<a href="PolicyOnPolicy.html"><img src="cacert-draft.png" alt="CAcert Policy Status" height="31" width="88" style="border-style: none;" /></a><br />
Creation date: 20060726<br />
Status: DRAFT p20091108<br />
-<!-- $Id: CertificationPracticeStatement.php,v 1.3 2012-07-27 16:00:29 wytze Exp $ -->
+<!-- $Id: CertificationPracticeStatement.html,v 1.3 2012-07-27 16:00:29 wytze Exp $ -->
<font size="-1">
<p>
CAcert is a Community formed of Members who agree to the
-<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.php">
+<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.html">
CAcert Community Agreement</a>.
The CA is technically operated by the Community,
under the direction of the Board of CAcert Incorporated.
<h4><a name="p1.3.2" id="p1.3.2">1.3.2. Registration authorities</a></h4>
<p>
Registration Authorities (RAs) are controlled under Assurance Policy
-(<a href="http://www.cacert.org/policy/AssurancePolicy.php">COD13</a>).
+(<a href="http://www.cacert.org/policy/AssurancePolicy.html">COD13</a>).
</p>
<h4><a name="p1.3.3" id="p1.3.3">1.3.3. Subscribers</a></h4>
A relying party is a Member,
having agreed to the
CAcert Community Agreement
-(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.php">COD9</a>),
+(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.html">COD9</a>),
who, in the act of using a CAcert certificate,
makes a decision on the basis of that certificate.
</p>
<p>
<b>Member.</b>
Membership of the Community is as defined in the
-<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.php">COD9</a>.
+<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.html">COD9</a>.
Only Members may RELY or may become Subscribers.
Membership is free.
</p>
who resolves disputes between Members, including ones
of certificate reliance, under
Dispute Resolution Policy
-(<a href="http://www.cacert.org/policy/DisputeResolutionPolicy.php">COD7</a>).
+(<a href="http://www.cacert.org/policy/DisputeResolutionPolicy.html">COD7</a>).
</p>
<p>
Their relationship with CAcert
is described by the
Non-related Persons - Disclaimer and Licence
-(<a href="http://www.cacert.org/policy/NRPDisclaimerAndLicence.php">COD4</a>).
+(<a href="http://www.cacert.org/policy/NRPDisclaimerAndLicence.html">COD4</a>).
No other rights nor relationship is implied or offered.
</p>
<p>
This document is administered by the policy group of
-the CAcert Community under Policy on Policy (<a href="http://www.cacert.org/policy/PolicyOnPolicy.php">COD1</a>).
+the CAcert Community under Policy on Policy (<a href="http://www.cacert.org/policy/PolicyOnPolicy.html">COD1</a>).
</p>
<h4><a name="p1.5.2" id="p1.5.2">1.5.2. Contact person</a></h4>
<p>
CPS is controlled and updated according to the
Policy on Policy
-(<a href="http://www.cacert.org/policy/PolicyOnPolicy.php">COD1</a>)
+(<a href="http://www.cacert.org/policy/PolicyOnPolicy.html">COD1</a>)
which is part of
Configuration-Control Specification (COD2).
</p>
<b><a name="d_member" id="d_member">Member</a></b>.
Everyone who agrees to the
CAcert Community Agreement
- (<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.php">COD9</a>).
+ (<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.html">COD9</a>).
This generally implies having an account registered
at CAcert and making use of CAcert's data, programs or services.
A Member may be an individual ("natural person")
<b><a name="d_community" id="d_community">Community</a></b>.
The group of Members who agree to the
CAcert Community Agreement
- (<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.php">COD9</a>)
+ (<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.html">COD9</a>)
or equivalent agreements.
</p>
<p>
<b><a name="d_name" id="d_name">Name</a></b>.
As defined in the
Assurance Policy
- (<a href="http://www.cacert.org/policy/AssurancePolicy.php">COD13</a>),
+ (<a href="http://www.cacert.org/policy/AssurancePolicy.html">COD13</a>),
to describe a name of a Member
that is verified by the Assurance process.
<p>
CAcert or the certificates that they may use, and
are unaware of the ramifications of usage.
They are not permitted to RELY, but may USE, under the
- Non-Related Persons - Disclaimer and Licence (<a href="http://www.cacert.org/policy/NRPDisclaimerAndLicence.php">COD4</a>).
+ Non-Related Persons - Disclaimer and Licence (<a href="http://www.cacert.org/policy/NRPDisclaimerAndLicence.html">COD4</a>).
</p>
<p>
<b><a name="rel" id="d_reliance">Reliance</a></b>.
