1.2 Document name and identification 
Updated accordingly.


1.3.2 Registration authorities
The following text is added:
"The RA must communicate with the CA with secure methods such 
as signed emails and SSL protected private web pages that are 
bi-directionally authenticated."


3.1.5 Uniqueness of names 
Fixed typo: "re-key" (with hyphen) is the correct spelling 
for this CP/CPS.


3.2.3 Authentication of individual entity 

  3.2.3.1 Fixed nitpick: organiZation with "z" not "s" 
    
  3.2.3.2.3 
    The text:
    
    "The administrator must provide a proof of his/her relation 
    to the host itself. It can be achieved by putting his/her 
    first name, last name, telephone number and e-mail to a 
    default webpage of a website identified with the FQDN of 
    that host. The website can be removed right after the 
    proof is collected by the RA."
    
    is replaced with:
    
    "The RA must ensure that the administrator is the 
    responsible administrator for the host." 
    

3.2.4 Non-verified subscriber information
Changed to "No stipulation".


4.1.1 Who can submit a certificate application
The text "at least 12 characters long" is added:

"The applicant must:
   ...
   4. use a strong passphrase at least 12 characters long."


5.5.2 Retention Period for Archive 
The text: "Minimum retention period is three years." 

is replaced with 2 paragraphs below:

"Personal information used to obtain a personal certificate with
a given DN shall be kept for as long as the subscriber has a valid
certificate with this DN, including renewals or re-keys of the
certificate, and for at least three years beyond the expiry or
revocation of the latest certificate held by the subscriber.

Data used to obtain a host or service certificate shall be kept
for as long as the subscriber is responsible administrator for the
resource for which the certificate was obtained, and for at least
three years beyond the expiry or revocation of the latest certificate
held by the subscriber, or beyond the administrator rights being
passed on to someone else."


6.2.3 Private key escrow
"No stipulation." is replaced with "Private keys must not be escrowed." 


8.1 Frequency or circumstances of assessment 
Fixed language nitpick: "allow an audit" -> "allow audits".


9.4 Privacy of personal information 
Fixed typo (one extra number sign removed).


9.4.4 Responsibility to protect private information
The text "and the process of ensuring that DNs are only allocated 
to the original owner" is added and now the section says:

"The BYGCA has the responsibility to protect the private information 
defined in section 9.4.2. The photocopies of ID documents will be 
kept private in a safe by the BYGCA and will be only used while the 
audit process and the process of ensuring that DNs are only allocated 
to the original owner. The data from the photocopied documents will 
not be processed for any other purposes."


9.6.3 Subscriber representations and warranties
The text "at least 12 characters long" is added:

"In requesting a certificate, subscribers agree to:
   ...
   - use a strong passphrase at least 12 characters long to
   protect private key of user certificate;
   ..."