Arbitration / Training

The Training Course for Case Managers and Arbitrators

WARNING

obsolete need's work

Training Home / back

Lesson 20 - Arbitration Case - Delete Account Request

Checklist for Arbitrators

On Delete my Account request, Arbitrators have to check several conditions and have to rule on each topic:

In Detail

If user made assurances or created certs, the case needs to be handled different so we have at least 4 options with different solutions

case #

Assurances received Yes/No

Assurances done Yes/No

Certs created Yes/No

1

choice-yes.gif or choice-cancel.gif

choice-cancel.gif

choice-cancel.gif

2

choice-yes.gif or choice-cancel.gif

choice-yes.gif

choice-cancel.gif

3

choice-yes.gif or choice-cancel.gif

choice-cancel.gif

choice-yes.gif

4

choice-yes.gif or choice-cancel.gif

choice-yes.gif

choice-yes.gif

case 1

... with no assurances made and no cert has been created, support can remove the account as long as there are no special conditions met that require an arbitration anyway. In this case support acts similar to an arbitrator.

For details see: Arbitration precedent case a20111128.3, Delete Account: no assurances made, no certs created. Arbitrator: UlrichSchroeter

case 2

case 3

case 4

x1) 2009-12-10 Email address is modified to: a20YYMMDD.x.y@c.o (regexp: /^a[0-9]{8}\.[0-9]\.[0-9]*$/) where a20YYMMDD.x is the arbitration number and y a running number for the deleted account inside the arbitration.

Policies

CPS

Other Sources

Notes

a20090618.3 uses this case as a precedent and gives some clarifications about data retention.

Hijacking Accounts

Hijacking accounts is a workaround to get informations in special cases. It indeed is a dirty workaround, so the support engineer needs explicit authorisation to do so by an Arbitrator, and an Arbitrator should only give this authorisation if the account is due to deletion or deactivation anyway.

See https://wiki.cacert.org/Support/SE/Manual#About_Deleting_and_Deactivating_Accounts on how to hijack an account.

Actions for a Support Engineer (for the ruling)

If an account is to be killed ...

Arbitration / Training

The Training Course for Case Managers and Arbitrators

Training Home / back

Actions for a Support Engineer (for the ruling) Version 3

If an account is to be killed ...

walk through bottom-up

  • Server-Certs handling before Domain handling (server certs relates on domains, so deleting domains, makes existing server certs invisible) (if they'll becomes deleted is in question)
  • Email address is replaced by the extended arbitration case number before Questions-and-Answers page will be opened and user receives an annoying "Your secrets page has been visited, this is a potential attack ..." (or whatever)

Detailed Checklist

In SE console mode

  • set a new password (and forget it later)
  • (optional) Take a snapshot of the account information and print it to PDF
    • including all account informations, certificate informations and so on, and send it to arbitrator (if requested by an arbitrator)

In User mode

  • login to the account to hijack
  • If user has a language you cannot read, take as first step
    • My Details - Default Language
      • set to English and delete all Additional Language Preferences
  • revoke all certificates
    • Server Certificates - View
      • select "View all certificates"
      • revoke Server certificates, even expired
    • Domains - View
      • Delete Domains
    • GPG PGP Keys - View
      • revoke certificates 1

    • Client Certificates - View
      • select "View all certificates"
      • revoke Client certificates, even expired
  • Email Accounts - Add
    • add email address cYYYYMMDD.x.y@cacert.org (mind the correct spelling of the mail address)

      • where c = one char - default: a - can be another char ruled by arbitrator
      • YYYYMMDD is the arbitration case date and x the running number of the arbitration of that date
      • y is a unique increasing number starting at 1
        • if multiple email addresses shall be deleted in one arbitration case, the first account
          • to delete becomes 1, the 2nd -> 2, the 3rd -> 3 and so on

    • verify new email address sent by email to support inbox (the verification mail should
      • be placed automatically in the Delete Account bucket)
    • relogin into user account (with old email address)
    • switch primary email address to cYYYYMMDD.x.y@cacert.org

      • select cYYYYMMDD.x.y@cacert.org and make default

  • delete all email addresses (except the primary email address)
    • Email - View
      • remove email address(es) (except new primary)
        • Select "delete checkbox" on (old) users email address, hit 'delete'
  • Walk through the My Details and Submenues
    • My Alert Settings
      • deselect all checkboxes
    • My Details - Location
      • set to: Denistone East, New South Wales, Australia (2256755)
    • My Details - My Listing
      • set to: I don't want to be listed
      • clear the text field if filled
    • My Details - Default Language
      • set to English and delete all Additional Language Preferences
    • My Details - Edit
      • fill the secret questions and answers with junk
  • Logout

In SE console mode

  • System admin - Find user
    • search for cYYYYMMDD.x.y@cacert.org

  • fill Givenname, Middlename, Lastname and Suffix with the
    • extended arbitration number cYYYYMMDD.x.y
  • set DoB to 1900-01-01
  • reset all flags to '0', most important are those which assign special privileges like:

    • TTP Admin
    • Location Admin
    • Admin
    • Ad Admin
  • all assurances received / given are left untouched if any
  • As the last action lock the account
    • set 'Account Locking:' to 1

In OTRS

  • report the youngest date of the revoked certificates
  • (optional attach the PDF files if requested by the arbitrator)

Notes and Comments

Procedure was applied to a20100531.1 and worked for most part.

