<a href="PolicyOnPolicy.html"><img src="cacert-draft.png" alt="CAcert Policy Status" height="31" width="88" style="border-style: none;" /></a><br />
Creation date: 20060726<br />
Status: DRAFT p20091108<br />
-<!-- $Id: CertificationPracticeStatement.php,v 1.3 2012-07-27 16:00:29 wytze Exp $ -->
+<!-- $Id: CertificationPracticeStatement.html,v 1.3 2012-07-27 16:00:29 wytze Exp $ -->
<font size="-1">
Some content is incorporated under
<!-- <a href="http://xkcd.com/license.html">Creative Commons license</a> -->
<!-- from <a href="http://xkcd.com/">xkcd.com</a>. -->
- 198 177 515
+<!-- 198 177 515
</li>
-->
</ul>
<p>
CAcert is a Community formed of Members who agree to the
-<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.php">
+<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.html">
CAcert Community Agreement</a>.
The CA is technically operated by the Community,
under the direction of the Board of CAcert Incorporated.
<h4><a name="p1.3.2" id="p1.3.2">1.3.2. Registration authorities</a></h4>
<p>
Registration Authorities (RAs) are controlled under Assurance Policy
-(<a href="http://www.cacert.org/policy/AssurancePolicy.php">COD13</a>).
+(<a href="http://www.cacert.org/policy/AssurancePolicy.html">COD13</a>).
</p>
<h4><a name="p1.3.3" id="p1.3.3">1.3.3. Subscribers</a></h4>
A relying party is a Member,
having agreed to the
CAcert Community Agreement
-(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.php">COD9</a>),
+(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.html">COD9</a>),
who, in the act of using a CAcert certificate,
makes a decision on the basis of that certificate.
</p>
<p>
<b>Member.</b>
Membership of the Community is as defined in the
-<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.php">COD9</a>.
+<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.html">COD9</a>.
Only Members may RELY or may become Subscribers.
Membership is free.
</p>
who resolves disputes between Members, including ones
of certificate reliance, under
Dispute Resolution Policy
-(<a href="http://www.cacert.org/policy/DisputeResolutionPolicy.php">COD7</a>).
+(<a href="http://www.cacert.org/policy/DisputeResolutionPolicy.html">COD7</a>).
</p>
<p>
Their relationship with CAcert
is described by the
Non-related Persons - Disclaimer and Licence
-(<a href="http://www.cacert.org/policy/NRPDisclaimerAndLicence.php">COD4</a>).
+(<a href="http://www.cacert.org/policy/NRPDisclaimerAndLicence.html">COD4</a>).
No other rights nor relationship is implied or offered.
</p>
<center>
<table border="1" cellpadding="5">
<tr>
- <td colspan="2"><center><i>Type</center></i></td>
- <td colspan="2"><center><i>Appropriate Certificate uses</center></i></th>
+ <td colspan="2"><center><i>Type</i></center></td>
+ <td colspan="2"><center><i>Appropriate Certificate uses</i></center></td>
</tr>
<tr>
<th>General</th>
<table border="1" cellpadding="5">
<tr>
<td></td>
- <td colspan="5"><center><i>Level of Assurance</center></i></td>
+ <td colspan="5"><center><i>Level of Assurance</i></center></td>
<th> </th>
</tr>
<tr>
<td>Anon</td>
<th>Name</th>
<td>Name+Anon</td>
- <td colspan="1"><center><i>Remarks</center></i></td>
+ <td colspan="1"><center><i>Remarks</i></center></td>
</tr>
<tr>
<td><center>Top level<br><big><b>Root</b></big></center></td>
- <td> <center> <font title="pass." color="green" size="+3"> • </font> </center> </th>
- <td> <center> <font title="pass." color="green" size="+3"> • </font> </center> </th>
+ <td> <center> <font title="pass." color="green" size="+3"> • </font> </center> </td>
+ <td> <center> <font title="pass." color="green" size="+3"> • </font> </center> </td>
<td> <center> <font title="pass." color="green" size="+3"> • </font> </center> </td>
<td> <center> <font title="pass." color="green" size="+3"> • </font> </center> </td>
<td> <center> <font title="pass." color="green" size="+3"> • </font> </center> </td>
<tr>
<td><center><big><b>Member</b></big><br>SubRoot</center></td>
<td> <center> <font title="pass." color="green" size="+3"> ✔ </font> </center> </td>
- <td> <center> <font title="pass." color="red" size="+3"> ✘ </font> </center> </th>
