After a recent policy group decision p20091106, Philipp moved the DRAFT CPS onto the policy page on the main website, and also got rid of the old document that was at cacert.org/ policy .php with a redirect.
We started writing the CPS or Certification Practice Statement way back in early 2006. It was the first document to be considered, and the last to get to DRAFT state. This is in part because stuff was thrown out of it into other more appropriate documents: Organisation Assurance Policy, Dispute Resolution Policy, Policy on Policy, Assurance Policy and Security Policy all took their roots from this area, and for a while, we concentrated on those. CPS became the one that couldn’t be finished until the others were stable.
Curiously, there was already a fairly good effort at a CPS in place, written by Christian Barmala. This was a pretty good effort really, and it formed the starting point. There were two problems with the old document, which were that CAcert didn’t own or (totally) control it, and it had never faced audit scrutiny. So the decision was made pretty early on to rewrite it, and looking back, that was the right one.
Today’s move marks the removal of that old document. But our thanks go to Christian for giving us a starting point, to study and build on. Major influences on this new CPS include Philipp Güring, Jens Paul, Philipp Dunkel, Teus Hagen, Daniel Black in time order. And of course, myself, as eternal critic.
If you’re wondering, what next? then hop on over to the policy group and lend a hand. They’ve got a lot to do: CCS, finish the CPS and SP, PoJAM, TTP, Remote/Desert, Tverify, Code-Signing. Recently, the policy group just made it easier to get IDNs (a change that made it into the CPS).
And, if you’re wondering why it took 3.5 long years to get the CPS to where it is, you’re asking the wrong question. To paraphrase a recent post;
“ask not when your policy is written and ready for you,