Decisions by Policy Group
According to Policy on Policy, Policy Group can make decisions concerning policies. This list in most-recent-first order. See also Policy and DecisionNumbers.
p20100306 Policy Officer makes minor adjustments
Iang: A Broken URL in a policy requires a change under the rules in PolicyOnPolicy. So policy group has to change it. It is actually a change that is needed in a lot of places. We could:
- read the policy, make the changes needed, vote it thru.
- vote a blanket decision that Policy Officer may change URLs to track any links that move in any existing policy.
vote a blanket decision that Policy Officer may make the following changes, where it is clear that the change does not change the policy:
URLs to track any links that move,
grammatical errors,
anchors, HTML errors & formatting,
COD numbers and formatting
other minutiae,
make a formal change to Policy on Policy to incorporate the style of 3 or 2 above, as was proposed here.
Vote closed 20100306. Option 3 is carried with 8 Ayes:
Aye to 1.: |
|
Aye to 2.: |
|
Aye to 3.: |
Iang, Morten, UlrichSchroeter, PieterVanEmmerik, RaoulXavierBoerlage MartinGummi LambertHofstra Brian |
Aye to 4.: |
|
p20100120 Assurance Policy: require government ID
AlexanderPrinsier The current assurance policy is not clear enough about what is acceptable and what is not to verify a person's names.
RESOLVED, that section 2.2 of the AP is to be amended with the following:
"Except for different names due to marital status, and except for exclusion of middle names, the deviation from section 2.1 should be for technical reasons only."
Vote Aye if you want the AP to be clear about what is allowed and what is not, and specifically require a match with government issued ID.
Vote Naye if you prefer to leave this an open question and allow names which are not in government issued ID.
Aye: |
Alexander Prinsier, Morten Gulbrandsen, |
Abstain: |
|
Naye: |
Ian Grigg(*), Ulrich Schroeter, Bernhard Fröhlich, Mario Lipinski(*), Pieter van Emmerik(*), Faramir(*), |
Note: there were arguments that not all countries issue government ID's for everyone and hence this proposal is discriminatory. There is discussion for a new proposal that would only handle those countries that do issue them, to at least be clear about those, for example a Europe subpolicy.
Those marked with an asterisk ('*') have in my opinion showed arguments that they may be in favor of a new proposal, for Europe only.
p20100119 PoJAM to DRAFT
Ulrich Schroeter We've discussed the PoJAM a lot in past. I call on Policy Group to bring back our Juniors:
Therefore, RESOLVED to approve to DRAFT status (under PoP) the Policy on Junior Assurers / Members, also known as PoJAM, here https://svn.cacert.org/CAcert/Policies/PolicyOnJuniorAssurersMembers.html
x1) Morten Gulbrandsen voted twice, both Aye, last counts:
1st Date: Tue, 19 Jan 2010 20:37:11 +0100 https://lists.cacert.org/wws/arc/cacert-policy/2010-01/msg00100.html
2nd Date: Thu, 28 Jan 2010 01:08:24 +0100 https://lists.cacert.org/wws/arc/cacert-policy/2010-01/msg00151.html
Vote closed 20100130. The decision is carried with 14 Ayes, 2 Nayes. PoJAM moves to DRAFT
p20100113 Stop issuing class3 certificates
Daniel Black Proposes that:
CAcert stops issuing Class3 certificates
Aye: |
Daniel Black Philipp Dunkel Guillaume Romagny, Pieter, Andreas |
Middle: |
|
Nay: |
Iang-reasons RaoulXavierBoerlage, Gero, Mario, Philipp G, Ted, Lambert, Tomáš Trnka, Faramir, Morten |
Voting closed on 20100119 due to new information m20100117.3. Not carried, NO consensus.
p20091108 CPS to drop assurer critieria and allow IDN certificates in specified TLD or single script character sets
{Daniel Black} Proposes that:
The following modifications be made the DRAFT CPS, http://svn.cacert.org/CAcert/policy.htm, before it is copied as per p20091106:
In: 1.4.5. Roots and Names
the text ", IDN" is to be removed from the table.