+ <td> <center> <font title="pass." color="red" size="+3"> ✘ </font> </center> </td>
<td> <center> <font title="pass." color="green" size="+3"> ✔ </font> </center> </td>
<td> <center> <font title="pass." color="green" size="+3"> ✔ </font> </center> </td>
<td> <center> <font title="pass." color="green" size="+3"> ✔ </font> </center> </td>
</tr>
<tr>
<td><center><big><b>Assured</b></big><br>SubRoot</center></td>
- <td> <center> <font title="pass." color="red" size="+3"> ✘ </font> </center> </th>
- <td> <center> <font title="pass." color="red" size="+3"> ✘ </font> </center> </th>
+ <td> <center> <font title="pass." color="red" size="+3"> ✘ </font> </center> </td>
+ <td> <center> <font title="pass." color="red" size="+3"> ✘ </font> </center> </td>
<td> <center> <font title="pass." color="green" size="+3"> ✔ </font> </center> </td>
<td> <center> <font title="pass." color="green" size="+3"> ✔ </font> </center> </td>
<td> <center> <font title="pass." color="green" size="+3"> ✔ </font> </center> </td>
</tr>
<tr>
<td><center><big><b>Organisation</b></big><br>SubRoot</center></td>
- <td> <center> <font title="pass." color="red" size="+3"> ✘ </font> </center> </th>
- <td> <center> <font title="pass." color="red" size="+3"> ✘ </font> </center> </th>
+ <td> <center> <font title="pass." color="red" size="+3"> ✘ </font> </center> </td>
+ <td> <center> <font title="pass." color="red" size="+3"> ✘ </font> </center> </td>
<td> <center> <font title="pass." color="green" size="+3"> ✔ </font> </center> </td>
<td> <center> <font title="pass." color="green" size="+3"> ✔ </font> </center> </td>
<td> <center> <font title="pass." color="green" size="+3"> ✔ </font> </center> </td>
</tr>
<tr>
<th>Expiry of Certificates</th>
- <td colspan="2"><center>6 months</center></th>
- <td colspan="3"><center>24 months</center></th>
+ <td colspan="2"><center>6 months</center></td>
+ <td colspan="3"><center>24 months</center></td>
</tr>
<tr>
<th>Types</th>
- <td colspan="2"><center>client, server</center></th>
- <td colspan="2"><center>wildcard, subjectAltName</center></th>
- <td colspan="1"><center>code-signing</center></th>
+ <td colspan="2"><center>client, server</center></td>
+ <td colspan="2"><center>wildcard, subjectAltName</center></td>
+ <td colspan="1"><center>code-signing</center></td>
<td> (Inclusive to the left.) </td>
</tr>
</table>
<table border="1" cellpadding="5">
<tr>
<td></td>
- <td colspan="4"><center><i>Level of Assurance</center></i></td>
+ <td colspan="4"><center><i>Level of Assurance</i></center></td>
<th> </th>
</tr>
<tr>
<td>Named</td>
<td>Anonymous</td>
<th>Named</th>
- <td colspan="1"><center><i>Remarks</center></i></td>
+ <td colspan="1"><center><i>Remarks</i></center></td>
</tr>
<tr>
<td><center>Class<br><big><b>1</b></big></center></td>
</tr>
<tr>
<td><center>Class<br><big><b>3</b></big></center></td>
- <td> <center> <font title="pass." color="red" size="+3"> ✘ </font> </center> </th>
- <td> <center> <font title="pass." color="red" size="+3"> ✘ </font> </center> </th>
+ <td> <center> <font title="pass." color="red" size="+3"> ✘ </font> </center> </td>
+ <td> <center> <font title="pass." color="red" size="+3"> ✘ </font> </center> </td>
<td> <center> <font title="pass." color="green" size="+3"> ✔ </font> </center> </td>
<td> <center> <font title="pass." color="green" size="+3"> ✔ </font> </center> </td>
- <td> Assured Members only.<br> Intended for Reliance. </center> </td>
+ <td> Assured Members only.<br> Intended for Reliance. </td>
</tr>
<tr>
<th>Expiry of Certificates</th>
- <td colspan="2"><center>6 months</center></th>
- <td colspan="2"><center>24 months</center></th>
+ <td colspan="2"><center>6 months</center></td>
+ <td colspan="2"><center>24 months</center></td>
</tr>
<tr>
<th>Types available</th>
- <td colspan="2"><center>simple only</center></th>
- <td colspan="2"><center>wildcard, subjectAltName</center></th>
+ <td colspan="2"><center>simple only</center></td>
+ <td colspan="2"><center>wildcard, subjectAltName</center></td>
</tr>
</table>
<p>
This document is administered by the policy group of
-the CAcert Community under Policy on Policy (<a href="http://www.cacert.org/policy/PolicyOnPolicy.php">COD1</a>).
