česky | deutsch | englishfrançais


More Points, More Privileges

Information

For details see the article and policy: Certification Practice Statement (CPS)


Level

Description

Points
AP/EP

CATS passed

Client certificates (un-assured), and no APs

Benefits: You can send digitally signed/encrypted emails; others can send encrypted emails to you.

AP: 0

EP: 0

./.

Limitations: 1. Certificates expire in 6 months. Only the email address itself can be entered into the certificate (not your full name). 2. Certificates can be signed only with CAcert Class 1 Root.

Verification needed: You must confirm it is your email address by responding to a 'ping' email sent to it.

Client certificates (un-assured)

Benefits: You can send digitally signed/encrypted emails; others can send encrypted emails to you.

AP: 1-49

EP: 0

./.

Limitations: Certificates expire in 6 months. Only the email address itself can be entered into the certificate (not your full name).

Verification needed: You must confirm it is your email address by responding to a 'ping' email sent to it, plus you must get 1-49 assurance points (AP) by meeting with one or more assurers from the CAcert Web of Trust, who verify your identity using your government issued photo identity documents.

Client certificates (assured)

Benefits: Same as above plus you can include your full name in the certificates.

AP: 50-100

EP: 0

./.

Limitations: Certificates expire in 24 months. (**)

Verification needed: Same as above, but you must get a minimum of 50 assurance points by meeting with at least two or more assurers from the CAcert Web of Trust, who verify your identity using your government issued photo identity documents.

Code signing certificates

Benefits: Digitally sign code, web applets, installers, etc. including your name and location in the certificates.

AP: 100

EP: >=0

Yes

Limitations: Certificates expire in 12 months. Certificates must include your full name.

Verification needed: 100 assurance points + 0 or more experience points by meeting with multiple assurers from the CAcert Web of Trust, who verify your identity using your government issued photo identity documents, become an assurer, CATS passed

Server certificates (un-assured), and no APs

Benefits: Enable encrypted data transfer for users accessing your web, email, or other SSL enabled service on your server; wildcard certificates and Subject Alternative Names (SAN) are NOT allowed.

AP: 0

EP: 0

./.

Limitations: 1. Certificates expire in 6 months; only the domain name itself can be entered into the certificates (not your full name, company name, location, etc.). 2. Certificates can be signed only with CAcert Class 1 Root.

Verification needed: You must confirm that you are the owner (or authorized administrator) of the domain by responding to a 'ping' email sent to either the email address listed in the whois record, or one of the RFC-mandatory addresses (hostmaster/postmaster/etc).

Server certificates (un-assured)

Benefits: Enable encrypted data transfer for users accessing your web, email, or other SSL enabled service on your server; wildcard certificates and SAN are NOT allowed.

AP: 1-49

EP: 0

./.

Limitations: Certificates expire in 6 months; only the domain name itself can be entered into the certificates (not your full name, company name, location, etc.).

Verification needed: You must confirm that you are the owner (or authorized administrator) of the domain by responding to a 'ping' email sent to either the email address listed in the whois record, or one of the RFC-mandatory addresses (hostmaster/postmaster/etc), plus you must get 1-49 assurance points by meeting with one or more assurers from the CAcert Web of Trust, who verify your identity using your government issued photo identity documents.

Server certificates (assured)

Benefits: Same as above; wildcard certificates and SAN are allowed.

AP: 50-100

EP: >=0

./.

Limitations: Same as above, except certificates expire in 24 months. (**)

Verification needed: Same as above, but get at least 50 assurance points by meeting with assurer(s) from the CAcert Web of Trust, who verify your identity using your government issued photo identity documents.

Become an assurer in CAcert Web of Trust

Benefits: The ability to assure other new CAcert users; contribute to the strengthening and broadening of the CAcert Web of Trust.

AP: 100

EP: >=0

Yes

Limitations: The number of experience points (EP) you have will limit the maximum assurance points you can issue for people you assure.

Verification needed: You will need to be issued 100 assurance points by meeting with existing assurers from the CAcert Web of Trust, who verify your identity using your government issued photo identity documents. Passing CATS

Become an
Experienced assurer
in CAcert Web of Trust

Benefits: The ability to issue the maximum of assurance points -> 35 AP

AP: 100

EP: 50

Yes

Limitations: maximum assurance points you can issue limited by AP.

Verification needed: You will need to be issued 50 experience points, passed CATS

Become a
Senior assurer
in CAcert Web of Trust

Benefits: The ability to train new CAcert assurers; contribute to the TTP and Co-Audit programs for strenghening and broadening the CAcert Web of Trust.

AP: 100

EP: 50

Yes

Limitations: maximum assurance points you can issue limited by AP.

Verification needed: You will need to be issued 50 experience points, has been co-audited, attended an ATE, knows about CARS, passed CATS

Become a member of the CAcert Association

Benefits: You get a vote in how CAcert (a non-profit association incorporated in Australia) is run; be eligible for positions on the CAcert board.

./.

./.

Limitations: None, the sky is the limit for CAcert.

Verification needed: None; EUR 10 annual membership fee.


FAQ/Privileges (last edited 2016-09-09 10:10:08 by AlesKastner)