• TTP
• TTPadmins

• To TTP Assisted Assurance Program - Mainpage

TTP Assurer (TTP Admin I)

• All you need to know as TTP Assurer (TTP Admin I)

Questions that needs to be answered on this page

Open questions

• State of TTP Assurer role
  What is the TTP Assurer role?
  How to volunteer as a TTP Assurer?
  Which infos do I need for practical work as TTP Assurer?
  Shall the available list of TTP Assurers be announced to TTP users? To TTP Notaries?
  Is there a register needed for TTPs?
  Where to send the CAP forms from TTPs so they can be received by TTP Assurers?
  State of system implementation -> Bug# 863 and Bug# 864
  Where to direct TTP Users' and TTP Notaries' questions?
  Will there be a TTP Assurer mailing list?
  More questions?

State of TTP Assurer role

• As long as there is no system implementation deployed, so long no TTP Assurer can be activated in the system, so long no TTP Assurer can enter TTP-assisted assurances into the system, so long the TTP program is frozen

• system implementation to enter TTP assurances into the system

  • Bug #863

  • Bug #864

  • Bug #888

• The deployment of this bug# has to be developed, tested and deployed first before any TTP Assurer can enter TTP-assisted assurances into the system
  • The Software-Assessment team is working currently on the Thawte patch. For details read

    • Software-Assessment project page

    • Overview Projects Board page

    • CCA Rollout patch is an Audit blocking factor. That needs to be deployed as well. So the question here will be if the TTP patch will be deployed before or after the CCA Rollout patch
    • Current plans from Software-Assessment team to handle projects are:
      1. Thawte Patch
      2. several Policy and Arbitration related patches (this may include the TTP patches)
      3. CCA Rollout patch
    • but the order may be turned around if the Thawte patch needs much more time to deploy

• Patch bug #1023 is a rewrite of the Assure Someone procedure. This patch probably also solves the "old" TTP assurance bug, the leaves empty assurance method fields. Patch bug #1023 is currently under testing (see Testers Main Portal. Once this patch is transfered to the critical system, TTP assisted assurances can be entered upto 35 pts max with method "Trusted 3rd Parties" (hey, selection box on cacert1.it-sls.de also lists TopUP ) so 2 TTP assisted assurances can be entered for a user. TopUP procedure not yet deployed.

TTP Assurers (active)

• TTP-admin	Motion
  Ian G	m20120325.2 (2012-03-18)
  Jeffery Frederick	m20120325.2 (2012-03-18)
  Marcus Mängel	m20120325.2 (2012-03-18)
  UlrichSchroeter	m20120325.2 (2012-03-18)

Internal (only for TTP assurer, Private Part)

TTP Assurers (volunteers)

• If you are interested in becoming a TTP Assurer, just add your name to this list. The responsible officer (AO) will get in contact with you and guide you into the process.

  TTP-admin	Motion
  Andreas A.
  Dominik George
  Marek M. Mazur
  Raoul Xavier Boerlage
  Sebastian Küppers

• x1) m20120318.# first motion, initial team for first trial and finishing documentation

TTP Assurer Tasks I

What are the tasks of a TTP Assurer?

The tasks of a TTP Assurer is:

• Create and send the TTP CAP form to the TTP user. The TTP CAP form is created from the WebDB by the TTP Assurer and will be pre-filled with the TTP user's data and the TTP Assurer's postal address.

  • (u60): 2012-03-25 A PDF form is currently WIP, not publicly available

• Maybe help in clearing questions of TTPs and TTP Users
• Receive TTP CAP forms via snail mail and keep the form for 7 years similar to the normal CAP forms.
• Check the reliability of the TTP
• Enter the TTP assurance data into the WebDB.
• In case of TopUP request:
  • send request info to TTP info channel for request of TTP TopUP ? (current system implementation does not give any info or forwards any info to a potential TopUP admin)
  • a TopUP admin has to request the TTP cap forms from the TTP-admins #1 and #2 (scan sent by email? or sent by snail mail?) or TTP-admin has to forward TTP CAP form automaticly to TTP TopUP assurer? to whom?)

How to verify the reliability of a TTP?

Have a look into the list of approved TTP for the desired country whether the TTP is approved.

Go to the country list to verify the TTP e.g. with the registration number. In some cases there are registers to cross check the registration number, otherwise there should be an advice there how to check the TTP.

• List of registers ?

WIP

Requirements

• Must be Senior-Assurer
  • 100 Assurance Points, 50 Experience Points
  • has attended an ATE
  • passed a co-audited assurance
• Interview with the responsible officer (AO) (interview can be made by every TTPadmin, proposal/nomination in TTPadmins group?)
• The responsible officer (AO) will appoint the TTP Admin, send a notification to the board, request support to set TTPadmin flag category TTPadmin
• TTPadmin flag set in User account
• Before TTPadmin flags can be set, a clean-up needs to be done on production system

  • (u60) 2010-10-11 first part finished with release of Bug #855

• Before TTPadmin flags can be set, a procedure needs to be documented for Support-Engineers

  • (u60) 2010-10-11

• Candidate needs to get a CAcert mail address
• Candidate needs to subscribe Mailing list / needs an account for OTRS

  • (u60) 2012-03-25: closed mailing list for TTPadmins created cacert-ttp-admin@l.c.o

List of Approved TTPs

• A list of TTPs that are accepted by CAcert needs to be deployed.