According to support the verification mail was not placed in the Delete Account bucket but in the Triage queue. IMHO this should be fixed but does not block usage of the procedure. BernhardFröhlich

Footnotes

  1. a bug prevents revocation of GPG keys see bug #721, first reported 2009-04-21, still unfixed (1)


Previous working versions (depreciated)

Account handling with patch #794 installed

If no assurances made by the account owner and no certs are created (case 1), the account can be deleted after one precedent ruling is made by an arbitrator. All subsequent cases can be handled by this new case#

Proposal Procedure for Arbitrators (WIP)

  1. Send notification to (C) (Arbitration starts)
    • Dear <claimant>,
      
      We've received your "Delete my Account" request dated ####-##-##.
      If this is in error, please respond to this notification within 14 days
      (deadline set to: ####-##-##)
      or please confirm your "Delete my Account" request. Otherwise this
      case will continue automaticly.
      
      I'll take this case as Case Manager <name casemanager> (<email casemanager>).
      The Arbitrator is <name arbitrator> (<email arbitrator>), the case number is <a case number>. 
      
      The status of the case is recorded at [1]. If you notice any missing or wrong information there feel free to provide us your point of view on it.
      
      Like every case this also is opened by some formalities:
      
        1. Please reply to this email and confirm that you accept the
           Arbitration under the CAcert Community Agreement [2] and the
           Dispute Resolution Policy [3].
        2. The governing law will be that of NSW, Australia. It is possible
           to request a change of law, but it is unlikely to be helpful in
           this case.
        3. You each need to notify me if you are seeking legal counsel (a
           lawyer). This is not recommended. Rather, if you feel the need for
           help, I can ask an experienced Assurer to assist you.
      
      Finally, please remember: this forum is about sorting out our common 
      difficulties and improving our ability to secure ourselves. Unlike other 
      forums, I ask you to maintain a positive and helpful spirit at all times!
      
      The proceedings of the Arbitration have to be in English. If you have troubles 
      expressing yourself in English we can try to find a translator for you.
      
      
      --
      CM's or A's  signature
      
      
      [1] http://wiki.cacert.org/Arbitrations/<case number>
      [2] http://www.cacert.org/policy/CAcertCommunityAgreement.php  CAcert Community Agreement
      [3] http://www.cacert.org/policy/DisputeResolutionPolicy.php   Dispute Resolution Policy
  2. Response to initmail ?
    • No: CCA/DRP acceptance doesn't exist -> continue step 3

    • Yes:
      • User refuses the request -> dismiss -> stop.

      • Did user accepts CCA / DRP ?
        • No: CCA/DRP acceptance doesn't exist -> continue step 3

        • Yes: CCA/DRP acceptance exist -> continue step 3

  3. Addtl. check of CCA acceptance state through informations from account and/or informations about account
    • Request to (Support)
      Infos from Account needed Hijacking request (probably intermediate ruling)
      
      Infos for Support
       * Name
       * Primary Email
      
      Requesting infos from Support
       * Additional Email addresses? Yes/No
       * Assurances Received?  List of Assurances incl. assurance date
       * Assurances Given?     List of Assurances incl. assurance date
       * !IsAssurer? Trainings > 0? Yes/No
       * Client Certs exists? Yes/No
        * on Yes: list of issue/expire date(s)
       * Server Certs exists? Yes/No
        * on Yes: list of issue/expire date(s)
       * Domain on Domain list?  Yes/No
       * GPG keys exists? Yes/No
  4. Does CCA/DRP acceptance exist ?
    1. through email response
    2. through account informations
      1. assurances received/given > February 2009 (AP rollout) -> yes, otherwise no

      2. Client certs, Server certs issued after mid 2009 (CCA checkbox within system added) -> yes, otherwise no

    3. No: handle at SE level
      • State in ruling, that there exists no CCA acceptance, order Support account deletion by manual arbitration_a#### procedure
    4. Yes: handle under Arbitration level -> continue step 5

  5. Selection
    • Assurances Given ?
      • No -> case type #1 or #3 (see table 1 on top)

        • continue quick termination step 6
      • Yes -> case type #2 or #4 (see table 1 on top)

        • you are in need to request CAP forms from (C)
        • continue step 7
  6. Quick termination, fast ruling
    • research: open arbitrations or involved in other arbitrations ? (except termination request)
    • Does Client Certs, Domain Certs and Domains exists on account ? -> Certs revocation request

    • Ruling incl. calculated CCA termination date
    • Finished
  7. Account w/ Assurances given
    • is the user currently bound to CCA?
      • Assurances received / given after (mid 2008), 02/2009? (answer from req #1 to Support)
        • No: check if certs created after mid 2009, continue 5.1
        • Yes: bound to CCA fact established
    • req #2 to Support
      • Intermediate Ruling to Support (req #2): hijack account for Certs info
    • Certs created after mid 2009 ?
      • No: bound to CCA fact not established
        • request CCA agreement (hard way) ???
      • Yes: bound to CCA fact established
    • request CAP forms from (C)
      • sealing
    • Other researches and tasks
      • research: open arbitrations or involved in other arbitrations ? (except termination request)
      • Does Client Certs, Domain Certs and Domains exists on account ?
      • Ruling incl. calculated CCA termination date
      • Finished

Procedure graph

DRAFT v1 !!!

