  * Case Number: a20120626.1
  * Status: running
  * Claimants: CAcert
  * Respondents: Critical Team
  * Initial Case Manager: AlexRobertson
  * Case Manager: name case manager
  * Arbitrator: PhilippDunkel
  * Date of arbitration start: 2012-08-10
  * Date of ruling: 201Y-MM-DD
  * Case closed: 201Y-MM-DD
  * Complaint: Possible compromise of critical secrets
  * Relief: TBD

Before: Arbitrator name arbitor (A), Respondent: Critical Team (R), Claimant: CAcert (C), Case: a20120626.1

== History Log ==
 . 2012-06-26 (issue.c.o) case [[https://issue.cacert.org/otrs/index.pl?Action=AgentTicketZoom&TicketID=150805&ArticleID=183613|s20120626.310]]
 . 2012-26-28 (iCM): added to wiki, request for CM / A
 . 2012-26-28 (iCM): UlrichSchroeter to arbitration list
 . 2012-26-28 (iCM): discussion on cacert-board list
 . 2012-08-10 (A): PhilippDunkel initialized the case

== Original Dispute, Discovery (Private Part) (optional) ==

 * '''Link to Arbitration case [[Arbitrations/priv/a20120626.1|a20120626.1 (Private Part)]], Access for (CM) + (A) only)''' 

<<Include(Arbitrations/priv/a20120626.1)>>  

==== EOT Private Part ====

== Discovery ==

 . (iCM) 2012-06-26 - UlrichSchroeter to [[https://lists.cacert.org/wws/arc/cacert-arbitration/2012-06/msg00011.html|cacert-arbitration list]]
  {{{
I'll merge this ticket under the running case a20120622.1
if nobody objects

-- 
mit freundlichen Gruessen / best regards
Ulrich Schroeter - CAcert Assurance Team Leader, CAcert Case Manager,
CAcert Arbitrator
}}}
 . (iCM) 2012-06-28 - As the initial concern was raised in the cacert-board mailing list, there has been some discussion about the issue - this is documented in the list archive [[https://lists.cacert.org/wws/arc/cacert-board/2012-06/msg00041.html|here]] - this thread includes three objections (Wytz R, Mendel M and Mario L) to merging the ticket. Given that there have been objections, I have opened this as a separate case.

{{{
From: Philipp Dunkel <p.dunkel@cacert.org>
Subject: Arbitration a20120626.1 - Possible compromise of critical secrets
Date: Fri, 10 Aug 2012 19:58:47 +0200
To: wytze@cacert.org, mendel@cacert.org

Dear Wytze, dear Mendel,

I have just taken on this case. As a preliminary I have to ask you accept this arbitration though I assume this due to your roles. Never the less, if you could confirm this I would be grateful.

At this preliminary state I wish to thank you for your quick actions to contain the situation including filing an Arbitration as quickly as possible. Your description of your immediate actions are comprehensive, however some questions remain:

Has any effort been made to determine if any people with access to the server room and a key to the CAcert have been in the server room during the time in question (video log / building access log / or the like)?

Have all the password reset procedures been completed?

Thanks and kind regards,
Philipp Dunkel
(Arbitrator)
}}}

{{{
Date: Sat, 11 Aug 2012 16:47:45 +0200
From: Wytze van der Raay <wytze@cacert.org>
To: Philipp Dunkel <p.dunkel@cacert.org>
CC: mendel@cacert.org
Subject: Re: Arbitration a20120626.1 - Possible compromise of critical secrets

Hi Philipp,

Op 10-8-2012 19:58, Philipp Dunkel schreef:
> I have just taken on this case. As a preliminary I have to ask you
> accept this arbitration though I assume this due to your roles. Never
> the less, if you could confirm this I would be grateful.

I am accepting this arbitration.

> At this preliminary state I wish to thank you for your quick actions
> to contain the situation including filing an Arbitration as quickly
> as possible. Your description of your immediate actions are
> comprehensive, however some questions remain:
>
> Has any effort been made to determine if any people with access to
> the server room and a key to the CAcert have been in the server room
> during the time in question (video log / building access log / or the
> like)?

Yes, an effort has been made. Unfortunately, we still don't have
any results :-(. The process turns out to be rather involved:
* our initial request for data from BIT has been refused because
 Mendel and I are not on the list of contact persons for the
 Oophaga-BIT contract;
* a second try to get the information via Bas van den Dikkenberg
 (Oophaga Access Engineer) has been stalled since he (nor any other
 Oophaga Access Engineer) is also not on the list mentioned by BIT;
* Bas has referred the request to Robert Kochheim (chairman of
 Oophaga), who IS on said list, but he was on vacation at that time.

Current status is unclear, I will ping Bas and Robert again about it,
but it's mainly their responsibility to come up with an answer to our
clearly formulated request(s).

> Have all the password reset procedures been completed?

The password/encryption key resets as mentioned in my cacert-systemlog
message of June 26, 2012 have been completed, with exception of the
items listed under "Still to be done"; i.e. the encryption keys for
the backup disks still need to be changed. They are kept in two vaults
at Oophaga and will be changed whenever we require a backup disk to be
brought back on-site.

Regards,
-- wytze
}}}
== Ruling ==

== Execution ==

== Similiar Cases ==

----
 . CategoryArbitration
 . CategoryArbCaseOthers