summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--www/policy/CertificationPracticeStatement.html33
1 files changed, 18 insertions, 15 deletions
diff --git a/www/policy/CertificationPracticeStatement.html b/www/policy/CertificationPracticeStatement.html
index 0cf02a4..f840200 100644
--- a/www/policy/CertificationPracticeStatement.html
+++ b/www/policy/CertificationPracticeStatement.html
@@ -886,7 +886,7 @@ look at the CPS to figure it out.
<p>
<b> Old Roots.</b>
-The old CAcert root layout is as below. These roots are <b>Audit Fail</b>
+The old CAcert root layout is as below. These roots are <strong>Audit Fail</strong>
and will only be used where new roots do not serve:
</p>
<ul><li>
@@ -1193,12 +1193,13 @@ made available on issuance.
<b>Client Certificates.</b>
The Subscriber Naming consists of:
</p>
+
<ul>
- <li><tt>subjectAltName=</tt>
+ <li><pre>subjectAltName=</pre>
One, or more, of the Subscriber's verified email addresses,
in rfc822Name format.
- <li><tt>EmailAddress=</tt>
+ <li><pre>EmailAddress=</pre>
One, or more, of the Subscriber's verified email addresses.
This is deprecated under
RFC5280 <a href="http://tools.ietf.org/html/rfc5280#section-4.2.1.6">4
@@ -1206,10 +1207,10 @@ The Subscriber Naming consists of:
and is to be phased out. Also includes a SHA1 hash of a random number if
the member selects SSO (Single Sign On ID) during submission of CSR.
</li>
- <li><tt>CN=</tt> The common name takes its value from one of:
+ <li><pre>CN=</pre> The common name takes its value from one of:
<ul><li>
For all Members,
- the string "<tt>CAcert WoT Member</tt>" may be used for
+ the string "<pre>CAcert WoT Member</pre>" may be used for
anonymous certificates.
</li><li>
For individual Members,
@@ -1227,12 +1228,13 @@ The Subscriber Naming consists of:
<b>Individual Server Certificates.</b>
The Subscriber Naming consists of:
</p>
+
<ul>
- <li><tt>CN=</tt>
+ <li><pre>CN=</pre>
The common name is the host name out of a domain
for which the Member is a domain master.
</li> <li>
- <tt>subjectAltName=</tt>
+ <pre>subjectAltName=</pre>
Additional host names for which the Member
is a domain master may be added to permit the
certificate to serve multiple domains on one IP number.
@@ -1247,17 +1249,17 @@ In addition to the above, the following applies:
</p>
<ul>
- <li><tt>OU=</tt>
+ <li><pre>OU=</pre>
organizationalUnitName (set by O-Admin, must be verified by O-Admin).</li>
- <li><tt>O=</tt>
+ <li><pre>O=</pre>
organizationName is the fixed name of the Organisation.</li>
- <li><tt>L=</tt>
+ <li><pre>L=</pre>
localityName</li>
- <li><tt>ST=</tt>
+ <li><pre>ST=</pre>
stateOrProvinceName</li>
- <li><tt>C=</tt>
+ <li><pre>C=</pre>
countryName</li>
- <li><tt>contact=</tt>
+ <li><pre>contact=</pre>
EMail Address of Contact.
<!-- not included in RFC5280 4.1.2.4 list, but list is not restricted -->
</li>
@@ -1277,14 +1279,15 @@ does not go into the certificate.
</h4>
<p>
-Each Member's Name (<tt>CN=</tt> field)
+
+Each Member's Name &#x28;<span class="pre">CN&#x3d;</span> field&#x29;
is assured under the Assurance Policy (<a href="https://www.cacert.org/policy/AssurancePolicy.html">COD13</a>)
or subsidiary policies (such as Organisation Assurance Policy).
Refer to those documents for meanings and variations.
</p>
<p>
-Anonymous certificates have the same <code>subject</code>
+Anonymous certificates have the same <span class="pre">subject</span>
field common name.
See <a href="#p1.4.5">&sect;1.4.5.</a>.
</p>