+the CAcert Community under Policy on Policy (<a href="http://www.cacert.org/policy/PolicyOnPolicy.html">COD1</a>).
</p>
<h4><a name="p1.5.2" id="p1.5.2">1.5.2. Contact person</a></h4>
<p>
CPS is controlled and updated according to the
Policy on Policy
-(<a href="http://www.cacert.org/policy/PolicyOnPolicy.php">COD1</a>)
+(<a href="http://www.cacert.org/policy/PolicyOnPolicy.html">COD1</a>)
which is part of
Configuration-Control Specification (COD2).
</p>
<b><a name="d_member" id="d_member">Member</a></b>.
Everyone who agrees to the
CAcert Community Agreement
- (<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.php">COD9</a>).
+ (<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.html">COD9</a>).
This generally implies having an account registered
at CAcert and making use of CAcert's data, programs or services.
A Member may be an individual ("natural person")
<b><a name="d_community" id="d_community">Community</a></b>.
The group of Members who agree to the
CAcert Community Agreement
- (<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.php">COD9</a>)
+ (<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.html">COD9</a>)
or equivalent agreements.
</p>
<p>
<b><a name="d_assured" id="d_assured">Assured Member</a></b>.
A Member whose identity has been sufficiently
verified by Assurers or other
- approved methods under Assurance Policy.</p>
+ approved methods under Assurance Policy.
</p>
<p>
<b><a name="d_assurer" id="d_assurer">Assurer</a></b>.
<b><a name="d_name" id="d_name">Name</a></b>.
As defined in the
Assurance Policy
- (<a href="http://www.cacert.org/policy/AssurancePolicy.php">COD13</a>),
+ (<a href="http://www.cacert.org/policy/AssurancePolicy.html">COD13</a>),
to describe a name of a Member
that is verified by the Assurance process.
<p>
CAcert or the certificates that they may use, and
are unaware of the ramifications of usage.
They are not permitted to RELY, but may USE, under the
- Non-Related Persons - Disclaimer and Licence (<a href="http://www.cacert.org/policy/NRPDisclaimerAndLicence.php">COD4</a>).
+ Non-Related Persons - Disclaimer and Licence (<a href="http://www.cacert.org/policy/NRPDisclaimerAndLicence.html">COD4</a>).
</p>
<p>
<b><a name="rel" id="d_reliance">Reliance</a></b>.
</p>
<p>
-Under the Assurance Policy (<a href="http://www.cacert.org/policy/AssurancePolicy.php">COD13</a>),
+Under the Assurance Policy (<a href="http://www.cacert.org/policy/AssurancePolicy.html">COD13</a>),
there are means for Members to search, retrieve
and verify certain data about themselves and others.
</p>
<p>
Each Member's Name (<tt>CN=</tt> field)
-is assured under the Assurance Policy (<a href="http://www.cacert.org/policy/AssurancePolicy.php">COD13</a>)
+is assured under the Assurance Policy (<a href="http://www.cacert.org/policy/AssurancePolicy.html">COD13</a>)
or subsidiary policies (such as Organisation Assurance Policy).
Refer to those documents for meanings and variations.
</p>
Each certificate has a unique serial number which maps
to a unique account, and thus maps to a unique Member.
See the Assurance Statement within Assurance Policy
-(<a href="http://www.cacert.org/policy/AssurancePolicy.php">COD13</a>).
+(<a href="http://www.cacert.org/policy/AssurancePolicy.html">COD13</a>).
</p>
<p>
<p>
Organisation Assurance Policy
-(<a href="http://www.cacert.org/policy/OrganisationAssurancePolicy.php">COD11</a>)
+(<a href="http://www.cacert.org/policy/OrganisationAssurancePolicy.html">COD11</a>)
controls issues such as trademarks where applicable.
A trademark can be disputed by filing a dispute.