CAcert delete account.png


DRAFT v2 !!!

CAcert delete account-v2.png


Why Revocation of Assurance Points is no option ?

Arbitration / Training

The Training Course for Case Managers and Arbitrators

WARNING

obsolete need's work

Training Home / back

"Delete my Account" user is Assurer

  • Assurer has given Assurances
  • Arbitrator has to request for the CAP forms by default
  • Options for the Assurer with "Delete my Account" request
    1. To keep the CAP forms
      • Assurer has to keep the CAP forms (obligation)
        • obligation: to keep the CAP forms, to keep his email in good working order
      • Assurer has to answer on future Arbitrator requests
        • risk: Assurer may find himself subject to Arbitration
        • liability: potential risk on liabilities continues, eg by not answering on future arbitrators request
    2. To send-in the CAP forms
      • Assurer transfers CAP forms to an Arbitrator, back to CAcert
        • obligation (to keep the CAP forms for 7 years): ends with transfer to an Arbitrator
        • to keep his email in good working order probably is less a problem, as contacting the assurer is only need for a liability issue
      • requests by future Arbitrators goes to the Arbitrator in the "Delete my Account" case
        • risk: reduced risk by the Assurer to may find himself subject to Arbitration
        • liability: potential risk on liabilities decreases, eg Arbitrator has to answer on future arbitrators requests regarding given assurances by former Assurer
    3. Revoke Assurances ???
      • Account removals goes thru Arbitration to protect the WoT
      • Arbitration is about to protect the Assurances framework
      • This needs to be brought in compliance with Assurers wish to leave the community

Why Revocation of Assurance Points is no option ?

  • Assurer who wants his account deleted has following list of Assurances Given
    • Date

      Who

      E-Mail

      Points

      Location

      Method

      Revoke

      21.02.2008

      User A

      user.a@email

      0

      somewhere X

      Face to Face Meeting

      Revoke

      20.01.2009

      User B

      user.b@email

      35

      somewhere Y

      Face to Face Meeting

      Revoke

  • Scenario 1: To revoke Assurances of Assurer with "Delete my Account" request. Following an Assuree's account (User A) with 5 Assurances received. Line 4 is the Assurer with the "Delete my Account" request.
    • line

      1. pts issued

      2. transfered pts

      3. action 1

      4. pts after revocation

      5. actions to take

      6. re-issue pts

      7. result

      1

      35

      35

      35

      35

      2

      35

      35

      35

      35

      3

      35

      30

      30

      30

      4

      20

      0

      revoke

      => results in

      0

      0

      0

      5

      30

      0

      0

      0

      0

      total

      100

      100

      100

      • nothing to do, so therefor no problem

  • Scenario 2: To revoke Assurances of Assurer with "Delete my Account" request. Following an Assuree's account (User B ) with 5 Assurances received. Line 2 is the Assurer with the "Delete my Account" request.
    • line

      1. pts issued

      2. transfered pts

      3. action 1

      4. pts after revocation

      5. actions to take

      6. re-issue pts

      7. result

      1

      35

      35

      35

      35

      2

      35

      35

      revoke

      => results in

      0

      0

      3

      35

      30

      30

      30

      4

      20

      0

      0

      (A) contact assurer
      (S) revoke assurance
      (AS4) reapply assurance

      20

      20

      5

      30

      0

      0

      (A) contact assurer
      (S) revoke assurance
      (AS5) reapply assurance

      30

      15

      total

      100

      65

      100

      1. Assurers issued # of points onto Assurees account (line 1-5)
      2. Transfered points: eg. line 4: you've issued 20 pts, rounded down to 0
      3. revoke assurance of Assurer who requested "delete my account" (line 2)
      4. result of pts on assurees account after assurer (who requested "delete my account") pts revocation (line 2)
      5. arbitrator has to order several actions for account pts corrections (line 4 + 5)
      6. re-applying assurances to correct the assurees account pts count by Assurer #4 and #5 (line 4 + 5)
      7. pts count after re-applying assurances by old assurers after corrections (line 1-5)
      8. several corrections needs to be done in Arbitration process, to protect the Assurees account

Discovery

  • Request Assurances Given from Support
  • Count Assurances Given Total
  • Count Assurances Given with Points GT 0
  • Each Assurees Account needs to be reviewed


back



next