Ĩesky | english
To CAcert.org Assurer - Overview - To CAcert.org Individual Assurances Assurer
To Assurance - To Assurance Procedures - To R/L/O - short presentation
RisksLiabilitiesObligations
Including: NRP definition
"Membership has its rewards."
Being a participant in CAcert also has carries Risks, Liabilities and Obligations. This page lists the R/L/O in DRAFT Form. It is primarily driven by DRC A.6
Party |
Risks |
Liabilities |
Obligations |
Comments |
CA |
loss/compromise of root keys; unavailability of systems; theft/compromise of user database |
remedies ruled by Arbitrator |
provide DR, provide Doc, protect system, keep Board in good order to back up everything else |
Management is deficient |
Non-related person (NRP) |
own actions |
"none" As she does not know CAcert, she cannot be "obliged". |
Grandma: as member of the public, using via a browser, who does not know CAcert. |
|
Member |
gets phished; loss/compromise of user data; certificate proves unreliable |
may lose access, may lose value |
as listed in CAcert Community Agreement |
new member of community |
Anonymous Subscriber |
Theft of private key, User name revealed, |
revocation, loss of access, loss of points |
keep key secure, use key responsibly |
Use of an anonymous cert may subject to a higher degree of responsibility due to the protection afforded by anonymity. |
Named Subscriber |
Theft of private key, ID + Info revealed |
ditto |
ditto |
|
RA Assurers |
poorly conducted assurance |
may lose assurance points, Assurer status, as ruled by Arbitrator |
best effort at Assurance, keep Paperwork |
Registration Authorities are those who check credentials of Subscribers. In this case, they are CAcert's Assurers |
All Members |
subject to judgement from Arbitrator in DR, legal suite by NRP outside our jurisdiction, subpoena/order by NRP |
remedies as ruled by Arbitrator, or by Court (in case of NRP/Grandma suit) |
accept CCA, CPS, PP, etc, act within, work to benefit of CAcert and within spirit of principles |
covers all who are registered and thus signed up |
Everyone |
|
liable for criminal actions |
|
|
Terms:
- NRP is Non-related person
DR is Dispute Resolution, in House
Specific risks and obligations with code signing certificates (CSCs)
A summary of the discussion about code signing certificates
Party |
Risks |
Liabilities |
Obligations |
Comments |
Signer |
Key may be compromised and used to sign malware |
Responsible for the code, according to own licence statement |
Keep key secure, revoke compromised key; write own offered licence agreement in accord with code-signing agreement with CAcert |
May be considered "distributor"? |
CAcert |
|
may have to answer to claims from NRPs, vendor |
Has to issue certificates according to the policy |
has to allocate R/L/O between Signer on one hand and vendor on the other hand |
OS / Browser vendor |
|
may have to answer to claims from NRPs |
May only include root certs which conform to their policy; must offer licence to end-users that is compatible with CA's licence; should enable end-users to check certificates for CA name, |
|
Assurer |
gets tricked by malicious coder |
to Arbitrator |
special CSC assurance |
special CSC assurance is a notional thing so far! |
Member |
May run malware |
|
Has to decide wether the signer is trustable |
|
NRP |
May run malware |
|
|
May not rely on certificates issued by CAcert |
Questions
If we want a code signer to sign an additional agreement, what should be contained in the Agreement? Some brainstorming about this topic:
- May not use the CSC to sign malware (I'd feel a bit stupid demanding that, it is just so obvious, but maybe it is necessary)
- May only use CSC to sign specific software (has to be free, not mission critical, environmentally inoffensive, ...)
- Has to confirm that responsibility for signed code is accepted
Has to agree that personal data may be disclosed in case of a dispute (though already contained in the PrivacyPolicy, I'd feel better to explicitly say it again)
- Has to confirm that possible extended risks are known
Other ideas
- A "code signer's challenge", similar to the Assurer Challenge
- Extended verification and traceability for code signers, like copy of ID has to be verified and kept by Assurer
Dispute Resolution
Remedies by Arbitrator, being things that the Arbitrator can rule against any User
- removal/blocking of access to system
- loss of points
- revocation of certificate
- termination of registration as CAcert User
- publication or notification of actions
- and others as the concept develops
Dispute Resolution is described at ArbitrationForum
NRP - Grandma
Within R/L/O, the following was directed (as AD1 200606xx) for Non-related Persons, otherwise known as Grandma:
Grandma is allowed to USE certificates but is not permitted to RELY This matches the normal browser paradigm, where she downloads or installs free software, with no relationship with the supplier. She takes on all the risk of her activity.
A disclaimer and licence for Grandma is found in RDL.
In case she wishes to RELY and make some claim against CAcert, she must join, and become a Member.
Problem: Just in case we manage to get the CAcert root into any browser, the browser (and implicitly many NRPs) may RELY on CAcert-issued certificates.
Liability risks for assurers
The precise liability of an Assurer in any particular case is determined firstly by CAcert's dispute resolution, and may also be determined by external courts in criminal or NRP cases.
The following are notes of guidance only:
The assurer did a good job. The documents were valid and the person is the correct one. ==> The assurer is not in danger because s/he did a good job.
There were minor flaws. For example the documents were recently expired, but the person is the correct one. ==> The result was correct, there are no damages, so any dispute filed is a point of quality.
The assurer really tried to do a good job but was presented forged documents of good quality. ==> Difficult case. Arbitrator will have to decide, assurer has the problem to prove the documents he saw "really looked correct".
The assurer did a bad job. For example s/he assured someone without checking the documents or the documents presented were obviously forged. ==> This is a case of gross negligence which usually makes you liable for damage which resulted from this action. CAcert's dispute resolution may cover this case, if a dispute is filed and no dispute is pending in external courts.
The assurer knowingly made a false assurance ("Ahh, he just wanted to pull a joke on someone") ==> Making false statements with intent to deceive is (an element of) fraud, which is criminal. Criminal fraud, gross or criminal negligence are generally outside civil forums such as CAcert's dispute resolution. An Arbitrator may make a ruling, but this in no way protects the Assurer from further rulings.
If the assurer can be made liable the next question is to what extent s/he can be made liable. One view might be to undo the direct consequences of her/his actions. This can not cover "rebuying grandma's house" which is why grandma is not permitted to rely. Members of CAcert are obliged to not rely in excess.
Country views
Remember that the jurisdiction for Assurances is firstly the CAcert Dispute Resolution system of Arbitration, and the law is firstly that of NSW, Australia.
There are however some exceptions: Criminal areas, cases with NRPs, and countries that do not have an Arbitration Act.
More information on the topic of liability/negligence:
http://de.wikipedia.org/wiki/Schadensersatz for a nice overview on german liability law
http://en.wikipedia.org/wiki/Negligence something similar with focus on anglo american law
Feel free to add other countries views above.