diff options
Diffstat (limited to 'www/policy')
| -rw-r--r-- | www/policy/AssurancePolicy.html | 48 | ||||
| -rw-r--r-- | www/policy/CAcertCommunityAgreement.html | 48 | ||||
| -rw-r--r-- | www/policy/CertificationPracticeStatement.html | 122 |
3 files changed, 109 insertions, 109 deletions
diff --git a/www/policy/AssurancePolicy.html b/www/policy/AssurancePolicy.html index 818349a..c1b9e69 100644 --- a/www/policy/AssurancePolicy.html +++ b/www/policy/AssurancePolicy.html @@ -61,8 +61,8 @@ Last change date: 2009-01-08<br> <h1>Assurance Policy for CAcert Community Members</h1> -<h2><a id="s0">0.</a> Preamble</h2> -<h3><a id="s0.1">0.1.</a> Definition of Terms</h3> +<h2 id="s0">0. Preamble</h2> +<h3 id="s0.1">0.1. Definition of Terms</h3> <dl> <dt><em>Member</em> </dt> <dd> A Member is an individual who has agreed to the CAcert @@ -88,7 +88,7 @@ that assists discrimination from Members with similar full names. </dd> </dl> -<h3><a id="s0.2">0.2.</a> The CAcert Web of Trust</h3> +<h3 id="s0.2">0.2. The CAcert Web of Trust</h3> <p> In face-to-face meetings, an Assurer allocates a number of Assurance Points @@ -101,7 +101,7 @@ CAcert explicitly chooses to meet its various goals by construction of a Web-of-Trust of all Members. </p> -<h3><a id="s0.3">0.3.</a> Related Documentation</h3> +<h3 id="s0.3">0.3. Related Documentation</h3> <p> Documentation on Assurance is split between this Assurance Policy (AP) and the @@ -121,7 +121,7 @@ See also Organisation Assurance Policy (<a href="https://www.cacert.org/policy/O and CAcert Policy Statement (<a href="https://www.cacert.org/policy/CertificationPracticeStatement.html" target="_blank">CPS</a>). </p> -<h2><a id="s1">1.</a> Assurance Purpose</h2> +<h2 id="s1">1. Assurance Purpose</h2> <p>The purpose of Assurance is to add confidence in the Assurance Statement made by the CAcert Community of a Member. </p> <p>With sufficient assurances, a Member may: (a) issue certificates @@ -129,7 +129,7 @@ with their assured Name included, (b) participate in assuring others, and (c) other related activities. The strength of these activities is based on the strength of the assurance. </p> -<h3><a id="s1.1">1.1.</a>The Assurance Statement</h3> +<h3 id="s1.1">1.1.The Assurance Statement</h3> <p> The Assurance Statement makes the following claims about a person: @@ -160,7 +160,7 @@ address(es), secondary distinguishing feature (e.g. DoB). </p> </ol> <p>The confidence level of the Assurance Statement is expressed by the Assurance Points. </p> -<h3><a id="s1.2">1.2.</a>Relying Party Statement</h3> +<h3 id="s1.2">1.2.Relying Party Statement</h3> <p>The primary goal of the Assurance Statement is for the express purpose of certificates to meet the needs of the <em>Relying Party Statement</em>, which latter is found in the Certification Practice @@ -177,8 +177,8 @@ reliable indications of e.g. the Member's Name and email address. The nature of Assurance, the number of Assurance Points, and other policies and processes should be understood as limitations on any reliance. </p> -<h2><a id="s2">2.</a> The Member</h2> -<h3><a id="s2.1">2.1.</a> The Member's Name </h3> +<h2 id="s2">2. The Member</h2> +<h3 id="s2.1">2.1. The Member's Name </h3> <p> At least one individual Name is recorded in the Member's CAcert login account. The general standard of a Name is: @@ -203,7 +203,7 @@ encoded in unicode transformation format.</p> </li> </ul> -<h3><a id="s2.2">2.2.</a> Multiple Names and variations</h3> +<h3 id="s2.2">2.2. Multiple Names and variations</h3> <p> In order to handle the contradictions in the above general standard, a Member may record multiple Names or multiple variations of a Name @@ -215,7 +215,7 @@ different language or country variations, and transliterations of characters in a name. </p> -<h3><a id="s2.3">2.3.