some of the easier criticisms have been addressed.
This still needs to address the core issue of how far the CA has to clearly represent its liability position. git-svn-id: http://svn.cacert.org/CAcert/Policies@1113 14b1bab8-4ef6-0310-b690-991c95c89dfd
This commit is contained in:
parent
b185b8edaa
commit
c8c4de25b8
1 changed files with 47 additions and 18 deletions
|
@ -10,27 +10,38 @@
|
||||||
<center> <b> w o r k -- i n -- p r o g r e s s</b> </center>
|
<center> <b> w o r k -- i n -- p r o g r e s s</b> </center>
|
||||||
|
|
||||||
<p> <i>
|
<p> <i>
|
||||||
This is wip-V0.02.
|
This is wip-V0.03.
|
||||||
</i></p>
|
</i></p>
|
||||||
|
|
||||||
<ul><li><i>
|
<ul><li><i>
|
||||||
|
What to do about multi-tier distributors:
|
||||||
th: firefox/thunderbird/evolution/etc distribute things
|
th: firefox/thunderbird/evolution/etc distribute things
|
||||||
but also to distributors eg Fedora, Ubuntu, etc. Who on there term
|
but also to distributors eg Fedora, Ubuntu, etc. Who on their terms
|
||||||
redistribute it. This recursion should that be explicit in this
|
redistribute it. This recursion should that be explicit in this
|
||||||
disclaimer and license?
|
disclaimer and license?
|
||||||
What to do about multi-tier distributors,
|
|
||||||
is this agreement with primary or end distributor or all of them?
|
is this agreement with primary or end distributor or all of them?
|
||||||
Mozilla => KDE => Evolution.
|
Mozilla => KDE => Evolution.
|
||||||
|
</i></li><li><i>
|
||||||
|
This agreement is with vendors that choose not to be Members.
|
||||||
|
Is now made explicit.
|
||||||
|
What about vendors who choose to be Members?
|
||||||
</i></li><li><i>
|
</i></li><li><i>
|
||||||
pg: I think the 3pv should define "USE" and "RELY" in a preamble
|
pg: I think the 3pv should define "USE" and "RELY" in a preamble
|
||||||
(or somewhere else at the beginning)
|
(or somewhere else at the beginning)
|
||||||
Perhaps even specifically declare the difference between USE and RELY
|
Perhaps even specifically declare the difference between USE and RELY
|
||||||
The other things are more or less clear in general,
|
The other things are more or less clear in general,
|
||||||
but USE and RELY and its special meaning should be defined
|
but USE and RELY and its special meaning should be defined
|
||||||
|
<br><b> OK, done.</b>
|
||||||
</i></li><li><i>
|
</i></li><li><i>
|
||||||
pg: 1.4 Agreement in Spirit
|
pg: 1.4 Agreement in Spirit
|
||||||
It doesn't clearly indicate that this is only in respect to cert stuff.
|
It doesn't clearly indicate that this is only in respect to cert stuff.
|
||||||
|
<br><b> extra line added "all with respect to...".</b>
|
||||||
|
</i></li><li><i>
|
||||||
Also, why are we policing the redistributors?
|
Also, why are we policing the redistributors?
|
||||||
|
<br> <i>the roots and certs are CAcert responsibility.</i>
|
||||||
|
</i></li><li><i>
|
||||||
|
pg: not clear that this applies or does not apply to Member-vendors.
|
||||||
|
<br><b> it is in now, in one of the bullet points.</b>
|
||||||
</i></li><li><i>
|
</i></li><li><i>
|
||||||
Practically everything else...
|
Practically everything else...
|
||||||
These are just scattered ideas and have not been exposed to criticism yet...
|
These are just scattered ideas and have not been exposed to criticism yet...
|
||||||
|
@ -41,8 +52,7 @@ This is wip-V0.02.
