<strong>Other</strong> trusted local public figure as approved by RA (limited to one of the two TTPs)
</li>
</ol>
<i> Comment (iang): according to one discussion at least, it is suggested that: the type of quals/creds that are permissable to fulfill the role of TTP must be advised by an (O)Assurer to the board for each legal region. </i>
<p><i> Comment (iang): according to one discussion at least, it is suggested that: the type of quals/creds that are permissable to fulfill the role of TTP must be advised by an (O)Assurer to the board for each legal region. </i></p>
</li>
<li>MUST retain the Remote Assurance Form and a copy of the identity documents for at least 60 days and respond to enquiries in a timely fashion
</li>
@ -103,7 +103,7 @@
<li>MUST be approved by a board-appointed RAO
</li>
<li>MUST be satisfied as to the identity and competency of the TTP in identification procedures, as though they were to be conducting the assurance themselves
<BR /><i>iang: this clause would probably meet DRC C.9.a: "When the CA uses an external registration authority (RA), each RA is positively identified by CA personnel before being authorized to verify identities of subscribers and authorizations of individuals to represent organizational subscribers (see §A.2.v)."</i>
<p><i>iang: this clause would probably meet DRC C.9.a: "When the CA uses an external registration authority (RA), each RA is positively identified by CA personnel before being authorized to verify identities of subscribers and authorizations of individuals to represent organizational subscribers (see §A.2.v)."</i></p>
</li>
<li>SHOULD be the most senior Assurer available
</li>
@ -164,7 +164,7 @@
<li>leaving a Remote Assurance Form and copies of identity documents with the TTP for at least 60 days
</li>
<li>sending a Remote Assurance Form and copies of identity documents to the Assurer by mutually agreed medium (eg post, web form or encrypted email)
<BR /><i>iang: this clause <B>is similar</B> to the requirement DRC C.9.b: "RAs provide the CA with complete documentation on each verified applicant for a certificate." What is different is that the criteria requires the TTP to send the form, not the Member.</i>.
<p><i>iang: this clause <B>is similar</B> to the requirement DRC C.9.b: "RAs provide the CA with complete documentation on each verified applicant for a certificate." What is different is that the criteria requires the TTP to send the form, not the Member.</i></p>
</li>
</ol>
</li>
@ -186,10 +186,12 @@
</li>
<li>RA and RAO MUST securely destroy all copies held no less than 60 days and no more than 90 days from the date of the second TTP meeting
</li>
<li><i> Suggested (iang, heard in a discussion, and following AP):<br/>
<li>
<p><i> Suggested (iang, heard in a discussion, and following AP):</i></p>
For each TTP, RAO approves the allocation of 35 Assurance Points, making 70 points. </i>
</li>
<li><i> Suggested (iang, heard in a discussion, and following AP):<br/>
<li>
<p><i> Suggested (iang, heard in a discussion, and following AP):</i></p>
<u> Additionally, RAO may submit to the Board for the allocation of a further 30 Assurance Points, making 100 points available. </u></i>
</li>
<li>Disputes requiring access to the Remote Assurance Form and copies of identity documents must be handled within 60 days of the TTP meeting (after which time disputes MAY result in the Remote Assurance being revoked)
Ian Grigg
16 years ago