</a> Status and Capabilities</h3> +<h3 id="s2.3">2.3. Status and Capabilities</h3> <p> A Name which has reached the level of 50 Assurance Points is defined as an Assured @@ -324,7 +324,7 @@ and other policies may list other capabilities that rely on Assurance Points. </p> -<h2><a id="s3">3.</a> The Assurer</h2> +<h2 id="s3">3. The Assurer</h2> <p>An Assurer is a Member with the following: </p> <ul> <li> @@ -336,7 +336,7 @@ Points. </ul> <p>The Assurer Challenge is administered by the Education Team on behalf of the Assurance Officer. </p> -<h3><a id="s3.1">3.1.</a> The Obligations of the Assurer</h3> +<h3 id="s3.1">3.1. The Obligations of the Assurer</h3> <p>The Assurer is obliged to: </p> <ul> <li> @@ -366,8 +366,8 @@ directed by the Arbitrator; </p> Community. </p> </li> </ul> -<h2><a id="s4">4.</a> The Assurance</h2> -<h3><a id="s4.1">4.1.</a> The Assurance Process</h3> +<h2 id="s4">4. The Assurance</h2> +<h3 id="s4.1">4.1. The Assurance Process</h3> <p>The Assurer conducts the process of Assurance with each Member. </p> <p>The process consists of: </p> @@ -401,7 +401,7 @@ Assuree (Mutual Assurance); </p> forms by Assurer. </p> </li> </ol> -<h3><a id="s4.2">4.2.</a> Mutual Assurance</h3> +<h3 id="s4.2">4.2. Mutual Assurance</h3> <p>Mutual Assurance follows the principle of reciprocity. This means that the Assurance may be two-way, and that each member participating @@ -415,7 +415,7 @@ the Assurer, and reduces any sense of power. It is also an important aid to the assurance training for future Assurers. </p> -<h3><a id="s4.3">4.3.</a> Assurance Points</h3> +<h3 id="s4.3">4.3. Assurance Points</h3> <p>The Assurance applies Assurance Points to each Member which measure the increase of confidence in the Statement (above). Assurance Points should not be interpreted for any other purpose. @@ -482,7 +482,7 @@ and under any act under any Subsidiary Policy (below) is 50 Assurance Points. </p> -<h3><a id="s4.4">4.4.</a> Experience Points</h3> +<h3 id="s4.4">4.4. Experience Points</h3> <p>The maximum number of Assurance Points that may be awarded by an Assurer is determined by the Experience Points of the Assurer. </p> @@ -562,7 +562,7 @@ permanently to an Assurer by CAcert Inc.'s Committee (board), on recommendation from the Assurance Officer. </p> <p>Experience Points are not to be confused with Assurance Points. </p> -<h3><a id="s4.5">4.5.</a> CAcert Assurance Programme (CAP) form</h3> +<h3 id="s4.5">4.5. CAcert Assurance Programme (CAP) form</h3> <p>The CAcert Assurance Programme (<a href="https://www.cacert.org/cap.php" target="_blank">CAP</a>) form requests the following details of each Member or Prospective Member: </p> @@ -614,7 +614,7 @@ required as well; </p> </ul> <p>The CAP forms are to be kept at least for 7 years by the Assurer. </p> -<h2><a id="s5">5.</a> The Assurance Officer</h2> +<h2 id="s5">5. The Assurance Officer</h2> <p>The Committee (board) of CAcert Inc. appoints an Assurance Officer with the following responsibilities: </p> @@ -654,21 +654,21 @@ procedures or guidelines; </p> (web-of-trust) to meet the agreed needs of the Community. </p> </li> </ul> -<h2><a id="s6">6.</a> Subsidiary Policies</h2> +<h2 id="s6">6. Subsidiary Policies</h2> <p>The Assurance Officer manages various exceptions and additional processes. Each must be covered by an approved Subsidiary Policy (refer to Policy on Policy => CAcert Official Document COD1). Subsidiary Policies specify any additional tests of knowledge required and variations to process and documentation, within the general standard stated here. </p> -<h3><a id="s6.1">6.1.