Add after section 3.1.6 the following text:
3.1.7. International Domain Names
Certificates containing International Domain Names, being those containing a ACE prefix (RFC3490 Section 5), will only be issued to domains satisfying one or more of the following conditions:
- The Top Level Domain (TLD) Registrar associated with the domain has a policy that has taken measures to prevent two homographic domains being registered to different entities down to an accepted level.
- Domains contain only code points from a single unicode character script, excluding the "Common" script, with the additionally allowed numeric characters [0-9], and an ACSII hyphen '-'.
Email address containing International Domain Names in the domain portion of the email address will also be required to satisfy one of the above conditions.
The following is a list of accepted TLD Registrars:
(insert table from http://www.mozilla.org/projects/security/tld-idn-policy-list.html)
This criteria will apply to the email address and server host name fields for all certificate types.
The CAcert Inc. Board has the authority to decide to add or remove accepted TLD Registrars on this list.
In 3.2.2. Authentication of Individual Identity remove the portion of the table containing:
IDN | Can create International Domain Name (IDN) certificates
Aye: Daniel Black, Andreas Bäß, Lambert Hofstra, Nick Bebout, Thomas Kuehn, Werner Dworak, Marcus Warg, Brian McCullough, Tomáš Trnka, Michael Tänzer |
Nay: |
Vote closed 20091115 with consensus of 10 Ayes. Implemented!
p20091106 CPS to be placed on the main website
{iang} Proposes that:
The existing document under http://www.cacert.org/cps.php be removed.
The DRAFT CPS located at http://svn.cacert.org/CAcert/policy.htm be copied onto the website location at http://www.cacert.org/policy/CertificationPracticeStatement.php (and be recopied from time to time at policy group's discretion).
The URL at http://www.cacert.org/cps.php be permanently redirected to the final home of the CPS at http://www.cacert.org/policy/CertificationPracticeStatement.php
This is a one-off to remove the confusing effect of the now-deprecated document at http://www.cacert.org/cps.php .
Aye: Lambert, Faramir, iang, Brian McCullough, Philipp D, Pieter, Werner, Nick B, Daniel, Andreas Bäß, Tomáš, Mark L, Ted |
Nay: |
Vote closed 20091115 with consensus of 13 Ayes.
p20090706 CPS to DRAFT
{Philipp Dunkel} Therefore I would like to motion that unless there is dissent by 1 week from now (2009-07-06) we consider that the CPS has passed into DRAFT status.
AYE: Maurice Kellenaers, Ted, Lambert Hofstra, Werner Dworak, Daniel Black, Nick Bebout, Iang, Faramir, Brian Mc Cullough, Tomáš Trnka. from Board's m20090614.6: Philipp Dunkel, Alejandro Mery Pellegrini, Guillaume Romagny, Robert Cruikshank, Greg Stark, Evaldo Gardenali |
Nay: |
Vote closed 20090706 with consensus of 16 AYES.
p20090327 Security Policy to DRAFT
{Philipp Dunkel} I am proposing this new Security Policy to pass it into DRAFT. The Policy WIP can be found at https://svn.cacert.org/CAcert/Policies/SecurityPolicy.html Within the Security Policy there are a lot of references to the Security Manual. If you want to have a look at the current state of that, you can find it at SecurityManual
AYE: Philipp Dunkel, Alejandro Mery, Maurice Kellenaers, Rasika Dayarathna, Pete Stephenson, Greg Stark, Sam Johnston, Tomáš Trnka, Lambert Hofstra, Faramir, Pieter van Emmerik. |
Nay: |
Vote closed 20090327 with consensus of 11 Ayes.
p20090218.1 Add Danish SVR trade office registrar to the OA sub-policy Europe table of accepted trade office registrars
Proposal has been acknowledged by three Danish Assurers. CAcert board and OA Assurance manager were involved to overview first Organisation Assurance.
