## 20160909 AK
----
[[FAQ/Privileges/CZ|česky]] | [[FAQ/Privileges/DE|deutsch]] | '''english''' | [[FAQ/Privileges/FR|français]]
----
. To '''[[FAQ/AssuranceDetails|FAQ Assurance Details]]''' |
= More Points, More Privileges =
== Information ==
For details see the article and policy: [[CPS|Certification Practice Statement]] (CPS)
----
. '''What can CAcert provide to you, to increase your privacy and security for free?'''
|| '''Level''' || '''Description''' ||<11%> '''Points<
>AP/EP''' || '''CATS passed''' ||
||<|3> '''Client certificates (un-assured), and no APs''' || '''''Benefits:''''' You can send digitally signed/encrypted emails; others can send encrypted emails to you. ||<|3> AP: 0<
><
>EP: 0 ||<|3> ./. ||
|| '''''Limitations:''''' 1. Certificates expire in 6 months. Only the email address itself can be entered into the certificate (not your full name). 2. Certificates can be signed only with CAcert Class 1 Root. ||
|| '''''Verification needed:''''' You must confirm it is your email address by responding to a 'ping' email sent to it. ||
||<|3> '''Client certificates (un-assured)''' || '''''Benefits:''''' You can send digitally signed/encrypted emails; others can send encrypted emails to you. ||<|3> AP: 1-49<
><
>EP: 0 ||<|3> ./. ||
|| '''''Limitations:''''' Certificates expire in 6 months. Only the email address itself can be entered into the certificate (not your full name). ||
|| '''''Verification needed:''''' You must confirm it is your email address by responding to a 'ping' email sent to it, plus you must get 1-49 assurance points (AP) by meeting with one or more assurers from the CAcert Web of Trust, who verify your identity using your government issued photo identity documents. ||
||<|3> '''Client certificates (assured)''' || '''''Benefits:''''' Same as above plus you can include your full name in the certificates. ||<|3> AP: 50-100<
><
>EP: 0 ||<|3> ./. ||
|| '''''Limitations:''''' Certificates expire in 24 months. (**) ||
|| '''''Verification needed:''''' Same as above, but you must get a minimum of 50 assurance points by meeting with at least two or more assurers from the CAcert Web of Trust, who verify your identity using your government issued photo identity documents. ||
||<|3> '''Code signing certificates''' || '''''Benefits:''''' Digitally sign code, web applets, installers, etc. including your name and location in the certificates. ||<|3> AP: 100<
><
>EP: >=0 ||<|3> Yes ||
|| '''''Limitations:''''' Certificates expire in 12 months. Certificates must include your full name. ||
|| '''''Verification needed:''''' 100 assurance points + 0 or more experience points by meeting with multiple assurers from the CAcert Web of Trust, who verify your identity using your government issued photo identity documents, become an assurer, CATS passed ||
||<|3> '''Server certificates (un-assured), and no APs''' || '''''Benefits:''''' Enable encrypted data transfer for users accessing your web, email, or other SSL enabled service on your server; wildcard certificates and Subject Alternative Names (SAN) are NOT allowed. ||<|3> AP: 0<
><
>EP: 0 ||<|3> ./. ||
|| '''''Limitations:''''' 1. Certificates expire in 6 months; only the domain name itself can be entered into the certificates (not your full name, company name, location, etc.). 2. Certificates can be signed only with CAcert Class 1 Root. ||
|| '''''Verification needed:''''' You must confirm that you are the owner (or authorized administrator) of the domain by responding to a 'ping' email sent to either the email address listed in the whois record, or one of the RFC-mandatory addresses (hostmaster/postmaster/etc). ||
||<|3> '''Server certificates (un-assured)''' || '''''Benefits:''''' Enable encrypted data transfer for users accessing your web, email, or other SSL enabled service on your server; wildcard certificates and SAN are NOT allowed. ||<|3> AP: 1-49<
><
>EP: 0 ||<|3> ./. ||
|| '''''Limitations:''''' Certificates expire in 6 months; only the domain name itself can be entered into the certificates (not your full name, company name, location, etc.). ||
|| '''''Verification needed:''''' You must confirm that you are the owner (or authorized administrator) of the domain by responding to a 'ping' email sent to either the email address listed in the whois record, or one of the RFC-mandatory addresses (hostmaster/postmaster/etc), plus you must get 1-49 assurance points by meeting with one or more assurers from the CAcert Web of Trust, who verify your identity using your government issued photo identity documents. ||
||<|3> '''Server certificates (assured)''' || '''''Benefits:''''' Same as above; wildcard certificates and SAN are allowed. ||<|3> AP: 50-100<
><
>EP: >=0 ||<|3> ./. ||
|| '''''Limitations:''''' Same as above, except certificates expire in 24 months. (**) ||
|| '''''Verification needed:''''' Same as above, but get at least 50 assurance points by meeting with assurer(s) from the CAcert Web of Trust, who verify your identity using your government issued photo identity documents. ||
||<|3> '''Become an assurer in CAcert Web of Trust''' || '''''Benefits:''''' The ability to assure other new CAcert users; contribute to the strengthening and broadening of the CAcert Web of Trust. ||<|3> AP: 100<
><
>EP: >=0 ||<|3> Yes ||
|| '''''Limitations:''''' The number of experience points (EP) you have will limit the maximum assurance points you can issue for people you assure. ||
|| '''''Verification needed:''''' You will need to be issued 100 assurance points by meeting with existing assurers from the CAcert Web of Trust, who verify your identity using your government issued photo identity documents. Passing CATS ||
||<|3> '''Become an<
>Experienced assurer<
>in CAcert Web of Trust''' || '''''Benefits:''''' The ability to issue the maximum of assurance points -> 35 AP ||<|3> AP: 100<
><
>EP: 50 ||<|3> Yes ||
|| '''''Limitations:''''' maximum assurance points you can issue limited by AP. ||
|| '''''Verification needed:''''' You will need to be issued 50 experience points, passed CATS ||
||<|3> '''Become a<
>Senior assurer<
>in CAcert Web of Trust''' || '''''Benefits:''''' The ability to train new CAcert assurers; contribute to the TTP and Co-Audit programs for strenghening and broadening the CAcert Web of Trust. ||<|3> AP: 100<
><
>EP: 50 ||<|3> Yes ||
|| '''''Limitations:''''' maximum assurance points you can issue limited by AP. ||
|| '''''Verification needed:''''' You will need to be issued 50 experience points, has been co-audited, attended an ATE, knows about CARS, passed CATS ||
||<|3> '''Become a member of the CAcert Association''' || '''''Benefits:''''' You get a vote in how CAcert (a non-profit association incorporated in Australia) is run; be eligible for positions on the CAcert board. ||<|3> ./. ||<|3> ./. ||
|| '''''Limitations:''''' None, the sky is the limit for CAcert. ||
|| '''''Verification needed:''''' None; EUR 10 annual membership fee. ||
. (*) Please note a general limitation is that, unlike long-time players like Verisign, CAcert's root certificate is not included by default in mainstream browsers, email clients, etc. This means people to whom you send encrypted email, or users who visit your SSL-enabled web server, will first have to import CAcert's root certificate, or they will have to agree to pop-up security warnings (which may look a little scary to non-techy users).
. (**) Certificates issued under the Organisation Assurance program are valid for 12 months
----
. CategoryAssurance
. [[CategoryFAQ]]