</a> Standard</h3> +<h3 id="s6.1">6.1. Standard</h3> <p>Each Subsidiary Policy must augment and improve the general standards in this Assurance Policy. It is the responsibility of each Subsidiary Policy to describe how it maintains and improves the specific and overall goals. It must describe exceptions and potential areas of risk. </p> -<h3><a id="s6.2">6.2.</a> High Risk Applications</h3> +<h3 id="s6.2">6.2. High Risk Applications</h3> <p>In addition to the Assurance or Experience Points ratings set here and in other subsidiary policies, the Assurance Officer or policies can designate certain applications as high risk. If so, additional @@ -720,7 +720,7 @@ support administrators. </p> </ul> <p>Applications that might attract additional measures include code-signing certificates and administration roles. </p> -<h2><a id="s7">7.</a> Privacy</h2> +<h2 id="s7">7. Privacy</h2> <p>CAcert is a "privacy" organisation, and takes the privacy of its Members seriously. The process maintains the security and privacy of both parties. </p> diff --git a/www/policy/CAcertCommunityAgreement.html b/www/policy/CAcertCommunityAgreement.html index 775311a..ea97451 100644 --- a/www/policy/CAcertCommunityAgreement.html +++ b/www/policy/CAcertCommunityAgreement.html @@ -38,7 +38,7 @@ Editor: <a style="color: steelblue" href="https://wiki.cacert.org/Iang">Iang</a> -<h3> <a id="s0"> 0. </a> Introduction </h3> +<h3 id="s0"> 0. Introduction </h3> <p> This agreement is between @@ -48,7 +48,7 @@ and CAcert Incorporated ("CAcert"), being an operator of services to the Community. </p> -<h4> <a id="s0.1"> 0.1 </a> Terms </h4> +<h4 id="s0.1"> 0.1 Terms </h4> <ol><li> "CAcert" means CAcert Inc., @@ -137,9 +137,9 @@ being an operator of services to the Community. </li></ol> -<h3> <a id="s1"> 1. </a> Agreement and Licence </h3> +<h3 id="s1"> 1. Agreement and Licence </h3> -<h4> <a id="s1.1"> 1.1 </a> Agreement </h4> +<h4 id="s1.1"> 1.1 Agreement </h4> <p> You and CAcert both agree to the terms and conditions @@ -172,7 +172,7 @@ including the NRP-DaL. </p> -<h4> <a id="s1.2"> 1.2 </a> Licence </h4> +<h4 id="s1.2"> 1.2 Licence </h4> <p> As part of the Community, CAcert offers you these rights: @@ -195,7 +195,7 @@ As part of the Community, CAcert offers you these rights: non-exclusive, and non-transferrable. </li></ol> -<h4> <a id="s1.3"> 1.3 </a> Your Contributions </h4> +<h4 id="s1.3"> 1.3 Your Contributions </h4> <p> @@ -226,7 +226,7 @@ Note that the following exceptions override this clause: Source code is subject to an open source licence regime. </li></ol> -<h4> <a id="s1.4"> 1.4 </a> Privacy </h4> +<h4 id="s1.4"> 1.4 Privacy </h4> <p> @@ -242,14 +242,14 @@ CAcert Community administrators and Assurers. Privacy is further covered in the Privacy Policy ("PP" => COD5). </p> -<h3> <a id="s2"> 2. </a> Your Risks, Liabilities and Obligations </h3> +<h3 id="s2"> 2. Your Risks, Liabilities and Obligations </h3> <p> As a Member, you have risks, liabilities and obligations within this agreement. </p> -<h4> <a id="s2.1"> 2.1 </a> Risks </h4> +<h4 id="s2.1"> 2.1 Risks </h4> <ol><li> A certificate may prove unreliable. @@ -261,7 +261,7 @@ and obligations within this agreement. (DRP => COD7). </li></ol> -<h4> <a id="s2.2"> 2.2 </a> Liabilities </h4> +<h4 id="s2.2"> 2.2 Liabilities </h4> <ol><li> You are liable for any penalties @@ -283,7 +283,7 @@ and obligations within this agreement. The Arbitration Act will not apply to criminal cases. </li></ol> -<h4> <a id="s2.3"> 2.3 </a> Obligations </h4> +<h4 id="s2.3"> 2.3 Obligations </h4> <p> You are obliged @@ -301,7 +301,7 @@ and obligations within this agreement. (DRP => COD7). </li></ol> -<h4> <a id="s2.4"> 2.4 </a> Principles </h4> +<h4 id="s2.4"> 