</p>
<p>
-Under the Assurance Policy (<a href="http://www.cacert.org/policy/AssurancePolicy.php">COD13</a>),
+Under the Assurance Policy (<a href="http://www.cacert.org/policy/AssurancePolicy.html">COD13</a>),
there are means for Members to search, retrieve
and verify certain data about themselves and others.
</p>
<p>
Each Member's Name (<tt>CN=</tt> field)
-is assured under the Assurance Policy (<a href="http://www.cacert.org/policy/AssurancePolicy.php">COD13</a>)
+is assured under the Assurance Policy (<a href="http://www.cacert.org/policy/AssurancePolicy.html">COD13</a>)
or subsidiary policies (such as Organisation Assurance Policy).
Refer to those documents for meanings and variations.
</p>
Each certificate has a unique serial number which maps
to a unique account, and thus maps to a unique Member.
See the Assurance Statement within Assurance Policy
-(<a href="http://www.cacert.org/policy/AssurancePolicy.php">COD13</a>).
+(<a href="http://www.cacert.org/policy/AssurancePolicy.html">COD13</a>).
</p>
<p>
<p>
Organisation Assurance Policy
-(<a href="http://www.cacert.org/policy/OrganisationAssurancePolicy.php">COD11</a>)
+(<a href="http://www.cacert.org/policy/OrganisationAssurancePolicy.html">COD11</a>)
controls issues such as trademarks where applicable.
A trademark can be disputed by filing a dispute.
See
<p>
Identity verification is controlled by the
<a href="http://svn.cacert.org/CAcert/Policies/AssurancePolicy.html">
-Assurance Policy</a> (<a href="http://www.cacert.org/policy/AssurancePolicy.php">COD13</a>).
+Assurance Policy</a> (<a href="http://www.cacert.org/policy/AssurancePolicy.html">COD13</a>).
The reader is refered to the Assurance Policy,
the following is representative and brief only.
</p>
<b>Agreement.</b>
An Internet user becomes a Member by agreeing to the
CAcert Community Agreement
-(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.php">COD9</a>)
+(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.html">COD9</a>)
and registering an account on the online website.
During the registration process Members are asked to
supply information about themselves:
<p>
<b>Assurance.</b>
Each Member is assured according to Assurance Policy
-(<a href="http://www.cacert.org/policy/AssurancePolicy.php">COD13</a>).
+(<a href="http://www.cacert.org/policy/AssurancePolicy.html">COD13</a>).
</p>
<!-- <center><a href="http://xkcd.com/364/"> <img src="http://imgs.xkcd.com/comics/responsible_behavior.png"> </a> </center> -->
Verification of organisations is delegated by
the Assurance Policy to the
Organisation Assurance Policy
-(<a href="http://www.cacert.org/policy/OrganisationAssurancePolicy.php">COD11</a>).
+(<a href="http://www.cacert.org/policy/OrganisationAssurancePolicy.html">COD11</a>).
The reader is refered to the Organisation Assurance Policy,
the following is representative and brief only.
</p>
</li><li>
the organisation has agreed to the terms of the
CAcert Community Agreement
- (<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.php">COD9</a>),
+ (<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.html">COD9</a>),
and is therefore subject to Arbitration.
</li></ol>
<b>Individuals.</b>
The authority to participate as a Member is established
by the CAcert Community Agreement
-(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.php">COD9</a>).
+(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.html">COD9</a>).
Assurances are requested by means of the signed CAP form.
</p>
<p>
Members generate their own key-pairs.
The CAcert Community Agreement
-(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.php">COD9</a>)
+(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.html">COD9</a>)
obliges the Member as responsible for security.
See CCA2.5, §9.6.
</p>
All Members (subscribers and relying parties)
are obliged according to the
CAcert Community Agreement
-(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.php">COD9</a>)
+(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.html">COD9</a>)
See especially 2.3 through 2.5.
</p>
<h4><a name="p4.5.1" id="p4.5.1">4.5.1. Subscriber Usage and Responsibilities</a></h4>
Relying parties are Members,
and as such are bound by this CPS and the
CAcert Community Agreement
-(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.php">COD9</a>).
+(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.html">COD9</a>).
The licence and permission to rely is not assignable.
</p>
a person is a Non-Related-Person (NRP).
An NRP is not permitted to rely and is not a Relying Party.
For more details, see the
-NRP - Disclaimer and Licence (<a href="http://www.cacert.org/policy/NRPDisclaimerAndLicence.php">COD4</a>).
+NRP - Disclaimer and Licence (<a href="http://www.cacert.org/policy/NRPDisclaimerAndLicence.html">COD4</a>).
