name and </P>
email address of the CAcert account, and <P>if the request gets 4 Aye, the requests is completed and the
</li><li> appropriate amount of Assurance points are added to the account,
logged as an Tverify assurance. <I>BY WHOM?</I>
check if the photo id macthes the name and date of birth of the CAcert </P>
account. <P>Each user step can granted points only once. The maximum is 150
</li></ol> points. <B>BLECH</B>
</P>
<p> <H2>Manual Points Allocation
the CAcert Tverify community member votes Aye or Nay on the request </H2>
(faithfullness) and optionally adds a comment on the reason why they reject <P>To be a Tverify Assurer, an Assurer must have:
the request. </P>
</p> <UL>
<LI><P>full Thawte &quot;Notary&quot; status.
<p> </P>
If the requests gets 4 Naye, the requests is rejected, the user has to </UL>
restart the process. <P>Authorisation is done by .... the Support Officer (and confirmed
</p> by ??? Assurance Officer).
</P>
<p> <P>Currently there are 7+ Assurers who are authorised to conduct the
if the request gets 4 Aye, the requests is completed and the appropriate Tverify additional procedure.
amount of Assurance points are added to the account, logged as an Tverify </P>
assurance. <H2>System
<i>BY WHOM?</i> </H2>
</p> <P>An online system is run to accept the certificate. This is located
at https://tverify.cacert.org/ This is a critical / non-critical
<p> system ????
Each user step can granted points only once. The maximum is 150 points. </P>
<b>BLECH</b> <H2>Legal
</p> </H2>
<P>WHat do the Thawte docs say about reliance, etc. Is there a
<h2> Manual Points Allocation </h2> possibility to do this? What is the liability position? <B>Chances
are, there is no liability and no reliance permitted.</B> Which means
<p> ... there is no reliance on the Name in the cert.
To be a Tverify Assurer, an Assurer must have: </P>
</p> <H2>OLD stuff
</H2>
<ul><li> <BLOCKQUOTE><B>OLD:</B>
full Thawte "Notary" status. </BLOCKQUOTE>
</li></ul> <BLOCKQUOTE><B>mandatory </B>: the users provides a Thawte assured
certificate including the user name. If the name and email address in
<p> the certificate matches the name and email address recorded by CAcert
Authorisation is done by .... exactly, the user is given 50 Assurance Points automatically by the
the Support Officer (and confirmed by ??? Assurance Officer). online system.
</p> </BLOCKQUOTE>
<UL>
<p> <LI><BLOCKQUOTE STYLE="margin-bottom: 0cm"><I>no checking of date of
Currently there are 7+ Assurers who are authorised to conduct the birth, </I>
Tverify additional procedure. </BLOCKQUOTE>
</p> <LI><BLOCKQUOTE STYLE="margin-bottom: 0cm"><I>no alignment of these
50 points with AP (statement, checking of date of birth, there may
<h2> System </h2> be some rules about middle names and extracting the name fields out
of FirstName and LastName... this is in the system. <B>should check
<p> Thwarte doco to make a judgement call on what it is worth.</B> </I>
An online system is run to accept the certificate. </BLOCKQUOTE>
This is located at https://tverify.cacert.org/ <LI><BLOCKQUOTE><I>Probably this should be 25 points? </I>
This is a critical / non-critical system ???? </BLOCKQUOTE>
</p> </UL>
</BODY>
<h2> Legal </h2> </HTML>
<p>
WHat do the Thawte docs say about reliance, etc.
Is there a possibility to do this?
What is the liability position?
<b>Chances are, there is no liability and no reliance permitted.</b>
Which means ... there is no reliance on the Name in the cert.
</p>
<h2> OLD stuff </h2>
<blockquote><b>OLD:</b>
<p>
<b> mandatory </b> : the users provides a
Thawte assured certificate including the user name.
If the name and email address in the certificate matches
the name and email address recorded by CAcert exactly,
the user is given 50 Assurance Points automatically
by the online system.
</p>
<ul><li><i>
no checking of date of birth,
</i></li><li><i>
no alignment of these 50 points with AP (statement, checking of date of birth,
there may be some rules about middle names and extracting the name fields out of FirstName and LastName... this is in the system.
<b>should check Thwarte doco to make a judgement call on what it is worth.</b>
</i></li><li><i>
Probably this should be 25 points?
</i></li></ul>
</blockquote>
</body></html>
Write Preview
Loading…
Cancel
Save