* Case Number: a20140627.1 * Status: init * Claimant: Benny B * Respondent: Critical Team * initial Case Manager: EvaStöewe * Case Manager: name case manager * Arbitrator: name arbitrator * Date of arbitration start: 201Y-MM-DD * Date of ruling: 201Y-MM-DD * Case closed: 201Y-MM-DD * Complaint: critical team certificate * Relief: 1. Ensure a proper Organization Certificate for CAcert is used to make this certificate official and independently verifyable 1. Determine which members hold role addresses of cacert.org in their (personal) account and decide on how to proceed with them 1. Propose further actions on the proceedings with role addresses of cacert.org when a X.509 certificate is involved. Update: at 2015-02-10 (C) declared that point 1 is resolved Before: Arbitrator name arbitrator (A), Respondent: Critical Team (R), Claimant: Benny B (C), Case: a20140627.1 == History Log == . 2014-06-26 (issue.c.o): case [s20140626.103] . 2014-07-06 (iCM): added to wiki, request for CM / A . 2014-07-06 (iCM): send notification about case to C, R . 2014-07-07 (iCM): repeats notification mail to R, because R remarked in the context of another case to not be aware about this case . 2014-07-26 (iCM): repeats request for CM / A . 2015-02-09 (iCM): asks C if the case is still needed . 2015-02-10 (C): part 1 is resolved but case is still needed for other parts, but not urgent == Private Part == * '''Link to Arbitration case [[Arbitrations/priv/a20140627.1|a20140627.1 (Private Part)]], Access for (CM) + (A) only''' ## ==> INCLUDE SECTION BOT <> ## <== INCLUDE SECTION EOT ==== EOT Private Part ==== == original Dispute == {{{ I'd like to file a dispute to check whether the X.509 certificate provided by critical at [0][1] based on ruling [2][3] is suitable for independent verification by third-parties and thus for the intended purpose of identifying and representing the critical team. I doubt the suitability due to the following facts: a) The certificate is a member account certificate without a name. As such no verification, except that there exists an account that has had access to verify the critical-admin@cacert.org email address, can be done. This is not sufficient if critical and high-risk actions have to be secured by this certificate. b) The certificate does not indicate any relation to CAcert as part of its certificate subject. As such it could have been issued in error easily and thus be a spoof of a real certificate. This means in particular that this certificate fails to associate the identity of the critical admin and the official role as one of the teams at CAcert. Please handle at least the following issues: 1. Ensure a proper Organization Certificate for CAcert is used to make this certificate official and independently verifyable 2. Determine which members hold role addresses of cacert.org in their (personal) account and decide on how to proceed with them 3. Propose further actions on the proceedings with role addresses of cacert.org when a X.509 certificate is involved. Kind regards, Benny B[...] [0] https://wiki.cacert.org/SystemAdministration [1] https://wiki.cacert.org/SystemAdministration?action=AttachFile&do=view&targ[..] [2] https://wiki.cacert.org/Arbitrations/a20140422.1 [3] Ruling received internally via Message-ID <5399C16E.2030708@cacert.org> }}} == Discovery == == Ruling == == Execution == == Similiar Cases == ---- . CategoryArbitration . CategoryArbCaseOthers