</p>
<h5>4.5.2.c The Act of Reliance </h5>
<li>Assurers</li>
<li> Any others authorised under COD13 </li>
</ul>
- Refer to Assurance Policy (<a href="http://www.cacert.org/policy/AssurancePolicy.php">COD13</a>)
+ Refer to Assurance Policy (<a href="http://www.cacert.org/policy/AssurancePolicy.html">COD13</a>)
</li>
<li><b>Governance:</b>
<p>
All important roles are generally required to be assured
at least to the level of Assurer, as per AP.
-Refer to Assurance Policy (<a href="http://www.cacert.org/policy/AssurancePolicy.php">COD13</a>).
+Refer to Assurance Policy (<a href="http://www.cacert.org/policy/AssurancePolicy.html">COD13</a>).
</p>
<p>
<td><b>Role</b></td> <td><b>Policy</b></td> <td><b>Comments</b></td>
</tr><tr>
<td>Assurer</td>
- <td><a href="http://www.cacert.org/policy/AssurancePolicy.php"> COD13</td>
+ <td><a href="http://www.cacert.org/policy/AssurancePolicy.html"> COD13</td>
<td>
Passes Challenge, Assured to 100 points.
</td>
</tr><tr>
<td>Organisation Assurer</td>
- <td><a href="http://www.cacert.org/policy/OrganisationAssurancePolicy.php">COD11</a></td>
+ <td><a href="http://www.cacert.org/policy/OrganisationAssurancePolicy.html">COD11</a></td>
<td>
Trained and tested by two supervising OAs.
</td>
</td>
</tr><tr>
<td>Arbitrator</td>
- <td><a href="http://www.cacert.org/policy/DisputeResolutionPolicy.php">COD7</a></td>
+ <td><a href="http://www.cacert.org/policy/DisputeResolutionPolicy.html">COD7</a></td>
<td>
Experienced Assurers.
</td>
<p>
The operational period of a certificate and its key pair
depends on the Assurance status of the Member,
-see <a href="#p1.4.5">§1.4.5</a> and Assurance Policy (<a href="http://www.cacert.org/policy/AssurancePolicy.php">COD13</a>).
+see <a href="#p1.4.5">§1.4.5</a> and Assurance Policy (<a href="http://www.cacert.org/policy/AssurancePolicy.html">COD13</a>).
</p>
<p>
<p>
This CPS and other documents are subject to
-the process in Policy on Policy (<a href="http://www.cacert.org/policy/PolicyOnPolicy.php">COD1</a>).
+the process in Policy on Policy (<a href="http://www.cacert.org/policy/PolicyOnPolicy.html">COD1</a>).
Audits cover the overall processes more
than any one document, and documents may vary
even as Audit reports are delivered.
<p>
Financial risks are dealt with primarily by
the Dispute Resolution Policy
-(<a href="http://www.cacert.org/policy/DisputeResolutionPolicy.php">COD7</a>).
+(<a href="http://www.cacert.org/policy/DisputeResolutionPolicy.html">COD7</a>).
</p>
<h4><a name="p9.2.1" id="p9.2.1">9.2.1. Insurance coverage</a></h4>
</p>
<p>
Under Assurance Policy
-(<a href="http://www.cacert.org/policy/AssurancePolicy.php">COD13</a>)
+(<a href="http://www.cacert.org/policy/AssurancePolicy.html">COD13</a>)
the Member's status (as Assured, Assurer, etc) is available
to other Members.
</p>
Assets that fall under the control of CCS
must be transferred to CAcert.
See PoP 6.2
-(<a href="http://www.cacert.org/policy/PolicyOnPolicy.php#6.2">COD1</a>),
+(<a href="http://www.cacert.org/policy/PolicyOnPolicy.html#6.2">COD1</a>),
CCA 1.3
-(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.php#1.3">COD9</a>).
+(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.html#1.3">COD9</a>).
That is, CAcert is free to use, modify,
distribute, and otherwise conduct the business
of the CA as CAcert sees fit with the asset.
CAcert owns or requires full control over its documents,
especially those covered by CCS.
See PoP 6.2
-(<a href="http://www.cacert.org/policy/PolicyOnPolicy.php#6.2">COD1</a>).
+(<a href="http://www.cacert.org/policy/PolicyOnPolicy.html#6.2">COD1</a>).
Contributors transfer the rights,
see CCA 1.3
-(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.php#1.3">COD9</a>).
+(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.html#1.3">COD9</a>).
Contributors warrant that they have the right to transfer.
</p>
licence, permitting them to to re-use
their original work freely.
See PoP 6.4
-(<a href="http://www.cacert.org/policy/PolicyOnPolicy.php#6.4">COD1</a>),
+(<a href="http://www.cacert.org/policy/PolicyOnPolicy.html#6.4">COD1</a>),
CCA 1.3
-(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.php#1.3">COD9</a>).
