Claimaints has agreed to arbitration under CCA (2009-08-11).

C: I had a request from Wytze van der Raay for emergency access to the rack, because the singing server is down. According to the policy we need to contact an arbitrator after the incident and start an arbitration to decide if the access was justified.

A: As the CM indicated that he has has to reduce his time budget spent for CAcert for private reasons I'm acting on behalf of him.

A: Bas van Dikkenberg requested to extend the arbitration by private mail on 2009-08-11 to the CM to get a ruling on

1. Was emergency access justified?
2. What was the cause of Outage / didn't any changes have been cause of the outages?
3. Have updates correctly been processed dual control etc etc.?
4. Where all procedures followed correct?
5. Did I do something wrong as access engineer?


Ruling:

1. Was emergency access justified?

There have been several reports of a malfunction of the signer already, when Wytze asked for emergency access to the system. Given the history of the hardware it was expected that the system had rebooted and is waiting for a password to decrypt it's file system.

During the analysis of the signing server it was also discovered that another CAcert service was suffering. CAcert was distributing emtpy certificate revocation lists.

Reestablishing two of CAcert's core services clearly justifies access to both systems according to Security Policy 2.3.4.

2. What was the cause of Outage / didn't any changes have been cause of the outages?

Wytze have published an analysis what have led to the outages here: https://lists.cacert.org/wws/arc/cacert-systemlog/2009-08/msg00010.html<<BR>> Phillip Gühring independantly confirmed that the analysis of Wytze was the root cause of the problems: https://lists.cacert.org/wws/arc/cacert-systemlog/2009-08/msg00026.html

There is no doubt what caused the dysfunction of signing and CRL service.

3. Have updates correctly been processed dual control etc etc.?

Dual control of the actions performed has been performed by Wytze as critical systems engineer and Bas as access engineer. Wytze have published all his actions here: https://lists.cacert.org/wws/arc/cacert-systemlog/2009-08/msg00006.html and Bas confirmed them publically here: https://lists.cacert.org/wws/arc/cacert-systemlog/2009-08/msg00007.html

According to the Security Manual 2.3.2 updates to the signer may require the presence of two critical system administrators. All actions applied to the signer where rather simple adminsitrative tasks (time setting) and only touched public data (deleting CRLS). Therefore dual control beeing established by an access engineer and a critical system engineer was sufficient, there has been no need to interrup and call a second critical system enigeer.

All changes made to the WebDB server have been in compliance with the Security Manual.

4. Where all procedures followed correct?

All actions that have been performed on 2009-08-10 by Bas and Wytze have been in full compliance with the CAcert procedures.

5. Did I do something wrong as access engineer?

As said before in the detailed questions all actions performed has been accorance with policies and procedures and have been in the best interests of the CAcert community.

Before: Arbitrator Andreas Baess (A). Respondent: CAcert (R) Christopher Hoth (CM) Claimant: name claimer (C) Case: a20090810.4


Arbitrations/a20090810.4 (last edited 2009-12-09 04:52:03 by UlrichSchroeter)