See
ACE prefix (<a href="http://www.ietf.org/rfc/rfc3490#section-5">RFC3490
Section 5</a>), will only be issued to domains satisfying one or more
of the following conditions:
+</p>
<ul>
<li>The Top Level Domain (TLD) Registrar associated with the domain has a policy
that has taken measures to prevent two homographic domains being registered to
characters [0-9], and an ACSII hyphen '-'.
</li>
</ul>
-</p>
+
<p>Email address containing International Domain Names in the domain portion of
the email address will also be required to satisfy one of the above conditions.
</p>
<p>
-The following is a list of accepted TLD Registrars:
+The following is a list of accepted TLD Registrars:</p>
<table>
<tr>
<td><a href="http://www.vnnic.vn/english/5-6-300-2-2-04-20071115.htm">Policy</a> (<a href="http://vietunicode.sourceforge.net/tcvn6909.pdf">character list</a>)</td>
</tr>
</table>
-</p>
+
<p>
This criteria will apply to the email address and server host name fields for all certificate types.
<p>
Identity verification is controlled by the
<a href="http://svn.cacert.org/CAcert/Policies/AssurancePolicy.html">
-Assurance Policy</a> (<a href="http://www.cacert.org/policy/AssurancePolicy.php">COD13</a>).
+Assurance Policy</a> (<a href="http://www.cacert.org/policy/AssurancePolicy.html">COD13</a>).
The reader is refered to the Assurance Policy,
the following is representative and brief only.
</p>
<b>Agreement.</b>
An Internet user becomes a Member by agreeing to the
CAcert Community Agreement
-(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.php">COD9</a>)
+(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.html">COD9</a>)
and registering an account on the online website.
During the registration process Members are asked to
supply information about themselves:
<p>
<b>Assurance.</b>
Each Member is assured according to Assurance Policy
-(<a href="http://www.cacert.org/policy/AssurancePolicy.php">COD13</a>).
+(<a href="http://www.cacert.org/policy/AssurancePolicy.html">COD13</a>).
</p>
<!-- <center><a href="http://xkcd.com/364/"> <img src="http://imgs.xkcd.com/comics/responsible_behavior.png"> </a> </center> -->
Verification of organisations is delegated by
the Assurance Policy to the
Organisation Assurance Policy
-(<a href="http://www.cacert.org/policy/OrganisationAssurancePolicy.php">COD11</a>).
+(<a href="http://www.cacert.org/policy/OrganisationAssurancePolicy.html">COD11</a>).
The reader is refered to the Organisation Assurance Policy,
the following is representative and brief only.
</p>
</li><li>
the organisation has agreed to the terms of the
CAcert Community Agreement
- (<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.php">COD9</a>),
+ (<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.html">COD9</a>),
and is therefore subject to Arbitration.
</li></ol>
<b>Individuals.</b>
The authority to participate as a Member is established
by the CAcert Community Agreement
-(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.php">COD9</a>).
+(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.html">COD9</a>).
Assurances are requested by means of the signed CAP form.
</p>
<p>
The general life-cycle for a new certificate for an Individual Member is:
-
+</p>
<ol><li>
Member adds claim to an address (domain/email).
</li><li>
Member accepts certificate.
</li></ol>
-</p>
+
<p>
(Some steps are not applicable, such as anonymous certificates.)
a domain or email address on the online system.
This is a necessary step towards issuing a certificate.
There are these controls:
+</p>
<ul><li>
The claim of ownership or control is legally significant
and may be referred to dispute resolution.
the certificate application system automatically initiates the
check of control, as below.
</li></ul>
-</p>
+
<h4><a name="p4.1.3" id="p4.1.3">4.1.3. Preparing CSR </a></h4>
<p>
Members generate their own key-pairs.
The CAcert Community Agreement
-(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.php">COD9</a>)
+(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.html">COD9</a>)
obliges the Member as responsible for security.
See CCA2.5, §9.6.
</p>
</li> </ol>
<p>
-Notes.
+Notes.</p>
<ul><li>
Other methods can be added from time to time by CAcert.
</li><li>
Domain control checks may be extended to apply to email control
in the future.
</li></ul>
-</p>
+
<ul class="q">
<li> As of the time of writing, only a singular Email-ping is implemented in the technical system. </li>
<h4><a name="p4.2.4" id="p4.2.4">4.2.4. Client Certificate Procedures</a></h4>
<p>
-For an individual client certificate, the following is required.
