Francois Sauterey is assurer (at least) twice and he has (at least) one other account with points, and he has assured his alter-egos.


Log:

One of the principles of the CAcert assurance is the fact that new members will need to be assured by multiple assurers: no single individual should be able to give more than 35 points. Since C claims that R has three accounts, with two of them having assurer status, it could create a situation where one individual can give more than 35 points to a member. There has been no response from any of the three email addresses so far claiming that these addresses are linked to different persons. I therefore have to respond to the original claim.

Intermediate Ruling

I therefore rule that until the final ruling:

  1. The first account shall remain fully functional
  2. The second and third account must be frozen:
    1. No assurances are allowed involving the second and third account.
    2. No new certificates may be issued for second and third account.
    3. Existing certificates for second and third account can still be used and do not have to be revoked



Log:

Second intermediate Ruling

I therefore rule that until the final ruling:

  1. CAcert support will check which of the members assured by R is an assurer and report back to A
  2. CAcert support will freeze the accounts that were assured on 20090514
    1. No assurances are allowed by these accounts.
    2. No new certificates may be issued by these accounts.
    3. Existing certificates of these accounts can still be used and do not have to be revoked



Log:

Ruling

The original dispute has led to further investigations. The case now includes the following issues:

  1. Respondent has multiple accounts
  2. 2 of Respondents accounts have assurer status
  3. Respondent assured 2 of his other accounts, giving in total more than 50 points to these accounts
  4. Respondent has assured accounts of other persons with both of his accounts, most of these were done after Respondent met Claimant (about 55 persons, one of them now has 100 points)
  5. Respondent assured with his first assurer account his second account, resulting in that account reaching 100 points, and becoming an assurer account.
  6. Respondent assured an organisation, Centre Ressource RĂ©seau Associatif et Syndical


Respondent's feedback so far is:

  1. yes, I have them, but I was trying to get it back into one, my first account was not a personal email address but a group email address (Respondent has provided a link to the CAcert support list to show a question)
  2. yes, but see 4)
  3. Yes, but as training for a real assurance
  4. yes, but this was as part of a training at the university where I work, where I assured my students both as an introduction to CAcert, and to provide them with named certs
  5. yes, but I was just trying to move the points to the new account
  6. yes, but I was looking for a way to have more persons control the account


So basically Respondent confirms the issues. One issue here was that Respondent does not speak English very well.
To limit the impact I had two intermediate rulings:

  1. Freeze all accounts of Respondent, except for the original
  2. Find all persons that were assured twice or more by Respondent and freeze those accounts


The ruling is per issue, summarized below

Ruling on multiple accounts

Respondent has multiple accounts.
A CAcert community member has a CAcert login account (see the assurance policy: http://www.cacert.org/policy/AssurancePolicy.php )
Such an account is the link between the Member (person) and the CAcert system, and information regarding the member (like name, DoB, assurance status) is linked to that account. Although there is no rule that forbids having two or more accounts, it is not recommended, since it can cause problems.
Ruling: It is not forbidden to have multiple accounts

Ruling on multiple accounts with assurer status

2 of Respondents accounts have assurer status
There is no rule that forbids a CAcert Member to have two accounts with assurer status. However, a Member with assurer status assures, and uses a CAcert account to register the assurance. Since an Assurer can only assure another member (a person) only once, it is forbidden for an assurer to assure a single person and register that assurance with more than one account. An assurer can only give the number of points linked to the account that is used to assure someone. Therefore, since having multiple assurer accounts is not required, it is strongly advised not to allow them.
Ruling: It is not forbidden to have multiple assurer accounts
Ruling: To avoid issues like this one, CAcert shall review if having multiple assurer accounts is acceptable

Ruling on assuring your own accounts

Respondent assured 2 of his other accounts, giving in total more than 50 points to these accounts
Ruling: An assurer cannot meet himself/herself. Therefore all assurances by Respondent of accounts of the Respondent are invalid and must be revoked

Ruling on assuring other accounts twice

Respondent has assured accounts of other persons with both of his accounts, most of these were done after Respondent met Claimant (about 55 persons, one of them now has 100 points)
Ruling: An assurer can only assure a CAcert member once, with a single account, not with multiple accounts. Assurances of a member by using a second, third, or even more accounts are invalid and corresponding assurance points must be revoked.
Therefore, in all cases where Respondent used more than one account to assure another CAcert member, the second (and further) assurances of a single member must be revoked.
Ruling: All CAcert members that were assured more than once by Respondent must be informed that the illegal assurances and corresponding points will be revoked.
Ruling: In case these revocations will result in having less than 50 points (can request named certificates) the CAcert member will have a grace period of two months to get assured by others before actually loosing these named certificates. If after the period of two months the member does not have at least 50 points his/her named certificates will be revoked.
Ruling: In case a CAcert member had 100 assurance points and is assurer, and assurance points will be revoked because he/she was assured twice by Respondent, he/she will have a grace period of two months before actually loosing assurance status. During these two months the member is not allowed to make further assurances until he/she acquired enough assurance points to reach the 100 point level.

Ruling on assuring your own account

Respondent assured with his first assurer account his second account, resulting in that account reaching 100 points, and becoming an assurer account.
Ruling: It is impossible to meet yourself face-to-face, therefore the assurance of the second assurer account of Respondent is illegal. As a result the corresponding assurance points will be revoked and the second account will loose assurance status. Respondent will receive a grace period of two months to get his second account assured up to a point where he has 100 assurance points.
Ruling: If after the grace period of two months Respondent has not acquired 100 assurance points for his second assurer account, the second account will permanently loose assurer status, and all users assured with this second assurer account will loose the issued points with a grace period of two months.
Ruling: There will be no further revocation beyond that point (second degree and beyond, meaning persons assured by an assurer assured by Respondent's second account) to stop the ripple turning into a tsunami.

Ruling on assuring an organisation as if it was a person

Respondent assured an organisation, as if it was a person
Ruling: Respondent cannot meet an organisation in person or check Id's of an organisation . Therefore the assurance is illegal, and must be revoked, all issued certificates must be revoked, and the account must be deleted.

Generic Rulings

Ruling: The use of two or more accounts of the assurer to assure a single person is a clear violation of the rules. Respondent will loose assurer status on all accounts if this happens again in the future.
Ruling: All "frozen" accounts can be "unfrozen" after the required revocations are performed

Background

Underlying issue: when a CAcert member has multiple assurer accounts, he/she can bypass the controls that limit the maximum number of points that a normal assurer can give to 35. This control is in place to make sure


Relevant text in the Assurance Policy:

Execution


Arbitrations/a20090510.3 (last edited 2013-07-24 15:40:49 by UlrichSchroeter)