DRG-ATE-2012
The Story of our ATE and co-audit project
Certification Authorities are typically thought to verify and certify Identities of individuals and companies. The presumption is that this identification allows people to conduct trade more readily, on a basis of trust.
In its goal to build a CA, CAcert started with the web-of-trust approach pioneered by the PGP community. In this approach, people collect many small verifications from the individuals in the community, and the aggregate of those is thought to be stronger than the single hierarchical state-driven verification provided at your local Post Office or other designated places.
CAcert has since inception built up a network of thousands of Assurers, being experienced community members who can verify the community. They themselves are verified by several others, and are tested to a basic level.
However, CAcert ran into a problem: its audit, required to enter the browsers as a "trusted" CA, said that it needs a method for quality control over its many verifiers of the community. As we have today 4,414 Assurers, this is no easy task. Further, as we have already used the online testing method, we need something orthogonal to online methods.
To create a distributed & verifiable network of verifiers was quite a challenge. Without knowing quite how to do it, the Auditor of the time started testing individuals on a one-by-one basis at CeBIT in 2009. It was obvious that this would not scale up, but something had to be done to get a grip on the scope & scale of the problem.
Curiously, the initial testing was enough of a shock to force wider minds to think.
Several of our Assurers felt that these tests were showing something important. To address the lack, they developed a face-to-face presentation to cover the essential points. This was then presented in evening and afternoon classes in various cities around Germany. After that, the same Auditor's test was delivered to the attendees by the experienced Assurers. After a few months of this, we met together and realised that we had enough information to make a statistically sound judgement.
Out of this process the Assurer Training Event process was born. We have now conducted around 20 of these events around the world, primarily in Europe and Australia. We have tested around 200 full assurers and reached out to many more.
The Process
The ATE is a series of conventional powerpoint style-slides in OpenOffice which is presented over a 90 minute stint. It covers the essentials. For example, the 5 claims made in the Assurance Statement are presented as a 5 fingers metaphor.
After the presentation, our best Assurers do what is known as a co-audited Assurance with each of the others. This includes injecting errors into the process, and afterwards coaching the Assurer on the whole thing. This takes around 10 minutes per Assurer.
Shortfalls & Difficulties
However, scaleability is still an issue. We have co-auditors available who have passed the rigourous knowledge and practical tests. And they have to travel far and wide to reach out to our communities, as well as attempt to identify more potential co-auditors and bring them up to that standard (a process that takes a few days).
All are volunteers, most have jobs and busy lives. Many volunteer their free time willingly, but costs are an issue.
The Proposal
We propose to use the grant money to enhance and distribute our working ATE / co-audit project. A co-auditor will travel to some location in the world where there is a cluster of Assurers, present an ATE, then return.
We do this on the cheap, using discount flights and using community provided accomodation. For example, a tour in 2009 of 8 European locations was budgetted at 1500 Euros, and a tour of 4 Australian locations came in at 1050 AUD.
The money will be primarily limited to travel budget for ATEs where there is a good group of Assurers. There are two other potential needs that might tap this budget: bringing new co-auditors up to standard, and an annual meeting of the co-auditors to collate, analyse and prepare for the next year. However, for various reasons, the best ROI is found in ATEs and travel with our existing co-auditors.
The Innovation
In governance terms, this process is the final step in a journey. The first step was to take the hitherto anarchic web of trust from the PGP community and bolster it with testing, policies and controls at the individual level. We turned our web of trust into a network of reliable individuals, each meeting an individual minimum standard driven by policy and controlled by quality measures.
Now, we are turning that network of reliable individuals into a reliable network of individuals. This process of statistical, one-on-one measurements takes a peer-to-peer web and turns it into an verifiable institution of assurance that will meet the needs of conventional business, as well as appeal to our own sense of individual empowerment and leadership.
The innvoation of co-auditing marks the final step to prepare CAcert's network of Assurers for audit as Registration Authorities.
Reason for Grant
The co-audit project has already been declared minimally successful by the ex-Auditor, but as a process needs to be rolled out more fully and forcefully across more Assurers. We especially need more geographical coverage (USA should start soon) and we need many more co-auditors. Progress is slow because our existing people only have limited travel time and budget (own hobby money).