|
||||||
|
|
||||||
<h3> <a name="0"> 0. </a> Preliminaries </h3>
|
<h3> <a name="0"> 0. </a> Preliminaries </h3>
|
||||||
|
|
||||||
|
<h4> <a name="0.2"> 0.2 </a> Background </h4>
|
||||||
<h4> <a name="0.1"> 0.1 </a> Background </h4>
|
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
Being that,
|
Being that,
|
||||||
|
@ -53,10 +63,11 @@ Being that,
|
||||||
</li><li>
|
</li><li>
|
||||||
the CA offers a free certificate service to its subscribers,
|
the CA offers a free certificate service to its subscribers,
|
||||||
</li><li>
|
</li><li>
|
||||||
for the direct benefit and RELIANCE of its Community of signed-up users,
|
for the direct benefit and RELIANCE of its Community of signed-up users
|
||||||
|
("Members"),
|
||||||
</li><li>
|
</li><li>
|
||||||
and where possible, of some indirect benefit and USE to other general users
|
where possible, of some indirect benefit and USE to other general users
|
||||||
(or end-users) of the Internet;
|
("end-users") of the Internet;
|
||||||
</li></ul>
|
</li></ul>
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
|
@ -64,7 +75,8 @@ And that,
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<ul><li>
|
<ul><li>
|
||||||
the end-user has a choice in client software (such as browsers and email clients),
|
the end-user has a choice in software
|
||||||
|
(such as browsers and email clients),
|
||||||
</li><li>
|
</li><li>
|
||||||
such software offers features which are wholly or partly
|
such software offers features which are wholly or partly
|
||||||
based on use of certificates,
|
based on use of certificates,
|
||||||
|
@ -72,11 +84,12 @@ And that,
|
||||||
which may include the certificates of the CA
|
which may include the certificates of the CA
|
||||||
and/or of any other certificate authority,
|
and/or of any other certificate authority,
|
||||||
</li><li>
|
</li><li>
|
||||||
the end-user may have strictly limited possibilities to choose or
|
the end-user may have strictly limited or opaque
|
||||||
|
possibilities to choose or
|
||||||
control the usage made of certificates,
|
control the usage made of certificates,
|
||||||
</li><li>
|
</li><li>
|
||||||
and that it may not be economic nor reasonable for software
|
and that it may not be economic nor reasonable for software
|
||||||
to provide for a high degree of choice and control over certificates,
|
to provide for a high degree of choice and control over certificates;
|
||||||
</li></ul>
|
</li></ul>
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
|
@ -112,13 +125,15 @@ And that,
|
||||||
("the Vendor"),
|
("the Vendor"),
|
||||||
</li><li>
|
</li><li>
|
||||||
the Vendor offers a free distribution of root certificates ("root list"),
|
the Vendor offers a free distribution of root certificates ("root list"),
|
||||||
within client software,
|
within software,
|
||||||
</li><li>
|
</li><li>
|
||||||
that in choosing the Vendor's software,
|
that in choosing the Vendor's software,
|
||||||
the end-user would enter into an
|
the end-user would enter into an
|
||||||
End-User Licence Agreement ("EULA") with the Vendor,
|
End-User Licence Agreement ("EULA") with the Vendor,
|
||||||
</li><li>
|
</li><li>
|
||||||
the Vendor has the primary and only direct relationship with the end-user,
|
the Vendor has the primary and only direct relationship with the end-user,
|
||||||
|
</li><li>
|
||||||
|
the Vendor chooses not to be a Member of CAcert,
|
||||||
</li></ul>
|
</li></ul>
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
|
@ -149,7 +164,20 @@ by CA to Vendor.
|
||||||
<h4> <a name="0.3"> 0.3 </a> Terms </h4>
|
<h4> <a name="0.3"> 0.3 </a> Terms </h4>
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
Terms used in this agreement are as defined in the
|
<b><a name="d_reliance" id="d_reliance">RELIANCE</a></b>.
|
||||||
|
A Member's act in making a decision,
|
||||||
|
including taking a risk,
|
||||||
|
in whole or in part based on the certificate.
|
||||||
|
</p>
|
||||||
|
<p>
|
||||||
|
<b><a name="d_use" id="d_use">USE</a></b>.
|
||||||
|
The event of allowing a certificate to participate
|
||||||
|
in a protocol, as decided and facilitated by the user's software.
|
||||||
|
In general, no significant input is required of the user.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
Other terms used in this agreement are as defined in the
|
||||||
<a href="http://svn.cacert.org/CAcert/RegisteredUserAgreement.html">
|
<a href="http://svn.cacert.org/CAcert/RegisteredUserAgreement.html">
|
||||||
CAcert Community Agreement</a>.
|
CAcert Community Agreement</a>.
|
||||||
</p>
|
</p>
|
||||||
|
@ -194,8 +222,9 @@ within Vendor's root list to Vendor's end-users.
|
||||||
|
|
||||||
<h4> <a name="1.4"> 1.4 </a> Agreement in Spirit </h4>
|
<h4> <a name="1.4"> 1.4 </a> Agreement in Spirit </h4>
|
||||||
<p>
|
<p>
|
||||||
Vendor agrees to make EULA compatible and aligned with the CA's NRP-DaL.
|
Vendor agrees to make its relationship to end-users
|
||||||
Specifically, the EULA must:
|
compatible and aligned with the CA's NRP-DaL.
|
||||||
|
Specifically, the Vendor must:
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<ul><li>
|
<ul><li>
|
||||||
|
@ -215,13 +244,13 @@ and related cryptographic and security software).
|
||||||
<h4> <a name="1.5"> 1.5 </a> Agreement in Practice </h4>
|
<h4> <a name="1.5"> 1.5 </a> Agreement in Practice </h4>
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
Where agreement is explicitly sought from the end-user
|
Where agreement is explicitly sought from the end-user,
|
||||||
they will be offered and agree to:
|
they may be offered and agree to:
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<ul><li>
|
<ul><li>
|
||||||
CA's NRP-DaL,
|
CA's NRP-DaL,
|
||||||
where the NRP-DaL and EULA are not in contradiction,
|
<s>where the NRP-DaL and EULA are not in contradiction,</s>
|
||||||
<i>OR</i>
|
<i>OR</i>
|
||||||
</li><li>
|
</li><li>
|
||||||
only your EULA,
|
only your EULA,
|
||||||
|
|
Loading…
Reference in a new issue