  • List of approved TTP by country for new TTP-assisted-assurance program lists the approved TTPs for each country. If not yet in the list, TTP program needs to be deployed for this country first.

• The old Assurers TTP Matrix (inactivated) is only a suggestion from the old days program that needs to be get approved. Needs the TTP be listed in a register that can be checked by a TTP Admin?

Will there be a mailing list for TTPs?

• There should be a closed mailing list for TTP Assurer to communicate internally and to find the TTP requests.
• Should TTP Assuers use OTRS?

  • (u60) 2012-03-25: closed mailing list for TTPadmins created cacert-ttp-admin@l.c.o

Where to direct TTP Users' and TTP Notaries' questions?

• Main contact is support
• Once the TTP Assurer sends the TTP CAP form to the TTP User, he is also a contact for questions.
  • (u60): is the email address of the TTPadmin also on the new TTPCAP proposal ?

Where to send the CAP forms from TTPs so they can be received by TTP Assurers?

Since the TTP Assurer sends a pre-filled TTP CAP form with his postal address to the user, the TTP user and TTP knows where to send the TTP CAP form to.

Shall the available list of TTP Assurer be announced to TTP users? To TTP Notaries?

• As the main contact for any questions is support, all questions should be sent there, so no need for a detailed list with addresses. The list should only show the names so that the TTP user and TTP can verify that the person is really a TTP Assurer. Also, the TTP-admin should use his @cacert.org address in sending the prefilled TTPCAP form.
• Once the TTP Assurer sends the TTP CAP form to the TTP User, he is also a contact for questions.
• Should the mailing list be a place of contact for TTPs if they have question about CAcert and TTP related topics?
  • (u60): email address of TTP-admin also to add to the TTPCAP form ?

Intermediate procedure until the CAcert software is running with all features

1. User sends request via mail to Support (or TTP group)
2. Support checks user account and enters result in a note into OTRS:
   • Are TTP assurances entered?
     • If one is present, write down the place, date, registration number and name of TTP as well as the name of the TTP Assurer
     • If two are present, write down for each the place, date, registration number and name of TTP as well as the name of the TTP Assurer and request for TTP TOPUP
     • If two TTP and a TTP TOPUP entries are present, stop process
   • If account shows more than 100 points, stop process
   • Name, DoB and primary email address of the user are entered (why DoB needs to be added to the OTRS ticket ?!?), Name and email should be enough to contact the requestor
3. Support forwards request to TTP mailing list and closes the ticket.
4. One of the available TTP admin picks up the request, prepares a PDF and sends it to the primary email address of the user, adding his own postal address to the mail (+ TTPadmins email address: the TTP user receives the email and can reply to the TTP Admin, the TTP cannot reply the email to the TTP user, so therefor the email address of the TTP admin should be added to the TTPCAP form)

   • The TTP Assurer creates a TTP CAP form as PDF form for internal use. TTP admin goes to WoT and Assurer someone to get the personal data but does not finish the assurance.
     In this form the TTP Assurer enters the user name, DoB and primary email address and creates a personalized PDF file for the user.
     The TTP Assurer sends this PDF file to the user with his own postal address. The TTP user prepares an envelope and hands it over to the TTP. The TTP sends back the filled and signed TTP CAP form in the prepared envelope.
     If it is the second request, the TTP Assurer has to point out that the user is not allowed to go to the first TTP again, which shall be stated clearly in the mailing.

      Dear <user>,
     
      you requested a TTP assurance. Attached you will find the personalized TTP CAP form.
      Please print this out and take all pages to the meeting with the TTP.
      Check if your personal data entered in the TTP CAP is correct. If there are any errors report them to me.
      
      <Optional: Your first TTP assurance was done with <name first TTP> in <place of first TTP>.
      You are not allowed to do the second TTP assurance with the same person. 
      In case you will take the same TTP again, the assurance will not be accepted and not entered into the system.> 
     
      Once you finished the meeting with the TTP, send back the filled, signed and sealed page to my postal address:
      TTP Assurer
      Street
      Town ZIP
      Country
      
      If anything is unclear or you want additional information, do not hesitate to ask.
     
      Best regards
      TTP Assurer 

5. The user goes to the TTP, gets verified. The TTP sends back the filled form via paper mail to the TTP Assurer

6. TTP Admin enters TTP Assurance "Assure someone" into the WoT part of the software.
   Regard the following changes compared to a normal assurance:

   • method: TTP
   • location: Place, Name of TTP, registration Number, date of TTP f2f meeting
   • date: Date the TTP admin enters the TTP assisted assurance into the system

Where to find CAP forms?

First draftCAP forms for TTP-Assisted-Assurances (WIP) of a TTP-CAP form. As there is a actual TTP CAP available you have to request it via support.

Draft You have to request a TTP-CAP-Form with an email to support.

• CategoryAssurance

• CategoryAssuranceTTP