AYE: Asbjoern, Peter, Svenne |
Naye: |
p20090210.1 Add Belgian KBO trade office registrar to the OA sub-policy Europe table of accepted trade office registrars
Proposal has been acknowledged by two Belgian Assurers. CAcert board and OA Assurance manager were involved to overview first Organisation Assurance.
Aye: Alexander, Wim |
Naye: |
p20090105.2 Assurance Policy status: POLICY
Proposal to accept Assurance Policy as POLICY has been voted on. Votes ended 24th of December 2008.
AYE: Philipp D, Nocholas, John, Alexandro, Teus |
Nay: |
(AP is now on main website.)
p20090105.1 Methods to check Domain/Email Control and Ownership
Proposal to adapt in the Certificate Policy Statement (CPS) email/domain checks is accepted:
- CAcert will check whether an individual has control of the email address requested for certificate inclusion within 24 hours a client certificate is requested and may check at any time thereafter.
- In order to get a certificate issued by the *Community Member Subroot* the member must have been assured at least once and received at least one point. This ensures that the member has physically signed the CCA.
- In order to have their Name included in a client certificate or have a certificate issued by the *Assured Community Member Subroot* the member has to have been assured to at least 50 points.
- In order to have a server certificate issued by any subroot at least 2 of the following checks have to be completed successfully:
- E-Mail Ping sent to an administrative email address from WHOIS
- DNS Cookie
- HTTP Cookie
- Statement of at least 2 assurers about ownership/control of the domain name
- The RFC addresses.
AYE: Philipp D, Alejandro, Maurice, Lambert, Elwing, Philipp G (1,2,3), teus |
Nay: |
Abstain: Philipp G (point 4 only) |
Clsong date for votes was 24th of December 2008.
p20081016 All Information in Certificate is Verified
To adopt the following principle as policy:
All information in the certificate is verified. |
Verification means one of the following:
- Assurance, as per Assurance Programme and Assurance Policy (e.g. Name).
- "Evaluation" as per Certification Practice Statement (e.g. domains, email address).
- Control, as per Certification Practice Statement (e.g. serial numbers, etc.).
(The word "Evaluation" may be replaced at a later time by a term more suitable.)
Votes: Aye: Maurice, Laura, Teus, Philipp D, Philipp G, Lambert, Sam, Tomáš, Ted, Greg S. Closed with 10 for, none against.
p20080920 Organisation Assurance sub-policy for Europe voted to DRAFT
Organisations registered with (CAcert) approved (and official) trade office registry can apply for CAcert Organisation Assurance. Countries with Approved Registry: Austria, Finland, France, Ireland, Netherlands, Sweden, United Kingdom, Norway.
Votes: consensus
- Comment: Appendix 2 with tables of not yet approved countries and registries is not part of the sub-policy and is for information only. Organisation Assurers handbook and Organisation Assurance wiki will have detailed information about regsitry company search, trade office extract costs, etc.
p20080917.1 Drop wildcards for unassured Members
Wildcards and subjectAltNames are to be dropped as features available to unassured Members.
Votes: 7 Ayes. 2 Nays. 1 Abstained.
p20080917.2 Expiry times on Certs
Expiry times on certs to be limited to:
- 6 months for unassured Members
- 24 months for Assured Members
Votes: 5 Ayes.
- 12 months only for code-signing
Votes: 4 Ayes. 1 Nay.
Philipp G pointed out that there is currently no check on code-signing for a different expiry, so it is 24 months. Therefore, because it was misrepresented in debate as being the current situation, the above vote on 12 months only for code-signing should be treated as suspect and revisited in the future.
p20080712.1 Assurance Policy
Proposal for Assurance Policy to move from WIP to DRAFT status.
Votes: 9 Ayes, 1 Nay, 4 Abstentions.
p20080429.1 Organisation Assurance Sub-Policy for Ireland
Proposal to put Organisation Assurance WiP sub-policy for Ireland to DRAFT status.
