96be1b9a3d
git-svn-id: http://svn.cacert.org/CAcert/Policies@766 14b1bab8-4ef6-0310-b690-991c95c89dfd
179 lines
6.5 KiB
HTML
179 lines
6.5 KiB
HTML
<?xml version="1.0" encoding="utf-8"?>
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
|
|
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
|
|
<html xmlns="http://www.w3.org/1999/xhtml">
|
|
<head>
|
|
<title>
|
|
CAcert Communication Policy (CCP)
|
|
</title>
|
|
</head>
|
|
<body>
|
|
<h1>
|
|
CAcert Communication Policy (CCP)
|
|
</h1>
|
|
<p>
|
|
<a href="../PolicyOnPolicy.html"><img src="Images/cacert-wip.png" alt="CAcert Work In Progress" height="31" width="88" style="border-style: none;" /></a><br />
|
|
Author: Sam Johnston<br />
|
|
Creation date: 2008-04-16<br />
|
|
Status: WIP 2008-04-16<br />
|
|
Next status: DRAFT 2008-04-XX<br />
|
|
<!-- $Id$ -->
|
|
</p>
|
|
<h2>
|
|
0. Preliminaries
|
|
</h2>
|
|
<p>
|
|
This CAcert policy describes how CAcert communicates as required for achieving its mission.
|
|
</p>
|
|
<h2>
|
|
1. Scope
|
|
</h2>
|
|
<p>
|
|
This policy is applicable to:<br />
|
|
</p>
|
|
<ol>
|
|
<li>Press Releases
|
|
</li>
|
|
<li>Internet Email
|
|
</li>
|
|
<li>Internet Relay Chat (IRC)
|
|
</li>
|
|
</ol>
|
|
<h2>
|
|
2. Requirements
|
|
</h2>
|
|
<p>
|
|
This section describes all CAcert communication channels.<br />
|
|
</p>
|
|
<ol>
|
|
<li>
|
|
<strong>Press Releases</strong><br />
|
|
<ol style="list-style-type: lower-alpha;">
|
|
<li>Community Members MAY communicate on their areas, but these are considered community views.</li>
|
|
<li>Official press releases MUST be approved by the board and issued via:<br />
|
|
<ol style="list-style-type: lower-roman;">
|
|
<li>Digitally signed email to appropriate mailing list(s).
|
|
</li>
|
|
<li>Posting and indefinite archiving on the official CAcert web site(s)
|
|
</li>
|
|
</ol>
|
|
</li>
|
|
</ol>
|
|
</li>
|
|
<li>
|
|
<strong>Internet Email</strong><br />
|
|
<ol style="list-style-type: lower-alpha;">
|
|
<li>
|
|
<strong>Email Aliases</strong> are official email addresses within the CAcert domain(s) (eg john@cacert.org).<br />
|
|
<ol style="list-style-type: lower-roman;">
|
|
<li>All official CAcert communications MUST be conducted using an official address, which is typically a forwarding service.
|
|
</li>
|
|
<li>Access to full accounts (available only to officials listed on the organisation chart) SHALL be available via web interface and standard mail protocols.
|
|
</li>
|
|
<li>Outbound mail SHOULD contain the full name and short reference to the official capacity of the user: <i>John Citizen (CAcert AO) <john@cacert.org></i>.
|
|
</li>
|
|
<li>Role accounts (eg support@cacert.org) SHALL be implemented as a mailing list or automated issue tracking system as appropriate.
|
|
</li>
|
|
</ol>
|
|
</li>
|
|
<li>
|
|
<strong>Mailing Lists</strong> are automated distribution lists containing CAcert community members.<br />
|
|
<ol style="list-style-type: lower-roman;">
|
|
<li>List management (new list creation, dead list removal) SHALL be managed by the board.
|
|
</li>
|
|
<li>List membership SHALL be restricted to CAcert Community members and all posts are contributions, as described in the CCA.