2.4 Principles </h4> <p> As a Member of CAcert, you are a member of @@ -313,7 +313,7 @@ the Community. <a href="https://svn.cacert.org/CAcert/principles.html">Principles of the Community</a>. </p> -<h4> <a id="s2.5"> 2.5 </a> Security </h4> +<h4 id="s2.5"> 2.5 Security </h4> <p> CAcert exists to help you to secure yourself. You are primarily responsible for your own security. @@ -347,9 +347,9 @@ degree, in proportion with your risks and the risks of others. </p> -<h3> <a id="s3"> 3. </a> Law and Jurisdiction </h3> +<h3 id="s3"> 3. Law and Jurisdiction </h3> -<h4> <a id="s3.1"> 3.1 </a> Governing Law </h4> +<h4 id="s3.1"> 3.1 Governing Law </h4> <p> This agreement is governed under the law of @@ -357,7 +357,7 @@ New South Wales, Australia, being the home of the CAcert Inc. Association. </p> -<h4> <a id="s3.2"> 3.2 </a> Arbitration as Forum of Dispute Resolution </h4> +<h4 id="s3.2"> 3.2 Arbitration as Forum of Dispute Resolution </h4> <p> You agree, with CAcert and all of the Community, @@ -390,7 +390,7 @@ that is simply support actions, and you may file disputes in order to initiate support actions. </p> -<h4> <a id="s3.3"> 3.3 </a> Termination </h4> +<h4 id="s3.3"> 3.3 Termination </h4> <p> You may terminate this agreement by resigning from CAcert. You may do this at any time by @@ -415,7 +415,7 @@ agreement or bind you to a ruling. Only the Arbitrator may terminate this agreement with you. </p> -<h4> <a id="s3.4"> 3.4 </a> Changes of Agreement </h4> +<h4 id="s3.4"> 3.4 Changes of Agreement </h4> <p> CAcert may from time to time vary the terms of this Agreement. @@ -431,7 +431,7 @@ Continued use of the service shall be deemed to be agreement by you. </p> -<h4> <a id="s3.5"> 3.5 </a> Communication </h4> +<h4 id="s3.5"> 3.5 Communication </h4> <p> Notifications to CAcert are to be sent by @@ -455,9 +455,9 @@ to receive emails from CAcert. Arbitration is generally conducted by email. </p> -<h3> <a id="s4"> 4. </a> Miscellaneous </h3> +<h3 id="s4"> 4. Miscellaneous </h3> -<h4> <a id="s4.1"> 4.1 </a> Other Parties Within the Community </h4> +<h4 id="s4.1"> 4.1 Other Parties Within the Community </h4> <p> As well as you and other Members in the Community, @@ -470,7 +470,7 @@ mirror and reinforce these terms. </p> -<h4> <a id="s4.2"> 4.2 </a> References and Other Binding Documents </h4> +<h4 id="s4.2"> 4.2 References and Other Binding Documents </h4> <p> This agreement is CAcert Official Document 9 (COD9) @@ -507,7 +507,7 @@ and may not be replaced or waived except by formal policy channels and by Arbitration. </p> -<h4> <a id="s4.3"> 4.3 </a> Informative References </h4> +<h4 id="s4.3"> 4.3 Informative References </h4> <p> The governing documents are in English. @@ -525,7 +525,7 @@ The Handbook is not however an agreement, and is overruled by this agreement and others listed above. </p> -<h4> <a id="s4.4"> 4.4 </a> Not Covered in this Agreement </h4> +<h4 id="s4.4"> 4.4 Not Covered in this Agreement </h4> <p> <b>Intellectual Property.</b> diff --git a/www/policy/CertificationPracticeStatement.html b/www/policy/CertificationPracticeStatement.html index fed7001..21c3903 100644 --- a/www/policy/CertificationPracticeStatement.html +++ b/www/policy/CertificationPracticeStatement.html @@ -290,9 +290,9 @@ Licence: <a style="color: steelblue" href="https://wiki.cacert.org/Policy#Licenc <!