+(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.html#1.3">COD9</a>).
</p>
<h4><a name="p9.5.4" id="p9.5.4">9.5.4. Code</a></h4>
CAcert asserts its intellectual property rights over certificates
issued to Members and over roots.
See CCA 4.4
-(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.php#4.4">COD9</a>),
+(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.html#4.4">COD9</a>),
CCS.
The certificates may only be used by Members under
-<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.php#4.4">COD9</a>,
+<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.html#4.4">COD9</a>,
and,
by others under the licences offered,
such as
Non-Related Persons - Disclaimer and Licence
-(<a href="http://www.cacert.org/policy/NRPDisclaimerAndLicence.php">COD4</a>).
+(<a href="http://www.cacert.org/policy/NRPDisclaimerAndLicence.html">COD4</a>).
</p>
<h3><a name="p9.6" id="p9.6">9.6. Representations and warranties</a></h3>
<b>Members.</b>
All Members of the Community agree to the
CAcert Community Agreement
-(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.php">COD9</a>),
+(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.html">COD9</a>),
which is the primary document for
representations and warranties.
Members include Subscribers, Relying Parties,
<b>RAs.</b>
Registration Agents are obliged additionally by Assurance Policy,
especially 3.1, 4.1
-(<a href="http://www.cacert.org/policy/AssurancePolicy.php">COD13</a>).
+(<a href="http://www.cacert.org/policy/AssurancePolicy.html">COD13</a>).
</p>
<p>
<p>
Persons who have not accepted the above Agreements are offered the
Non-Related Persons - Disclaimer and Licence
-(<a href="http://www.cacert.org/policy/NRPDisclaimerAndLicence.php">COD4</a>).
+(<a href="http://www.cacert.org/policy/NRPDisclaimerAndLicence.html">COD4</a>).
Any representations and
warranties are strictly limited to nominal usage.
In essence, NRPs may USE but must not RELY.
(RAs, Subscribers, etc) and itself
disclaims all liability to NRPs
in their usage of CA's certificates.
-See <a href="http://www.cacert.org/policy/NRPDisclaimerAndLicence.php">COD4</a>.
+See <a href="http://www.cacert.org/policy/NRPDisclaimerAndLicence.html">COD4</a>.
</p>
<h3><a name="p9.8.2" id="p9.8.2">9.8.2 Liabilities Between Members</a></h3>
<p>
Members file a dispute to terminate their agreement.
See <a href="#p9.13">§9.13</a> and CCA 3.3
-(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.php#3.3">COD9</a>).
+(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.html#3.3">COD9</a>).
</p>
<p>
-Documents are varied (including terminated) under <a href="http://www.cacert.org/policy/PolicyOnPolicy.php">COD1</a>.
+Documents are varied (including terminated) under <a href="http://www.cacert.org/policy/PolicyOnPolicy.html">COD1</a>.
</p>
<p>
All participants are obliged to keep their listed
primary email addresses in good working order.
See CCA 3.5
-(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.php#3.5">COD9</a>).
+(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.html#3.5">COD9</a>).
</p>
<h3><a name="p9.12" id="p9.12">9.12. Amendments</a></h3>
<p>
-Amendments to the CPS are controlled by <a href="http://www.cacert.org/policy/PolicyOnPolicy.php">COD1</a>.
+Amendments to the CPS are controlled by <a href="http://www.cacert.org/policy/PolicyOnPolicy.html">COD1</a>.
Any changes in Member's Agreements are notified under CCA 3.4
-(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.php#3.4">COD9</a>).
+(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.html#3.4">COD9</a>).
</p>
<h3><a name="p9.13" id="p9.13">9.13. Dispute resolution provisions</a></h3>
<ul><li>
The CAcert
Dispute Resolution Policy
- (<a href="http://www.cacert.org/policy/DisputeResolutionPolicy.php">COD7</a>)
+ (<a href="http://www.cacert.org/policy/DisputeResolutionPolicy.html">COD7</a>)
includes rules for dispute resolution.
</li><li>
Filing is done via email to
See
<a href="#p9.13">§9.13</a>
and
-<a href="http://www.cacert.org/policy/DisputeResolutionPolicy.php">COD7</a>.
+<a href="http://www.cacert.org/policy/DisputeResolutionPolicy.html">COD7</a>.
That is, all requests are treated as disputes,
as only a duly empanelled Arbitrator has the
authorisation and authority to rule on the
<p>
All Members of the Community agree to the
CAcert Community Agreement
-(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.php">COD9</a>).
+(<a href="http://www.cacert.org/policy/CAcertCommunityAgreement.html">COD9</a>).
This agreement also incorporates other key
documents, being this CPS, DRP and PP.
See CCA 4.2.