|
|
</li>
|
|
<li>Lists SHALL follow the naming convention of cacert-<listname>@lists.cacert.org, with important lists (eg support, board) aliased @cacert.org
|
|
</li>
|
|
<li>List policy SHALL be set on a per-list basis (eg open/closed, searchable archives, etc.)<br />
|
|
<ol>
|
|
<li>Open lists (eg cacert-policy) shall be accessible by anyone (including Internet search engines) and closed lists (eg cacert-board) only by list members.
|
|
</li>
|
|
<li>Posting to discussion lists (eg cacert-policy) MUST be restricted to list members and MUST NOT be restricted for role lists (eg cacert-board).
|
|
</li>
|
|
<li>Messages which do not meet list policy (eg size, non-member) MUST be immediately rejected.
|
|
</li>
|
|
</ol>
|
|
</li>
|
|
<li>Subscription requests MUST be confirmed by the requestor and subscriber lists MUST NOT be revealed..
|
|
</li>
|
|
<li>Web based archives SHALL be maintained and authentication MUST reflect list policy.
|
|
</li>
|
|
</ol>
|
|
</li>
|
|
<li>
|
|
<strong>Automated Email</strong> is sent by various CAcert systems automatically.<br />
|
|
<ol style="list-style-type: lower-roman;">
|
|
<li>All new automated emails MUST be approved by the board.
|
|
</li>
|
|
<li>Automated emails SHOULD only be sent in response to a user action.
|
|
</li>
|
|
</ol>
|
|
</li>
|
|
<li>
|
|
<strong>Personal Email</strong> is individual personal addresses of CAcert Community members (eg john@gmail.com).<br />
|
|
<ol style="list-style-type: lower-roman;">
|
|
<li>Personal email MUST NOT be used for official CAcert purposes.
|
|
</li>
|
|
</ol>
|
|
</li>
|
|
</ol>
|
|
</li>
|
|
<li>
|
|
<strong>Internet Relay Chat (IRC)</strong><br />
|
|
<ol style="list-style-type: lower-alpha;">
|
|
<li>An IRC service SHALL be maintained at irc.cacert.org which SHALL be available via SSL.
|
|
</li>
|
|
</ol>
|
|
</li>
|
|
</ol>
|
|
<h2>
|
|
3. Implementation
|
|
</h2>
|
|
<p>
|
|
This section describes how CAcert communication channels are to be implemented.
|
|
</p>
|
|
<ol>
|
|
<li>
|
|
<strong>General</strong><br />
|
|
<ol style="list-style-type: lower-alpha;">
|
|
<li>CAcert System Administrators SHALL have discretion as to the technical implementation of this policy and SHALL report status to the board periodically.
|
|
</li>
|
|
</ol>
|
|
</li>
|
|
<li>
|
|
<strong>Security</strong><br />
|
|
<ol style="list-style-type: lower-alpha;">
|
|
<li>Authentication (where required) MUST be done via username and password and/or CAcert certificate.
|
|
</li>
|
|
<li>Transport encryption MUST be used where possible.
|
|
</li>
|
|
<li>Content encryption MAY be used where appropriate.
|
|
</li>
|
|
<li>All outbound mail SHOULD be digitally signed.
|
|
</li>
|
|
</ol>
|
|
</li>
|
|
<li>
|
|
<strong>Internet Email</strong><br />
|
|
<ol style="list-style-type: lower-alpha;">
|
|
<li>All mails MUST be securely archived for a period of 10 years.
|
|
</li>
|
|
<li>All mails MUST be subject to appropriate spam prevention mechanisms (eg SpamAssassin, greylisting).
|
|
</li>
|
|
<li>All mails MUST be subject to appropriate virus and content filtering (eg ClamAV, content types).
|
|
</li>
|
|
</ol>
|
|
</li>
|
|
</ol>
|
|
<h2>
|
|
4. Acceptable Usage Policy
|
|
</h2>
|
|
<p>
|
|
CAcert infrastrucutre is for official, lawful, non-commercial, non-abusive CAcert use only.
|
|
</p>
|
|
<p>
|
|
<a href="http://validator.w3.org/check?uri=referer"><img src="Images/valid-xhtml11-blue" alt="Valid XHTML 1.1" height="31" width="88" style="border-style: none;" /></a>
|
|
</p>
|
|
</body>
|
|
</html>
|