-- *************************************************************** --> -<h2><a id="p1">1. INTRODUCTION</a></h2> +<h2 id="p1">1. INTRODUCTION</h2> -<h3><a id="p1.1">1.1. Overview</a></h3> +<h3 id="p1.1">1.1. Overview</h3> <p> This document is the Certification Practice Statement (CPS) of @@ -304,7 +304,7 @@ including Assurers, Members, and CAcert itself. </p> -<h3><a id="p1.2">1.2. Document name and identification</a></h3> +<h3 id="p1.2">1.2. Document name and identification</h3> <p> This document is the Certification Practice Statement (CPS) of CAcert. @@ -363,7 +363,7 @@ except where explicitly deferred to. See also <a href="#p1.5.1">1.5.1 Organisation Administering the Document</a>. </p> -<h3><a id="p1.3">1.3. PKI participants</a></h3> +<h3 id="p1.3">1.3. PKI participants</h3> <p> The CA is legally operated by CAcert Incorporated, an Association registered in 2002 in @@ -383,19 +383,19 @@ with the <em>Association Members</em>, which latter are not referred to anywhere in this CPS.) </p> -<h4><a id="p1.3.1">1.3.1. Certification authorities</a></h4> +<h4 id="p1.3.1">1.3.1. Certification authorities</h4> <p> CAcert does not issue certificates to external intermediate CAs under the present CPS. </p> -<h4><a id="p1.3.2">1.3.2. Registration authorities</a></h4> +<h4 id="p1.3.2">1.3.2. Registration authorities</h4> <p> Registration Authorities (RAs) are controlled under Assurance Policy (<a href="https://www.cacert.org/policy/AssurancePolicy.html">COD13</a>). </p> -<h4><a id="p1.3.3">1.3.3. Subscribers</a></h4> +<h4 id="p1.3.3">1.3.3. Subscribers</h4> <p> CAcert issues certificates to Members only. @@ -403,7 +403,7 @@ Such Members then become Subscribers. </p> -<h4><a id="p1.3.4">1.3.4. Relying parties</a></h4> +<h4 id="p1.3.4">1.3.4. Relying parties</h4> <p> A relying party is a Member, @@ -414,7 +414,7 @@ who, in the act of using a CAcert certificate, makes a decision on the basis of that certificate. </p> -<h4><a id="p1.3.5">1.3.5. Other participants</a></h4> +<h4 id="p1.3.5">1.3.5. Other participants</h4> <p> <strong>Member.</strong> @@ -453,7 +453,7 @@ No other rights nor relationship is implied or offered. </p> -<h3><a id="p1.4">1.4. Certificate usage</a></h3> +<h3 id="p1.4">1.4. Certificate usage</h3> <p>CAcert serves as issuer of certificates for individuals, businesses, governments, charities, @@ -552,7 +552,7 @@ and risks, liabilities and obligations in <div class="c figure">Table 1.4. Types of Certificate</div> -<h4><a id="p1.4.1">1.4.1. Appropriate certificate uses</a></h4> +<h4 id="p1.4.1">1.4.1. Appropriate certificate uses</h4> <p> General uses. @@ -589,7 +589,7 @@ General uses. </li></ul> -<h4><a id="p1.4.2">1.4.2. Prohibited certificate uses</a></h4> +<h4 id="p1.4.2">1.4.2. Prohibited certificate uses</h4> <p> CAcert certificates are not designed, intended, or authorised for the following applications: @@ -603,7 +603,7 @@ the following applications: or severe environmental damage. </li></ul> -<h4><a id="p1.4.3">1.4.3. Unreliable Applications</a></h4> +<h4 id="p1.4.3">1.4.3. Unreliable Applications</h4> <p> CAcert certificates are not designed nor intended for use in @@ -639,7 +639,7 @@ for these applications: </li></ul> -<h4><a id="p1.4.4">1.4.4. Limited certificate uses</a></h4> +<h4 id="p1.4.4">1.4.4. Limited certificate uses</h4> <p> By contract or within a specific environment @@ -663,7 +663,7 @@ any harm or liability caused by such usage. policy or other external regime agreed by the parties. </p> -<h4><a id="p1.4.5">1.4.5. Roots and Names</a></h4> +<h4 id="p1.4.5">1.4.5. Roots and Names</h4> <p> <strong>Named Certificates.</strong> @@ -811,19 +811,19 @@ and will be submitted to vendors via the (Top-level) Root. <div class="c figure">Table 1.4.5.b Certificate under Audit Roots</div> -<h3><a id="p1.5">1.5. Policy administration</a></h3> +<h3 id="p1.5">1.5. Policy administration</h3> <p>See <a href="#p1.2">1.2 Document Name and Identification</a> for general scope of this document.