ATEs are also a critical part of our recruiting. We need good people to do dozens of projects towards our eventual goal of being auditable. The more we can spread and teach the process of good Assurance, the more we bring in the experienced and professional projects people. It is this advantage that drives us on!
ATEs are also important social events bringing our community together, and opportunities to work on other projects, face to face.
The Components
The entire process consists of:
- Our ATE presentation, being a set of around 100 slides.
- the Co-audit Assurance which is done the Assurer over the co-auditor. Mistakes are injected according to a script.
- a simple website / database which collects all the results of the co-audited Assurances and presents them in the statistical fashion.
- The convention of reporting is glued together with CARS (the CAcert Assurer Reliable Statement) which signify that each report is reliable.
Notes on disclosure
The set of tests and data from the tests is not published so as to preserve the efficacy of the process. All other documentation is published under Creative Commons (by-sa-3.0-au) (1).
The website source code is not currently published as open source, but will be (if the grant is awarded. It is XXXXX tarballed and archived and more or less ready to roll out. It will be under GPL.
Plan
Preamble and Caveat
(need: budget plan and resource requirements Development and implementation time line Performance goals)
Planning an ATE tour is like solving a travelling salesman problem. In practice it depends on a lot of factors, some static, some dynamic. The primary considerations are a co-auditor with spare time to travel and present, and the availability of local, on-ground support. In addition:
- availability of discount flights
- local support for accomodation of co-auditor and venue
- population size [1] and transport hubs
- character of town (e.g., Bay Area, Boston)
- availability of a couple of experienced local Assurers
- (so as to bring non-Assurers up to full 100 Assurance Points)
Once the co-auditor is identified (and his/her timeframe is set), the recruitment process for the above factors starts. Generally this is taken on an availability basis.
USA Plan
Given the above caveats, let's hypothesize a very big tour across USA [2]. This would involve a co-auditor leap-frogging across in one coordinated tour. We currently have no co-auditors in USA, so we have to fly one in.
Location
Day
Flight
comments
Main flight
1
500
ex-Europe (Frankfurt)
New York, starting point.
3
0
Washington DC
5
200
Miami
9
200
latino connection
Dallas
12
200
biggest hub
San Diego
15
200
mexican connection
Los Angeles
17
100
San Francisco/San Jose
19
100
meet with Mozo
Seattle
23
150
meet with Microsoft
Chicago
25
200
Boston
27
100
university town
Main flight to Europe
31
500
back to Frankfurt
Per Diem
1000
(most should be local)
Total Budget
3450
In practice, a series of smaller journeys is more likely due to time constraints. For example, here is a plan for completely finishing the ANZ tour:
Location
Days
Flight
comments
Wellington NZ
2
400
One trip to cover both islands
Auckland NZ
2
200
Perth AU
3
400
ex-Canberra, most expensive flight
Wollongong NSW AU
2
50
drive ex-Canberra
Sydney (2) NSW AU
1
50
from Wollongong to Sydney
Newcastle NSW AU
2
50
then up to Newcastle, and drive back to Canberra
Adelaide AU
2
200
flight ex-Canberra
Hobart
3
150
flight ex-Canberra
Per Diem
500
(most should be local)
Total Budget
2000
These events and trips would be spread across a period of time, as we have one co-auditor in Australia. There is no need to cram in as much in one mammoth trip.
Our Priorities
Priorities:
- USA
- South America. WE can purchase multi-hop tickets covering 4-8 major cities, ex-USA.
- Asia.
- Australia / NZ (complete the 2011 tour)
- Europe: UK, Spain/Portugal, Scandanavia.
Our current progress in Tours
- 2009 Germany has been covered by a series of weekend ATEs.
- 2009 Spring Tour covered Europe outside Germany.
- 2010 Australian Tour covered 4 cities using available time and budget.
Letters of Support?
Administrative details:
Team
Project Leader: Ulrich Schroeter, Assurance Officer
- Project Name: ATE rollout 2012
Co-auditors: Joost, Iang, Dirk, Dominik, Alexander, Mario, Ted includes links to more biographies.
Governance
The Grant will be financially administered by CAcert Inc. Monies will be paid into CAcert's main bank account in Australia (Westpac), and disbursed from there, as a sub-project under the Committee's standing arrangments for managing funds.