added some comments and references to criteria

git-svn-id: http://svn.cacert.org/CAcert/Policies@1389 14b1bab8-4ef6-0310-b690-991c95c89dfd
This commit is contained in:
Ian Grigg 2009-04-29 18:20:44 +00:00
parent d05d626902
commit be576b69cf
2 changed files with 16 additions and 1 deletions

View file

@ -103,6 +103,7 @@
<li>MUST be approved by a board-appointed RAO <li>MUST be approved by a board-appointed RAO
</li> </li>
<li>MUST be satisfied as to the identity and competency of the TTP in identification procedures, as though they were to be conducting the assurance themselves <li>MUST be satisfied as to the identity and competency of the TTP in identification procedures, as though they were to be conducting the assurance themselves
<BR><i>iang: this clause would probably meet DRC C.9.a: "When the CA uses an external registration authority (RA), each RA is positively identified by CA personnel before being authorized to verify identities of subscribers and authorizations of individuals to represent organizational subscribers (see §A.2.v)."</i>
</li> </li>
<li>SHOULD be the most senior Assurer available <li>SHOULD be the most senior Assurer available
</li> </li>
@ -163,6 +164,8 @@
<li>leaving a Remote Assurance Form and copies of identity documents with the TTP for at least 60 days <li>leaving a Remote Assurance Form and copies of identity documents with the TTP for at least 60 days
</li> </li>
<li>sending a Remote Assurance Form and copies of identity documents to the Assurer by mutually agreed medium (eg post, web form or encrypted email) <li>sending a Remote Assurance Form and copies of identity documents to the Assurer by mutually agreed medium (eg post, web form or encrypted email)
<BR>
<i>iang: this clause <B>is similar</B> to the requirement DRC C.9.b: "RAs provide the CA with complete documentation on each verified applicant for a certificate." What is different is that the criteria requires the TTP to send the form, not the Member.</i>.
</li> </li>
</ol> </ol>
</li> </li>

View file

@ -55,12 +55,24 @@ Verification Provider (2.2).</P>
verification process should be accepted by the Assurer. verification process should be accepted by the Assurer.
</P> </P>
<P>
<i>
iang: This clause above probably <b>will NOT meet</b> the criteria DRC C.9.a: "MUST be satisfied as to the identity and competency of the TTP in identification procedures, as though they were to be conducting the assurance themselves."
</P>
<P>The Assurer will keep the following signed documents:</P> <P>The Assurer will keep the following signed documents:</P>
<OL> <OL>
<LI><P>Signed document (e.g. CAP or COAP form) for CAcert Community Agreement with the Member.</P></LI> <LI><P>Signed document (e.g. CAP or COAP form) for CAcert Community Agreement with the Member.</P></LI>
<LI><P>Signed report of the Trusted Verification Provider for the name verification.</P></LI> <LI><P>Signed report of the Trusted Verification Provider for the name verification.</P></LI>
</OL> </OL>
<P>
<i>
iang: This clause probably will meet the criteria DRC C.9.b: "RAs provide the CA with complete documentation on each verified applicant for a certificate."
Although, it is not clear how the Signed Report is delivered from TVP to CA.
</P>
<H3>2.2 Trusted Verification Provider (&quot;TVP&quot;) </H3> <H3>2.2 Trusted Verification Provider (&quot;TVP&quot;) </H3>
<P>Each TVA:: </P> <P>Each TVA:: </P>
@ -86,7 +98,7 @@ verification process should be accepted by the Assurer.
</OL> </OL>
<LI><P>must provide a secure mechanism <LI><P>must provide a secure mechanism
for validating a member's identity and/or organisation name or trade for validating a member's identity and/or organisation name or trade
name , including: name, including:
</P> </P>
<OL> <OL>
<LI><P><STRONG>Authentication Tokens</STRONG> <LI><P><STRONG>Authentication Tokens</STRONG>