source code taken from cacert-20100204.tar.bz2
[cacert.git] / cacert / pages / index / 19.php
1 <? /*
2 LibreSSL - CAcert web application
3 Copyright (C) 2004-2008 CAcert Inc.
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17 */ ?>
18 <span style="background-color: #FF8080; font-size: 150%">
19 Note that the <strong>TTP</strong> programme is effectively <strong>Frozen</strong><br>
20 Until a subsidiary policy under AP is written, it is against AP rules.<br>
21 </span>
22 &nbsp;<br>
23 <h3><?=_("Information")?></h3>
24 <table border="0" align="center" cellspacing="0" cellpadding="0">
25 <tr>
26 <td class="title" colspan="2"><?=_("What can CAcert provide to you, to increase your privacy and security for free?")?></td>
27 </tr>
28 <tr>
29 <td class="DataTD">
30 <h4><?=_("Client certificates (un-assured)")?></h4>
31 </td>
32 <td class="DataTD">
33 <u><?=_("Benefits")?>:</u> <?=_("You can send digitally signed/encrypted emails; others can send encrypted emails to you.")?><br /><br />
34 <u><?=_("Limitations")?>:</u> <?=_("Certificates expire in 6 months. Only the email address itself can be entered into the certificate (not your full name)")?>.<br /><br />
35 <u><?=_("Verification needed")?>:</u> <?=_("You must confirm it is your email address by responding to a 'ping' email sent to it.")?><br /><br />
36 </td>
37 </tr>
38 <tr>
39 <td class="DataTD">
40 <h4><?=_("Assured client certificates")?></h4>
41 </td>
42 <td class="DataTD">
43 <u><?=_("Benefits")?>:</u> <?=_("Same as above plus you can include your full name in the certificates.")?><br /><br />
44 <u><?=_("Limitations")?>:</u> <?=_("Certificates expire in 24 months.")?><br /><br />
45 <u><?=_("Verification needed")?>:</u> <?=_("Same as above, plus you must get a minimum of 50 assurance points by meeting with one or more assurers from the CAcert Web of Trust, who verify your identity using your government issued photo identity documents.")?><br /><br />
46 </td>
47 </tr>
48 <tr>
49 <td class="DataTD">
50 <h4><?=_("Code signing certificates")?></h4>
51 </td>
52 <td class="DataTD">
53 <u><?=_("Benefits")?>:</u> <?=_("Digitally sign code, web applets, installers, etc. including your name and location in the certificates.")?><br><br>
54 <u><?=_("Limitations")?>:</u> <?=sprintf(_("Certificates expire in 12 months. Certificates %s must%s include your full name."),"<u>","</u>")?><br /><br />
55 <u><?=_("Verification needed")?>:</u> <?=_("Same as above plus get 100 assurance points by meeting with multiple assurers from the CAcert Web of Trust, who verify your identity using your government issued photo identity documents.")?><br><br>
56 </td>
57 </tr>
58 <tr>
59 <td class="DataTD">
60 <h4><?=_("Server certificates (un-assured)")?></h4>
61 </td>
62 <td class="DataTD">
63 <u><?=_("Benefits")?>:</u> <?=_("Enable encrypted data transfer for users accessing your web, email, or other SSL enabled service on your server; wildcard certificates are allowed.")?><br><br>
64 <u><?=_("Limitations")?>:</u> <?=_("Certificates expire in 6 months; only the domain name itself can be entered into the certificates (not your full name, company name, location, etc.).")?><br><br>
65 <u><?=_("Verification needed")?>:</u> <?=_("You must confirm that you are the owner (or authorized administrator) of the domain by responding to a 'ping' email sent to either the email address listed in the whois record, or one of the RFC-mandatory addresses (hostmaster/postmaster/etc).")?><br><br>
66 </td>
67 </tr>
68 <tr>
69 <td class="DataTD">
70 <h4><?=_("Assured server certificates")?></h4>
71 </td>
72 <td class="DataTD">
73 <u><?=_("Benefits")?>:</u> <?=_("Same as above.")?><br><br>
74 <u><?=_("Limitations")?>:</u> <?=_("Same as above, except certificates expire in 24 months.")?><br><br>
75 <u><?=_("Verification needed")?>:</u> <?=_("Same as above, plus get 50 assurance points by meeting with assurer(s) from the CAcert Web of Trust, who verify your identity using your government issued photo identity documents.")?><br><br>
76 </td>
77 </tr>
78 <tr>
79 <td class="DataTD">
80 <h4><?=_("Become an assurer in CAcert Web of Trust")?></h4>
81 </td>
82 <td class="DataTD">
83 <u><?=_("Benefits")?>:</u> <?=_("The ability to assure other new CAcert users; contribute to the strengthening and broadening of the CAcert Web of Trust.")?><br><br>
84 <u><?=_("Limitations")?>:</u> <?=_("The number of assurance point you have will limit the maximum assurance points you can issue for people you assure.")?><br><br>
85 <u><?=_("Verification needed")?>:</u> <?=_("You will need to be issued 100 points by meeting with existing assurers from the CAcert Web of Trust, who verify your identity using your government issued photo identity documents; OR if it is too difficult to meet up with existing assurers in your area, meet with two Trusted Third Party assurers (notary public, justice of the peace, lawyer, bank manager, accountant) to do the verifying.")?><br><br>
86 </td>
87 </tr>
88 <tr>
89 <td class="DataTD">
90 <h4><?=_("Become a member of the CAcert Association")?></h4>
91 </td>
92 <td class="DataTD">
93 <u><?=_("Benefits")?>:</u> <?=_("You get a vote in how CAcert (a non-profit association incorporated in Australia) is run; be eligible for positions on the CAcert board.")?><br><br>
94 <u><?=_("Limitations")?>:</u> <?=_("None, the sky is the limit for CAcert.")?><br><br>
95 <u><?=_("Verification needed")?>:</u> <?=_("None; $10 USD per year membership fee.")?><br><br>
96 </td>
97 </tr>
98 <tr>
99 <td class="DataTD" colspan="2">
100 (*) <?=_("Please note a general limitation is that, unlike long-time players like Verisign, CAcert's root certificate is not included by default in mainstream browsers, email clients, etc. This means people to whom you send encrypted email, or users who visit your SSL-enabled web server, will first have to import CAcert's root certificate, or they will have to agree to pop-up security warnings (which may look a little scary to non-techy users).")?>
101 </td>
102 </tr>
103 </table>
104 <br>