</p> -<h4><a id="p1.5.1">1.5.1. Organization administering the document</a></h4> +<h4 id="p1.5.1">1.5.1. Organization administering the document</h4> <p> This document is administered by the policy group of the CAcert Community under Policy on Policy (<a href="https://www.cacert.org/policy/PolicyOnPolicy.html">COD1</a>). </p> -<h4><a id="p1.5.2">1.5.2. Contact person</a></h4> +<h4 id="p1.5.2">1.5.2. Contact person</h4> <p> For questions including about this document: </p> @@ -836,14 +836,14 @@ For questions including about this document: <li>IRC: irc.cacert.org #CAcert (ssl port 7000, non-ssl port 6667)</li> </ul> -<h4><a id="p1.5.3">1.5.3. Person determining CPS suitability for the policy</a></h4> +<h4 id="p1.5.3">1.5.3. Person determining CPS suitability for the policy</h4> <p> This CPS and all other policy documents are managed by the policy group, which is a group of Members of the Community found at policy forum. See discussion forums above. </p> -<h4><a id="p1.5.4">1.5.4. CPS approval procedures</a></h4> +<h4 id="p1.5.4">1.5.4. CPS approval procedures</h4> <p> CPS is controlled and updated according to the Policy on Policy @@ -862,14 +862,14 @@ The process is modelled after some elements of the RFC process by the IETF. </p> -<h4><a id="p1.5.5">1.5.5 CPS updates</a></h4> +<h4 id="p1.5.5">1.5.5 CPS updates</h4> <p> As per above. </p> -<h3><a id="p1.6">1.6. Definitions and acronyms</a></h3> +<h3 id="p1.6">1.6. Definitions and acronyms</h3> <p> <strong><a id="d_cert">Certificate</a></strong>. @@ -1040,10 +1040,10 @@ As per above. <!-- *************************************************************** --> -<h2><a id="p2">2. PUBLICATION AND REPOSITORY RESPONSIBILITIES</a></h2> +<h2 id="p2">2. PUBLICATION AND REPOSITORY RESPONSIBILITIES</h2> -<h3><a id="p2.1">2.1. Repositories</a></h3> +<h3 id="p2.1">2.1. Repositories</h3> <p> CAcert operates no repositories in the sense @@ -1057,7 +1057,7 @@ there are means for Members to search, retrieve and verify certain data about themselves and others. </p> -<h3><a id="p2.2">2.2. Publication of certification information</a></h3> +<h3 id="p2.2">2.2. Publication of certification information</h3> <p> CAcert publishes: @@ -1076,24 +1076,24 @@ certificates is presumed to be public and published, once issued and delivered to the Member. </p> -<h3><a id="p2.3">2.3. Time or frequency of publication</a></h3> +<h3 id="p2.3">2.3. Time or frequency of publication</h3> <p> Root and Intermediate Certificates and CRLs are made available on issuance. </p> -<h3><a id="p2.4">2.4. Access controls on repositories</a></h3> +<h3 id="p2.4">2.4. Access controls on repositories</h3> <p> No stipulation. </p> <!-- *************************************************************** --> -<h2><a id="p3">3. IDENTIFICATION AND AUTHENTICATION</a></h2> +<h2 id="p3">3. IDENTIFICATION AND AUTHENTICATION</h2> -<h3><a id="p3.1">3.1. Naming</a></h3> +<h3 id="p3.1">3.1. Naming</h3> -<h4><a id="p3.1.1">3.1.1. Types of names</a></h4> +<h4 id="p3.1.1">3.1.1. Types of names</h4> <p> <strong>Client Certificates.</strong> @@ -1201,13 +1201,13 @@ Email addresses are verified according to <a href="#p4.2.2">§4.2.2.</a> </p> -<h4><a id="p3.1.3">3.1.3. Anonymity or pseudonymity of subscribers</a></h4> +<h4 id="p3.1.3">3.1.3. Anonymity or pseudonymity of subscribers</h4> <p> See <a href="#p1.4.5">§1.4.5</a>. </p> -<h4><a id="p3.1.4">3.1.4. Rules for interpreting various name forms</a></h4> +<h4 id="p3.1.4">3.1.4. Rules for interpreting various name forms</h4> <p> Interpretation of Names is controlled by the Assurance Policy, is administered by means of the Member's account, @@ -1217,7 +1217,7 @@ should be expected as fraud (e.g., phishing) may move too quickly for policies to fully document rules. </p> -<h4><a id="p3.1.5">3.1.5. Uniqueness of