+For an individual client certificate, the following is required.</p>
<ul>
<li>The email address is claimed and added. </li>
<li>The email address is ping-tested. </li>
<li>To include a Name, the Name must be assured to at least fifty points. </li>
</ul>
-</p>
+
<h4><a name="p4.2.5" id="p4.2.5">4.2.5. Server Certificate Procedures</a></h4>
<p>
-For a server certificate, the following is required:
+For a server certificate, the following is required:</p>
<ul>
<li>The domain is claimed and added. </li>
<li>The domain is checked twice as above. </li>
at least fifty points of Assurance. </li>
</ul>
-</p>
+
<h4><a name="p4.2.6" id="p4.2.6">4.2.6. Code-signing Certificate Procedures</a></h4>
All Members (subscribers and relying parties)
are obliged according to the
CAcert Community Agreement
-(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.php">COD9</a>)
+(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.html">COD9</a>)
See especially 2.3 through 2.5.
</p>
<h4><a name="p4.5.1" id="p4.5.1">4.5.1. Subscriber Usage and Responsibilities</a></h4>
Relying parties are Members,
and as such are bound by this CPS and the
CAcert Community Agreement
-(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.php">COD9</a>).
+(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.html">COD9</a>).
The licence and permission to rely is not assignable.
</p>
a person is a Non-Related-Person (NRP).
An NRP is not permitted to rely and is not a Relying Party.
For more details, see the
-NRP - Disclaimer and Licence (<a href="http://www.cacert.org/policy/NRPDisclaimerAndLicence.php">COD4</a>).
+NRP - Disclaimer and Licence (<a href="http://www.cacert.org/policy/NRPDisclaimerAndLicence.html">COD4</a>).
</p>
<h5>4.5.2.c The Act of Reliance </h5>
<table border="1" cellpadding="5">
<tr>
<td></td>
- <td colspan="4"><center><i>Statements of Reliance for Members</center></i></td>
+ <td colspan="4"><center><i>Statements of Reliance for Members</i></center></td>
</tr>
<tr>
<td><i>Class of Root</i></td>
<h3><a name="p5.1" id="p5.1">5.1. Physical controls</a></h3>
<p>
-Refer to Security Policy (<a href="http://svn.cacert.org/CAcert/Policies/SecurityPolicy.html">COD8</a>)
+Refer to Security Policy (<a href="http://svn.cacert.org/CAcert/Policies/SecurityPolicy.html">COD8</a>)</p>
<ul><li>
Site location and construction - SP2.1
</li><li>
Physical access - SP2.3
</li></ul>
-</p>
+
<h4><a name="p5.1.3" id="p5.1.3">5.1.3. Power and air conditioning</a></h4>
<li>Assurers</li>
<li> Any others authorised under COD13 </li>
</ul>
- Refer to Assurance Policy (<a href="http://www.cacert.org/policy/AssurancePolicy.php">COD13</a>)
+ Refer to Assurance Policy (<a href="http://www.cacert.org/policy/AssurancePolicy.html">COD13</a>)
</li>
<li><b>Governance:</b>
<p>
All important roles are generally required to be assured
at least to the level of Assurer, as per AP.
-Refer to Assurance Policy (<a href="http://www.cacert.org/policy/AssurancePolicy.php">COD13</a>).
+Refer to Assurance Policy (<a href="http://www.cacert.org/policy/AssurancePolicy.html">COD13</a>).
</p>
<p>
<td><b>Role</b></td> <td><b>Policy</b></td> <td><b>Comments</b></td>
</tr><tr>
<td>Assurer</td>
- <td><a href="http://www.cacert.org/policy/AssurancePolicy.php"> COD13</td>
+ <td><a href="http://www.cacert.org/policy/AssurancePolicy.html"> COD13 </a></td>
<td>
Passes Challenge, Assured to 100 points.
</td>
</tr><tr>
<td>Organisation Assurer</td>
- <td><a href="http://www.cacert.org/policy/OrganisationAssurancePolicy.php">COD11</a></td>
+ <td><a href="http://www.cacert.org/policy/OrganisationAssurancePolicy.html">COD11</a></td>
<td>
Trained and tested by two supervising OAs.
</td>
</tr><tr>
<td>Technical</td>
- <td>SM => COD08</td>
+ <td>SM => COD08</td>
<td>
Teams responsible for testing.
