CAcert is a Community formed of Members who agree to the - + CAcert Community Agreement. The CA is technically operated by the Community, under the direction of the Board of CAcert Incorporated. @@ -320,7 +320,7 @@ intermediate CAs under the present CPS.
Registration Authorities (RAs) are controlled under Assurance Policy -(COD13). +(COD13).
Member. Membership of the Community is as defined in the -COD9. +COD9. Only Members may RELY or may become Subscribers. Membership is free.
@@ -358,7 +358,7 @@ A senior and experienced Member of the CAcert Community who resolves disputes between Members, including ones of certificate reliance, under Dispute Resolution Policy -(COD7). +(COD7).@@ -381,7 +381,7 @@ are unaware of the ramifications of usage. Their relationship with CAcert is described by the Non-related Persons - Disclaimer and Licence -(COD4). +(COD4). No other rights nor relationship is implied or offered.
@@ -416,8 +416,8 @@ and risks, liabilities and obligations in| General | @@ -674,7 +674,7 @@ and will be submitted to vendors via the (Top-level) Root.||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| - | |||||||||||
| Anon | Name | Name+Anon | -|||||||||
Root |
- | | |
+ |
|
|
|
@@ -705,7 +705,7 @@ and will be submitted to vendors via the (Top-level) Root.
||||
SubRoot |
|
- | |
|
|
|
@@ -713,8 +713,8 @@ and will be submitted to vendors via the (Top-level) Root.
|||||
SubRoot |
- | | |
+ |
|
|
|
@@ -722,8 +722,8 @@ and will be submitted to vendors via the (Top-level) Root.
||||
SubRoot |
- | | |
+ |
|
|
|
@@ -731,14 +731,14 @@ and will be submitted to vendors via the (Top-level) Root.
||||
| Expiry of Certificates | -|||||||||||
| Types | -(Inclusive to the left.) | ||||||||||
| - | |||||||||
| Named | Anonymous | Named | -|||||||
1 |
@@ -790,21 +790,21 @@ look at the CPS to figure it out.
|||||||||
3 |
- | | |
+ |
|
|
- Assured Members only. Intended for Reliance. |
+ Assured Members only. Intended for Reliance. |
|
| Expiry of Certificates | -|||||||||
| Types available | -|||||||||
This document is administered by the policy group of -the CAcert Community under Policy on Policy (COD1). +the CAcert Community under Policy on Policy (COD1).
CPS is controlled and updated according to the Policy on Policy -(COD1) +(COD1) which is part of Configuration-Control Specification (COD2).
@@ -913,7 +913,7 @@ As per above. Member. Everyone who agrees to the CAcert Community Agreement - (COD9). + (COD9). This generally implies having an account registered at CAcert and making use of CAcert's data, programs or services. A Member may be an individual ("natural person") @@ -923,7 +923,7 @@ As per above. Community. The group of Members who agree to the CAcert Community Agreement - (COD9) + (COD9) or equivalent agreements.@@ -938,7 +938,7 @@ As per above. Assured Member. A Member whose identity has been sufficiently verified by Assurers or other - approved methods under Assurance Policy.
+ approved methods under Assurance Policy.Assurer. @@ -949,7 +949,7 @@ As per above. Name. As defined in the Assurance Policy - (COD13), + (COD13), to describe a name of a Member that is verified by the Assurance process.
@@ -972,7 +972,7 @@ As per above. CAcert or the certificates that they may use, and are unaware of the ramifications of usage. They are not permitted to RELY, but may USE, under the - Non-Related Persons - Disclaimer and Licence (COD4). + Non-Related Persons - Disclaimer and Licence (COD4).
Reliance. @@ -1058,7 +1058,7 @@ for the general public.
-Under the Assurance Policy (COD13), +Under the Assurance Policy (COD13), there are means for Members to search, retrieve and verify certain data about themselves and others.
@@ -1196,7 +1196,7 @@ does not go into the certificate.Each Member's Name (CN= field) -is assured under the Assurance Policy (COD13) +is assured under the Assurance Policy (COD13) or subsidiary policies (such as Organisation Assurance Policy). Refer to those documents for meanings and variations.
@@ -1237,7 +1237,7 @@ Uniqueness of Names within certificates is not guaranteed. Each certificate has a unique serial number which maps to a unique account, and thus maps to a unique Member. See the Assurance Statement within Assurance Policy -(COD13). +(COD13).@@ -1249,7 +1249,7 @@ can only be registered to one Member.
Organisation Assurance Policy -(COD11) +(COD11) controls issues such as trademarks where applicable. A trademark can be disputed by filing a dispute. See @@ -1263,6 +1263,7 @@ Certificates containing International Domain Names, being those containing a ACE prefix (RFC3490 Section 5), will only be issued to domains satisfying one or more of the following conditions: +
Email address containing International Domain Names in the domain portion of the email address will also be required to satisfy one of the above conditions.
-The following is a list of accepted TLD Registrars: +The following is a list of accepted TLD Registrars:
| Policy (character list) |
This criteria will apply to the email address and server host name fields for all certificate types. @@ -1494,7 +1495,7 @@ The CAcert Inc. Board has the authority to decide to add or remove accepted TLD
Identity verification is controlled by the -Assurance Policy (COD13). +Assurance Policy (COD13). The reader is refered to the Assurance Policy, the following is representative and brief only.
@@ -1524,7 +1525,7 @@ to check the private key dynamically. Agreement. An Internet user becomes a Member by agreeing to the CAcert Community Agreement -(COD9) +(COD9) and registering an account on the online website. During the registration process Members are asked to supply information about themselves: @@ -1546,7 +1547,7 @@ for all service requests such as certificates.Assurance. Each Member is assured according to Assurance Policy -(COD13). +(COD13).
@@ -1617,7 +1618,7 @@ certificates that state their Assured Name(s). Verification of organisations is delegated by the Assurance Policy to the Organisation Assurance Policy -(COD11). +(COD11). The reader is refered to the Organisation Assurance Policy, the following is representative and brief only. @@ -1645,7 +1646,7 @@ stated in the OAP, briefly presented here:The general life-cycle for a new certificate for an Individual Member is: - +
(Some steps are not applicable, such as anonymous certificates.) @@ -1774,6 +1775,7 @@ The Member can claim ownership or authorised control of a domain or email address on the online system. This is a necessary step towards issuing a certificate. There are these controls: +
Members generate their own key-pairs. The CAcert Community Agreement -(COD9) +(COD9) obliges the Member as responsible for security. See CCA2.5, §9.6.
@@ -1894,7 +1896,7 @@ following checks:-Notes. +Notes.
-For an individual client certificate, the following is required. +For an individual client certificate, the following is required.
-For a server certificate, the following is required: +For a server certificate, the following is required:
| - | ||||||||
| Class of Root | @@ -2616,13 +2618,13 @@ No stipulation.Role | Policy | Comments | |||||
| Assurer | -COD13 | +COD13 | Passes Challenge, Assured to 100 points. | |||||
| Organisation Assurer | -COD11 | +COD11 | Trained and tested by two supervising OAs. | |||||
| Technical | -SM => COD08 | +SM => COD08 | Teams responsible for testing. | |||||
| Arbitrator | -COD7 | +COD7 | Experienced Assurers. | @@ -2855,7 +2857,6 @@ Refer to Security Policy 5, 6 (§1.4 for limitations to service.) -|||||