names</a></h4> +<h4 id="p3.1.5">3.1.5. Uniqueness of names</h4> <p> Uniqueness of Names within certificates is not guaranteed. @@ -1232,7 +1232,7 @@ Domain names and email address can only be registered to one Member. </p> -<h4><a id="p3.1.6">3.1.6. Recognition, authentication, and role of trademarks</a></h4> +<h4 id="p3.1.6">3.1.6. Recognition, authentication, and role of trademarks</h4> <p> Organisation Assurance Policy @@ -1243,7 +1243,7 @@ See <a href="#p9.13">§9.13</a>. </p> -<h4><a id="p3.1.7">3.1.7. International Domain Names</a></h4> +<h4 id="p3.1.7">3.1.7. International Domain Names</h4> <p> Certificates containing International Domain Names, being those containing a @@ -1476,7 +1476,7 @@ This criteria will apply to the email address and server host name fields for al The CAcert Inc. Board has the authority to decide to add or remove accepted TLD Registrars on this list. </p> -<h3><a id="p3.2">3.2. Initial Identity Verification</a></h3> +<h3 id="p3.2">3.2. Initial Identity Verification</h3> <p> Identity verification is controlled by the @@ -1486,7 +1486,7 @@ the following is representative and brief only. </p> -<h4><a id="p3.2.1">3.2.1. Method to prove possession of private key</a></h4> +<h4 id="p3.2.1">3.2.1. Method to prove possession of private key</h4> <p> CAcert uses industry-standard techniques to @@ -1504,7 +1504,7 @@ ActiveX uses a challenge-response protocol to check the private key dynamically. </p> -<h4><a id="p3.2.2">3.2.2. Authentication of Individual Identity</a></h4> +<h4 id="p3.2.2">3.2.2. Authentication of Individual Identity</h4> <p> <strong>Agreement.</strong> @@ -1591,7 +1591,7 @@ certificates that state their Assured Name(s). -<h4><a id="p3.2.3">3.2.3. Authentication of organization identity</a></h4> +<h4 id="p3.2.3">3.2.3. Authentication of organization identity</h4> <p> @@ -1631,7 +1631,7 @@ stated in the OAP, briefly presented here: </li></ol> -<h4><a id="p3.2.4">3.2.4. Non-verified subscriber information</a></h4> +<h4 id="p3.2.4">3.2.4. Non-verified subscriber information</h4> <p> All information in the certificate is verified, @@ -1639,7 +1639,7 @@ see Relying Party Statement, <a href="#p4.5.2">§4.5.2</a>. </p> -<h4><a id="p3.2.5">3.2.5. Validation of authority</a></h4> +<h4 id="p3.2.5">3.2.5. Validation of authority</h4> <p> The authorisation to obtain a certificate is established as follows: @@ -1673,7 +1673,7 @@ See Organisation Assurance Policy. </p> -<h4><a id="p3.2.6">3.2.6. Criteria for interoperation</a></h4> +<h4 id="p3.2.6">3.2.6. Criteria for interoperation</h4> <p> CAcert does not currently issue certificates to subordinate CAs @@ -1682,13 +1682,13 @@ Other CAs may become Members, and are then subject to the same reliance provisions as all Members. </p> -<h3><a id="p3.3">3.3. Re-key Requests</a></h3> +<h3 id="p3.3">3.3. Re-key Requests</h3> <p> Via the Member's account. </p> -<h3><a id="p3.4">3.4. Revocations Requests</a></h3> +<h3 id="p3.4">3.4. Revocations Requests</h3> <p> Via the Member's account. @@ -1701,7 +1701,7 @@ process or file a dispute. <!-- *************************************************************** --> -<h2><a id="p4">4. CERTIFICATE LIFE-CYCLE OPERATIONAL REQUIREMENTS</a></h2> +<h2 id="p4">4. CERTIFICATE LIFE-CYCLE OPERATIONAL REQUIREMENTS</h2> <p> The general life-cycle for a new certificate for an Individual Member is:</p> @@ -1732,16 +1732,16 @@ The general life-cycle for a new certificate for an Individual Member is:</p> </p> -<h3><a id="p4.1">4.1. Certificate Application</a></h3> +<h3 id="p4.1">4.1. Certificate Application</h3> -<h4><a id="p4.1.1">4.1.1. Who can submit a certificate application</a></h4> +<h4 id="p4.1.1">4.1.1. Who can submit a certificate