Votes: 4 Ayes, no rejections or further comments.
p20080402.1 Organisation Assurance Sub-Policy for Australia
Proposal to put Organisation Assurance WiP sub-policy for Australia to DRAFT status.
Votes: 3 Ayes, no rejections or further comments.
p20080401.1 Policy on Organisation Assurance
Proposal to change the DRAFT OA policy with: OA Officer appointed by CAcert Board, OA Advisor (150 point Assurer) can become OA Assurer and OA Advisor can advise for organisation assurance when no OA Assurer is available.
Vote closed: only Ayes.
p20080401.2 Proposal to drop Date of Birth
Vote closed: 4 Ayes, 3 Nayes, some not clear votes: 1 Aye, 2 Naye
Conclusion: DoB is not dropped.
p20080308.1 Organisation Assurance sub-policy for Austria
Proposal for Organisation Assurance sub-policy for Austria draft. Author: Philipp Gühring. Decided on the policy email list. The last version of the sub-policy.
Votes closed: Ayes: 2 from Austria, no rejects or comments.
p20080204.1 Policy On Policy
Policy on Policy goes to POLICY status.
Vote closed: Ayes: Jens, Teus, Ted, Michael, ...
p20080128.1 Assurers are individuals not organisations
- Assurers are individuals, not organisations.
- Organisation Assurers are individuals, too.
- Organisation Assurance does not rely on web-of-trust, but instead relies on quality processes.
In the above, _individuals_ is synonymous with _natural persons_ and _organisations_ is synonymous with _legal persons_ being organisations that are legally separated from people.
p20080109.1 CCA to POLICY status
CAcert Community Agreement is now POLICY status.
(5 Ayes, 0 Nays.)
This means that the DRAFT copy moves to the POLICY copy.
p20080106.1 Members
To adopt the following naming of participants:
User |
A person not registered with CAcert who accesses a CAcert protected website, etc. |
Community Member |
A person who is registered with CAcert |
Association Member |
A person who is a member of CAcert Inc. |
- (9 Ayes, 0 Nays)
This vote was also notified to board, and no response seen.
Community Member may be written in short as Member and is implied.
Association Member should be written in full. The Association may choose another term at their discretion.
p20070104.1 Contributions
Change PoP Contributions clause to:
6.2 Contributions to formally controlled documents such as Policies are transferred fully to CAcert Inc. Copyrights and similar intellectual property rights required to incorporate the Contribution are either transferred to CAcert Inc, or, are issued and contributed under free, open, non-restrictive, irrevocable, exclusive, and clear licence to CAcert Inc. In all cases, CAcert Inc licenses the contributions back to the community under an open licence. |
(5 Ayes, 0 Nays)
p20071217.1 Multiple Names
Multiple names are permitted and need to be assured per name.
Commentary. This means that the accounts and Assurance process should be adjusted to cope with multiple names. Assurance Policy suggests 50 points for each name.
p20071107.1 Privacy
Change CCA Privacy clause to:
1.4 Privacy You give rights to CAcert to store, verify and process and publish your data in accordance with policies in force. These rights include shipping the data to foreign countries for system administration, support and processing purposes. Such shipping will only be done among CAcert Community administrators and Assurers. Privacy is further covered in the Privacy Policy (PP => COD 5).
Ayes: 3.
p20071207.1 Organisation Assurance sub-policy for the Netherlands
Proposal for Organisation Assurance Policy draft. Author: Teus Hagen. Decided on policy email list. The last version of the sub-policy.
Some reminders op policy decision taken by other means
p20070918.1 Policy on Organisation Assurance
Proposal for first Organisation Assurance Policy draft. Author: Jens Paul. Decided upon by decision of CAcert TOP meeting September 2007: m20070918.x.
p20070918.2 Organisation Assurance sub-policy for Germany
Proposal for first Organisation Assurance sub-policy draft for Germany. Author: Jens Paul. Decided upon decision on CAcert TOP meeting Septmber 2007, m20070918.x. as well on 22nd of October 2007 on Policy email list.