some fix ups to urls and definition

git-svn-id: http://svn.cacert.org/CAcert/Policies@2054 14b1bab8-4ef6-0310-b690-991c95c89dfd
This commit is contained in:
Ian Grigg 2010-09-19 06:12:46 +00:00
parent 3f9cf51c6f
commit ad90535142

View file

@ -326,10 +326,11 @@
</p>
<ul class="q">
<li>Old: sending a Remote Assurance Form and copies of identity documents to the Assurer by mutually agreed medium (eg post, web form or encrypted email).</li>
<li>iang: this requirement was informed by DRC C.9.b:</li>
<li>iang: this requirement was informed by <a href="http://audit.cacert.org/svn/DRC/browser.php">DRCi</a> C.9.b:</li>
<blockquote><u>"RAs provide the CA with complete documentation on each verified applicant for a certificate."</u></blockquote>
<li>RA is registration authority which is a verifier of people who is outside the CA. For us, Assurers are our RAs.</li>
<li>What is different? In the old version of TTP, the TTP was the RA. Thus the criteria would require the TTP to send the form, not the Member.</li>
<li> However in the new TTP-assisted version of assurance, the Assurer is the RA, and the existing arrangement of the RA's documentation process (forms provided to Arbitrator) are workable. Also note responsibility laid out in 3.d, the TTP-assist assurer makes a CARS of the Assurance Statement over the subject member. Ergo the Assurer is the RA, and is the responsible party.</li>
<li> However in the new TTP-assisted version of assurance, the Assurer is the RA, and the existing arrangement of the RA's documentation process (forms provided to Arbitrator) are workable. Also note responsibility laid out in 3.d, the TTP-assist assurer makes a <a href="//wiki.cacert.org/CARS">CARS</a> of the Assurance Statement over the subject member. Ergo the Assurer is the RA, and is the responsible party.</li>
<li> Hence, the above point 5. is likely going to change. </li>
</ul>
</li></ol>
@ -345,7 +346,7 @@
as though they were to be conducting the assurance themselves
</p>
<span class="q">
<p>iang: this clause would probably meet DRC C.9.a:
<p>iang: this clause would probably meet <a href="http://audit.cacert.org/svn/DRC/browser.php">DRC</a> C.9.a:
<blockquote><u>"When the CA uses an external registration authority (RA), each RA is positively identified by CA personnel before being authorized to verify identities of subscribers and authorizations of individuals to represent organizational subscribers (see §A.2.v)."</u></blockquote>
For that reason, the above clause should be considered strongly,
and either discussed further in the Handbook, or include these