application</h4> <p> Members may submit certificate applications. On issuance of certificates, Members become Subscribers. </p> -<h4><a id="p4.1.2">4.1.2. Adding Addresses</a></h4> +<h4 id="p4.1.2">4.1.2. Adding Addresses</h4> <p> The Member can claim ownership or authorised control of @@ -1760,7 +1760,7 @@ There are these controls:</p> </li></ul> -<h4><a id="p4.1.3">4.1.3. Preparing CSR </a></h4> +<h4 id="p4.1.3">4.1.3. Preparing CSR </h4> <p> Members generate their own key-pairs. @@ -1775,7 +1775,7 @@ The Certificate Signing Request (CSR) is prepared by the Member for presentation to the automated system. </p> -<h3><a id="p4.2">4.2. Certificate application processing</a></h3> +<h3 id="p4.2">4.2. Certificate application processing</h3> <p> The CA's certificate application process is completely automated. @@ -1788,7 +1788,7 @@ purpose, the requirements for each purpose must be fulfilled. </p> -<h4><a id="p4.2.1">4.2.1. Authentication </a></h4> +<h4 id="p4.2.1">4.2.1. Authentication </h4> <p> The Member logs in to her account on the CAcert website @@ -1796,7 +1796,7 @@ fulfilled. and passphrase or with her CAcert client-side digital certificate. </p> -<h4><a id="p4.2.2">4.2.2. Verifying Control</a></h4> +<h4 id="p4.2.2">4.2.2. Verifying Control</h4> <p> In principle, at least two controls are placed on each address. @@ -1879,7 +1879,7 @@ Notes.</p> -<h4><a id="p4.2.3">4.2.3. Options Available</a></h4> +<h4 id="p4.2.3">4.2.3. Options Available</h4> <p> The Member has options available: @@ -1902,7 +1902,7 @@ The Member has options available: </li> </ul> -<h4><a id="p4.2.4">4.2.4. Client Certificate Procedures</a></h4> +<h4 id="p4.2.4">4.2.4. Client Certificate Procedures</h4> <p> For an individual client certificate, the following is required.</p> @@ -1918,7 +1918,7 @@ For an individual client certificate, the following is required.</p> </ul> -<h4><a id="p4.2.5">4.2.5. Server Certificate Procedures</a></h4> +<h4 id="p4.2.5">4.2.5. Server Certificate Procedures</h4> <p> For a server certificate, the following is required:</p> @@ -1933,14 +1933,14 @@ For a server certificate, the following is required:</p> -<h4><a id="p4.2.6">4.2.6. Code-signing Certificate Procedures</a></h4> +<h4 id="p4.2.6">4.2.6. Code-signing Certificate Procedures</h4> <p> Code-signing certificates are made available to Assurers only. They are processed in a similar manner to client certificates. </p> -<h4><a id="p4.2.7">4.2.7. Organisation Domain Verification</a></h4> +<h4 id="p4.2.7">4.2.7. Organisation Domain Verification</h4> <p> Organisation Domains are handled under the Organisation Assurance Policy @@ -1948,9 +1948,9 @@ and the Organisation Handbook. </p> -<h3><a id="p4.3">4.3. Certificate issuance</a></h3> +<h3 id="p4.3">4.3. Certificate issuance</h3> -<h4><a id="p4.3.1">4.3.1. CA actions during certificate issuance</a></h4> +<h4 id="p4.3.1">4.3.1. CA actions during certificate issuance</h4> <p> <strong>Key Sizes.</strong> @@ -2047,7 +2047,7 @@ algorithm following the process: <div class="c figure">Table 4.3.1. Permitted Data in Signed OpenPgp Keys</div> -<h4><a id="p4.3.2">4.3.2. Notification to subscriber by the CA of issuance of certificate</a></h4> +<h4 id="p4.3.2">4.3.2. Notification to subscriber by the CA of issuance of certificate</h4> <p> Once signed, the certificate is @@ -3493,7 +3493,7 @@ and takes privacy more seriously. Any privacy issue may be referred to dispute resolution. </p> -<h4><a id="p9.4.5">9.4.5. Notice and consent to use private information</a></h4> +<h4 id="p9.4.5">9.4.5. Notice and consent to use private information</h4> <p> Members are permitted to rely on certificates of other Members. As a direct consequence of the general right to rely, |