</td>
</tr><tr>
<td>Arbitrator</td>
- <td><a href="http://www.cacert.org/policy/DisputeResolutionPolicy.php">COD7</a></td>
+ <td><a href="http://www.cacert.org/policy/DisputeResolutionPolicy.html">COD7</a></td>
<td>
Experienced Assurers.
</td>
(Refer to <a href="#p1.4">§1.4</a> for limitations to service.)
</p>
-</p>
<h3><a name="p5.8" id="p5.8">5.8. CA or RA termination</a></h3>
Member information will be securely destroyed.
</p>
-<span class="change">
<p>
+<span class="change">
The CA cannot be transferrred to another organisation.
-</p>
</span>
+</p>
<p>
<s>
</ul>
</s>
+<p>
<span class="change">
<s>
-<p>
New root keys and certificates will be made available
by the new organisation as soon as reasonably practical.
-</p>
</s>
</span>
+</p>
<h4><a name="p5.8.2" id="p5.8.2">5.8.2 RA termination</a></h4>
<p>
The operational period of a certificate and its key pair
depends on the Assurance status of the Member,
-see <a href="#p1.4.5">§1.4.5</a> and Assurance Policy (<a href="http://www.cacert.org/policy/AssurancePolicy.php">COD13</a>).
+see <a href="#p1.4.5">§1.4.5</a> and Assurance Policy (<a href="http://www.cacert.org/policy/AssurancePolicy.html">COD13</a>).
</p>
<p>
<p>
This CPS and other documents are subject to
-the process in Policy on Policy (<a href="http://www.cacert.org/policy/PolicyOnPolicy.php">COD1</a>).
+the process in Policy on Policy (<a href="http://www.cacert.org/policy/PolicyOnPolicy.html">COD1</a>).
Audits cover the overall processes more
than any one document, and documents may vary
even as Audit reports are delivered.
<p>
Financial risks are dealt with primarily by
the Dispute Resolution Policy
-(<a href="http://www.cacert.org/policy/DisputeResolutionPolicy.php">COD7</a>).
+(<a href="http://www.cacert.org/policy/DisputeResolutionPolicy.html">COD7</a>).
</p>
<h4><a name="p9.2.1" id="p9.2.1">9.2.1. Insurance coverage</a></h4>
</p>
<p>
Under Assurance Policy
-(<a href="http://www.cacert.org/policy/AssurancePolicy.php">COD13</a>)
+(<a href="http://www.cacert.org/policy/AssurancePolicy.html">COD13</a>)
the Member's status (as Assured, Assurer, etc) is available
to other Members.
</p>
Assets that fall under the control of CCS
must be transferred to CAcert.
See PoP 6.2
-(<a href="http://www.cacert.org/policy/PolicyOnPolicy.php#6.2">COD1</a>),
+(<a href="http://www.cacert.org/policy/PolicyOnPolicy.html#6.2">COD1</a>),
CCA 1.3
-(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.php#1.3">COD9</a>).
+(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.html#1.3">COD9</a>).
That is, CAcert is free to use, modify,
distribute, and otherwise conduct the business
of the CA as CAcert sees fit with the asset.
CAcert owns or requires full control over its documents,
especially those covered by CCS.
See PoP 6.2
-(<a href="http://www.cacert.org/policy/PolicyOnPolicy.php#6.2">COD1</a>).
+(<a href="http://www.cacert.org/policy/PolicyOnPolicy.html#6.2">COD1</a>).
Contributors transfer the rights,
see CCA 1.3
-(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.php#1.3">COD9</a>).
+(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.html#1.3">COD9</a>).
Contributors warrant that they have the right to transfer.
</p>
licence, permitting them to to re-use
their original work freely.
See PoP 6.4
-(<a href="http://www.cacert.org/policy/PolicyOnPolicy.php#6.4">COD1</a>),
+(<a href="http://www.cacert.org/policy/PolicyOnPolicy.html#6.4">COD1</a>),
CCA 1.3
-(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.php#1.3">COD9</a>).
+(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.html#1.3">COD9</a>).
</p>
<h4><a name="p9.5.4" id="p9.5.4">9.5.4. Code</a></h4>
CAcert asserts its intellectual property rights over certificates
issued to Members and over roots.
See CCA 4.4
-(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.php#4.4">COD9</a>),
+(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.html#4.4">COD9</a>),
CCS.
The certificates may only be used by Members under
-<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.php#4.4">COD9</a>,
+<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.html#4.4">COD9</a>,
and,
by others under the licences offered,
such as
Non-Related Persons - Disclaimer and Licence
-(<a href="http://www.cacert.org/policy/NRPDisclaimerAndLicence.php">COD4</a>).
