Summary
=============================================================================

There is no well defined policy at this time. The root CA is used only to
issue certificates to intermediate authorities. There are three intermediate
authorities available for signing:

Class 3 - Certificates issued to individual persons. Key usage is restricted
	to Non-Repudiation, Digital Signatures, and Key Enchipherment.
	Extended usage is restricted to Client Authentication and Email
	protection. Certificates are issued for a period of 3673 days.

Class 2 - Certificates issued to hostnames. Key usage is restricted to Digital
	Signatures, and Key Encipherment. Extended usage is restricted to
	Server Authentication. Certificates are issued for a period of 3673
	days.

Class 1 - Reserved for Extended Verification certificates. Unused.