Arbitration / Training

The Training Course for Case Managers and Arbitrators

Actions for a Support Engineer (for the ruling) Version 3

If an account is to be killed ...

walk through bottom-up

Server-Certs handling before Domain handling (server certs relates on domains, so deleting domains, makes existing server certs invisible) (if they'll becomes deleted is in question)

Email address is replaced by the extended arbitration case number before Questions-and-Answers page will be opened and user receives an annoying "Your secrets page has been visited, this is a potential attack ..." (or whatever)

In detail:

 * == SE console mode ==
  * set a new password (and forget it later)
  * (optional) Take a snapshot of the account information and print it to PDF
    including all account informations, certificate informations and so on, and send it to
    arbitrator (if requested by an arbitrator)


 * == User mode ==
  * login to the account to hijack
  * revoke all certificates
   * Server Certificates - View
    * revoke Server certificates
   * Domains - View
    * Delete Domains
   * GPG PGP Keys - View
    * revoke certificates  x1)
   * Client Certificates - View
    * revoke Client certificates

  * Email Accounts - Add
   * add email address cYYYYMMDD.x.y@cacert.org (mind the correct spelling of the mail address)
    * where c = one char - default: a - can be another char ruled by arbitrator
    * YYYYMMDD is the arbitration case date and x the running number of the arbitration of that date
    * y is a unique increasing number starting at 1
     * if multiple email addresses shall be deleted in one arbitration case, the first account
       to delete becomes 1, the 2nd -> 2, the 3rd -> 3 and so on
   * verify new email address sent by email to support inbox (the verification mail should
     be placed automatically in the Delete Account bucket)
   * relogin into user account (with old email address)
   * switch to primary email address cYYYYMMDD.x.y@cacert.org
    * select cYYYYMMDD.x.y@cacert.org and make default

  * delete all email addresses (except the primary email address) 
   * Email - View
    * remove email address(es) (except new primary)
     * Select "delete checkbox" on (old) users email address, hit 'delete'

  * Walk through the My Details and Submenues
   * My Alert Settings
    * deselect all checkboxes
   * My Details - Location
    * set to: Denistone East, New South Wales, Australia (2256755)
   * My Details - My Listing
    * set to: I don't want to be listed
    * clear the text field if filled
   * My Details - Default Language
    * set to English and delete all Additional Language Preferences
   * My Details - Edit
    * fill the secret questions & answers with junk

  * Logout

 * == SE console mode ==
  * System admin - Find user
   * search for cYYYYMMDD.x.y@cacert.org
  * fill Givenname, Middlename, Lastname and Suffix with the 
     extended arbitration number cYYYYMMDD.x.y
  * set DoB to 1900-01-01 or 1970-01-01 
  * reset _all_ flags to '0'
  * all assurances received / given are left untouched if any
  * As the last action lock the account
   * set 'Account Locking:' to 1
  * (or delete account button)

 * == OTRS ==
  * report the youngest date of the revoked certificates
  * (optional attach the PDF files if requested by the arbitrator)

Procedure was applied to a20100531.1 and worked for most part.

According to support the verification mail was not placed in the Delete Account bucket but in the Triage queue. IMHO this should be fixed but does not block usage of the procedure. BernhardFröhlich

x¹) a bug prevents revocation of GPG keys see bug #721, first reported 2009-04-21, still unfixed

CategoryArbitrationsTraining

Arbitrations/Training/Lesson20/DeleteAccountProcSEv3 (last edited 2012-01-24 05:32:26 by UlrichSchroeter)