+(<a href="http://www.cacert.org/policy/NRPDisclaimerAndLicence.html">COD4</a>).
</p>
<h3><a name="p9.6" id="p9.6">9.6. Representations and warranties</a></h3>
<b>Members.</b>
All Members of the Community agree to the
CAcert Community Agreement
-(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.php">COD9</a>),
+(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.html">COD9</a>),
which is the primary document for
representations and warranties.
Members include Subscribers, Relying Parties,
<b>RAs.</b>
Registration Agents are obliged additionally by Assurance Policy,
especially 3.1, 4.1
-(<a href="http://www.cacert.org/policy/AssurancePolicy.php">COD13</a>).
+(<a href="http://www.cacert.org/policy/AssurancePolicy.html">COD13</a>).
</p>
<p>
Distributors of the roots are offered the
<span class="q">wip</span>
3rd-Party Vendors - Disclaimer and Licence
-(3PV-DaL => CODx)
+(3PV-DaL => CODx)
and are offered
<span class="q">wip</span>
the same deal as Members to the extent that they agree
<p>
Persons who have not accepted the above Agreements are offered the
Non-Related Persons - Disclaimer and Licence
-(<a href="http://www.cacert.org/policy/NRPDisclaimerAndLicence.php">COD4</a>).
+(<a href="http://www.cacert.org/policy/NRPDisclaimerAndLicence.html">COD4</a>).
Any representations and
warranties are strictly limited to nominal usage.
In essence, NRPs may USE but must not RELY.
(RAs, Subscribers, etc) and itself
disclaims all liability to NRPs
in their usage of CA's certificates.
-See <a href="http://www.cacert.org/policy/NRPDisclaimerAndLicence.php">COD4</a>.
+See <a href="http://www.cacert.org/policy/NRPDisclaimerAndLicence.html">COD4</a>.
</p>
<h3><a name="p9.8.2" id="p9.8.2">9.8.2 Liabilities Between Members</a></h3>
<p>
Members file a dispute to terminate their agreement.
See <a href="#p9.13">§9.13</a> and CCA 3.3
-(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.php#3.3">COD9</a>).
+(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.html#3.3">COD9</a>).
</p>
<p>
-Documents are varied (including terminated) under <a href="http://www.cacert.org/policy/PolicyOnPolicy.php">COD1</a>.
+Documents are varied (including terminated) under <a href="http://www.cacert.org/policy/PolicyOnPolicy.html">COD1</a>.
</p>
<p>
All participants are obliged to keep their listed
primary email addresses in good working order.
See CCA 3.5
-(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.php#3.5">COD9</a>).
+(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.html#3.5">COD9</a>).
</p>
<h3><a name="p9.12" id="p9.12">9.12. Amendments</a></h3>
<p>
-Amendments to the CPS are controlled by <a href="http://www.cacert.org/policy/PolicyOnPolicy.php">COD1</a>.
+Amendments to the CPS are controlled by <a href="http://www.cacert.org/policy/PolicyOnPolicy.html">COD1</a>.
Any changes in Member's Agreements are notified under CCA 3.4
-(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.php#3.4">COD9</a>).
+(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.html#3.4">COD9</a>).
</p>
<h3><a name="p9.13" id="p9.13">9.13. Dispute resolution provisions</a></h3>
<ul><li>
The CAcert
Dispute Resolution Policy
- (<a href="http://www.cacert.org/policy/DisputeResolutionPolicy.php">COD7</a>)
+ (<a href="http://www.cacert.org/policy/DisputeResolutionPolicy.html">COD7</a>)
includes rules for dispute resolution.
</li><li>
Filing is done via email to
See
<a href="#p9.13">§9.13</a>
and
-<a href="http://www.cacert.org/policy/DisputeResolutionPolicy.php">COD7</a>.
+<a href="http://www.cacert.org/policy/DisputeResolutionPolicy.html">COD7</a>.
That is, all requests are treated as disputes,
as only a duly empanelled Arbitrator has the
authorisation and authority to rule on the
<p>
All Members of the Community agree to the
CAcert Community Agreement
-(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.php">COD9</a>).
+(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.html">COD9</a>).
This agreement also incorporates other key
documents, being this CPS, DRP and PP.
See CCA 4.2.
projects / gigi.git / blobdiff