- Case Number: a20121127.1
- Status: Closed
Claimants: MichaelTänzer
- Respondents: CAcert
Case Manager: MartinGummi
Arbitrator: UlrichSchroeter
- Date of arbitration start: 2012-11-27
- Date of ruling: 2012-11-28
- Case closed: 2012-11-28
- Complaint: TTPadmin bug verification
- Relief: confirmation that TTP-assisted-assurance results in TTP-Assurance flagged assurance method
Before: UlrichSchroeter (A), Respondent: CAcert (R), Claimant: MichaelTänzer (C), Case: a20121127.1
History Log
2012-11-27 (CM): MartinGummi will be Case Manager.
2012-11-27 (CM): UlrichSchroeter will be Arbitrator.
- 2012-11-27 (A): It is presumed that all involved parties accepts CCA/DRP, by role under SP
2012-11-27 (A): Intermediate Ruling #1, sent to (C), MarcusMängel (AS1), BennyBaumann (AS2), (Support), (CM)
- 2012-11-27 (SE): exec Report, TTPadmin flag set to account (AS1)
- 2012-11-27 (AS1): exec report with screenshot of affected record, displays "Trusted Third Parties", id 152901
- 2012-11-27 (AS2): exec report with screenshot of affected record, displays "Vertrauenswürdige Dritte (TTP)" (in German), id 152901
- 2012-11-27 (A): Intermediate Ruling #2
- 2012-11-27 (SE): exec Report, assurance revoked, TTPadmin reset
Dispute Filing
minuted within Software-Assessment project telco 2012-11-27
Claimant: Michael Taenzer Disputes text: ================================================================ Please test that bug#855 is fixed on production system requested Testscenario: SE: to set TTPadmin on account Marcus Maengel user1: (Marcus Maengel) set TTPadmin=1 to TTPadmin by Support-Engineer user2: who should receive TTP assurance: Benny Baumann ================================================================
Original Dispute, Discovery (Private Part) (optional)
Link to Arbitration case a20121127.1 (Private Part)
EOT Private Part
Discovery
Software Bug #855
has been transfered to production Bug #855 comment c2782
https://lists.cacert.org/wws/arc/cacert-systemlog/2012-01/msg00005.html
- Under new TTP Program deployment TTP-assisted-assurances entering into the Testserver cacert1.it-sls.de succeedes.
- A couple of Patches handlings results in a couple of Merge conflicts within the last approx 4 weeks
Merge conflict reported bug #978
Merge conflict under bug #1054 (2012-10-23)
Agenda 1.3 patches conflicts (2012-11-20)
- and other Merge conflicts reported by Software-Assessors and Software-developers
Testscenario under TTP/TTPadmins#Current_State_Software signals a potential problem under the current software revision similar to the software revision under production.
Software review by a Software-Assessor in the weekly Software-Assessment project telco 2012-11-27 cannot debilitate the reported potential problem discovered.
- A controlled test scenario with current software revision state under the Production system can answer the question.
- Related Policies, Handbooks
- Newly deployed detailed procedures by Software-Assessment team (relates to 7. SOFTWARE DEVELOPMENT)
- Named parties under proposed testscenario:
m20110213.1 Marcus Mängel for Support Engineer (as TTP-admin)
m20121017.3 Appoint Benny Baumann as Software Assessor (as TTP-assuree)
m20091111.1 Appointing new Support Engineers: Werner Dworak, .. (Executing Support-Engineer)
m20120325.2 Initial TTP Admin Team: Marcus Mängel ..
Intermediate Ruling #1
Software-Assessment cannot identify current state of bug#855 so a online test verification seems the only reasonable way to get rid of the blocking issue that prevents current TTP assurance program.
Benny Baumann accepts, that a test TTP-assurance to be set over his account, and removed afterwards after verification Testassurance by method "Trusted 3rd Parties" by member Marcus Maengel.
Both parties are generaly bound by SP. Processing is under control of Arbitration. and the system will be reset to state before test case starts.
Support-Engineer shall set TTPadmin flag to member account of Marcus Maengel.
Member Marcus Maengel shall start one Assure Someone Process over Benny Baumann with method "Trusted 3rd Parties"
A screenshot of the TTP record under My Points shall be made by member Marcus Maengel and/or Benny Baumann
Frankfurt/Main 2012-11-27
Intermediate Ruling #2
In live system the results shows that TTP assurance is visible as TTP assurance. Test scenario verified.
Support-Engineer shall revoke TTP assurance made by Marcus Maengel over Benny Baumann
Support-Engineer shall reset TTPadmin flag to 0 on user account Marcus Maengel
Frankfurt/Main 2012-11-27
Ruling
- A similar procedure as proposed in dispute filing under this arbitration is still yet undefined under
- Newly deployed detailed procedures by Software-Assessment team (relates to 7. SOFTWARE DEVELOPMENT)
The previous tests under Software-Assessment and Software-Testteam did gave conflicting results, so real TTP-assurances given to be followed by TTP-Assisted-Assurance-Policy that defines "3(e) Assurance must be marked as TTP-Assisted (e.g., by use of TTPAdmin flag)" cannot be vested by Software-Assessors nor Software-Testers to be marked as "TTP-Assisted" under the critical system. So therefor this arbitration case has been started, to confirm that current patch state doesn't conflict with the requirements given by Policies in effect. This confirmation can only be given by a live test under the production system.
At least Security Policy principles defined under SP 1.2. Principles, that has been followed under intermediate ruling #1 and intermediate ruling #2
- Important principles of this Security Policy are:
- dual control -- at least two individuals must control a task
- four eyes -- at least two individuals must participate in a task, one to execute and one to observe.
- redundancy -- no single individual is the only one authorized to perform a task.
- escrow -- where critical information (backups, passphrases) is kept with other parties
- logging -- where events are recorded in a file
- separation of concerns -- when a core task is split between two people from different areas
- Audit -- where external reviewers do checks on practices and policies
- Authority -- every action is authorised by either a policy or by the Arbitrator.
- Execution of intermediate ruling #1 and intermediate ruling #2 was:
- under dual control,
- under four eyes,
- by redundancy,
- logging under this arbitration file,
- separation of concerns and
- authority given under this Arbitration case by Arbitrator
- Important principles of this Security Policy are:
Acceptance by Test TTP-assuree BennyBaumann for privacy reasons has been requested by (A) and accepted by (AS2) prior the process has been started according to AP 4.5 "Permission to the Assurer to conduct the Assurance (required for privacy reasons);"
- (AS1) did not yet assured (AS2)
- All *active* exec parties are still bound to SP by their role under SP (Software-Assessors, Support-Engineers)
- Process did not disclose any privacy data except the privacy data between an Assuree and an Assurer. Permission has been established before the process started.
- Test TTP-assisted-assurance has been revoked, so no test data remains for this case under the production system. All effected accounts under this arbitration execution has been reset to the state prior the test started.
Current case can be set as an example case (not precedent! - requires a separate dispute filing) for Description of Software Development Update Cycle for Emergency Patches of a fast path, interactive session similar to a20100822.1 and a20101114.1 to verify conflicting test results under Software-Assessment and the Quality Assurance Team (as defined under Security Manual - section 7. SOFTWARE DEVELOPMENT on production system.
Frankfurt/Main, 2012-11-28
Execution
- 2012-11-28 (A): final ruling sent to (C), (AS1), (AS2), (SE), (CM)
- 2012-11-28 (A): case closed
Similiar Cases