From be576b69cfa623277601e14a5093f39ccc7cd5a4 Mon Sep 17 00:00:00 2001
From: Ian Grigg <iang@cacert.org>
Date: Wed, 29 Apr 2009 18:20:44 +0000
Subject: [PATCH] added some comments and references to criteria

git-svn-id: http://svn.cacert.org/CAcert/Policies@1389 14b1bab8-4ef6-0310-b690-991c95c89dfd
---
 RemoteAssurancePolicy.html    |  3 +++
 RemoteVerificationPolicy.html | 14 +++++++++++++-
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/RemoteAssurancePolicy.html b/RemoteAssurancePolicy.html
index dca3c40..cc07c9d 100644
--- a/RemoteAssurancePolicy.html
+++ b/RemoteAssurancePolicy.html
@@ -103,6 +103,7 @@
 			<li>MUST be approved by a board-appointed RAO
 			</li>
 			<li>MUST be satisfied as to the identity and competency of the TTP in identification procedures, as though they were to be conducting the assurance themselves
+<BR><i>iang:  this clause would probably meet DRC C.9.a: "When the CA uses an external registration authority (RA), each RA is positively identified by CA personnel before being authorized to verify identities of subscribers and authorizations of individuals to represent organizational subscribers (see §A.2.v)."</i>
 			</li>
 			<li>SHOULD be the most senior Assurer available
 			</li>
@@ -163,6 +164,8 @@
 					<li>leaving a Remote Assurance Form and copies of identity documents with the TTP for at least 60 days
 					</li>
 					<li>sending a Remote Assurance Form and copies of identity documents to the Assurer by mutually agreed medium (eg post, web form or encrypted email)
+<BR>
+<i>iang:  this clause <B>is similar</B> to the requirement DRC C.9.b: "RAs provide the CA with complete documentation on each verified applicant for a certificate." What is different is that the criteria requires the TTP to send the form, not the Member.</i>.
 					</li>
 				</ol>
 			</li>
diff --git a/RemoteVerificationPolicy.html b/RemoteVerificationPolicy.html
index 1538aae..1d75530 100644
--- a/RemoteVerificationPolicy.html
+++ b/RemoteVerificationPolicy.html
@@ -55,12 +55,24 @@ Verification Provider (2.2).</P>
 verification process  should be accepted by the Assurer. 
 </P>
 
+<P>
+<i>
+iang: This clause above probably <b>will NOT meet</b> the criteria DRC C.9.a: "MUST be satisfied as to the identity and competency of the TTP in identification procedures, as though they were to be conducting the assurance themselves."
+</P>
+
 <P>The Assurer will keep the following signed documents:</P>
 <OL>
 	<LI><P>Signed document  (e.g. CAP or COAP form) for CAcert Community Agreement with the Member.</P></LI>
 	<LI><P>Signed report of the Trusted Verification Provider for the name verification.</P></LI>
 </OL>
 
+<P>
+<i>
+iang: This clause probably will meet the criteria DRC C.9.b: "RAs provide the CA with complete documentation on each verified applicant for a certificate."
+Although, it is not clear how the Signed Report is delivered from TVP to CA.
+</P>
+
+
 <H3>2.2 Trusted Verification Provider (&quot;TVP&quot;) </H3>
 
 <P>Each TVA:: </P>
@@ -86,7 +98,7 @@ verification process  should be accepted by the Assurer.
 	</OL>
 	<LI><P>must provide a secure mechanism
 	for validating a member's identity and/or organisation name or trade
-	name , including: 
+	name, including: 
 	</P>
 	<OL>
 		<LI><P><STRONG>Authentication Tokens</STRONG>