Before: Arbitrator UlrichSchroeter (A), Respondent: CAcert (R), Claimant: Martijn V (C) Nikolas P (C2) DominikGeorge (C3), Case: a20100207.2

History Log

log from case a20100209.2

Re: Arbitration case a20100209.2 - [s20100208.88] [s20100213.108] Dispute due to difference in the name on the CAP form and the system

Hi all,

Thanks for the reminder on this. While I appreciate this is all run by volunteers...

If this is the average response time for an arbitration case, even one as simple as this, CACert is quickly becoming obsolete.

I'm effectively being prevented from using my certificate & my right to be assured and to assure others by a fault in the CACert.org system & rules.

I was assured at FOSDEM 2010 by most people and it was there that this problem in the CACert rules & online system came to light.

Please don't take this the wrong way, but if a simple arbitration like this can't be settled in a year... then CACert is totally useless for me.

If this relatively simple arbitration request has not been solved before FOSDEM 2011, I will have to conclude that CACert is a nice idea... but nothing more than that. At that time (march 1st, 2011), you can drop this arbitration request as I will be removing my keys and account at that time.

Yours sincerely,

Martijn

EOT log from case a20100209.2

Discovery

Ruling

  1. The minor name change request to remove the suffix, that cannot be verified by at least one ID doc has been confirmed by 6 unexperienced Assurers and Support should execute this as requested (removal of the suffix in the name) to be AP 2.1 conform (A General Rule: don't assure names or name parts you cannot find in at least ID doc)

  2. Client Certificates, that are issued by (C) after 2009-11-08 and that includes the suffix should be revoked
  3. The Assurance in the Face-2-Face meeting wasn't a problem. All 6 Assurers states the main name part to be in the ID docs
  4. But all 6 Assurers didn't take care about the addtl. Suffix in the Online Account, that doesn't match to the presented ID docs and CAP forms and that cannot be confirmed in the Online Account
  5. The Assurers should get an advise on "Assurer Name Errors" and to advice to attend to the next ATE in their area
  6. There are subsequent Arbitration cases with Suffixes in Online Accounts that cannot be confirmed in at least one ID doc / CAP form
    • This problem araises, as the online Join form doesn't guide a bonafide member, to only add names into the fields, that can be verified by at least one ID doc
    • The outsourced check to the Assurers often fails by unexperienced Assurers
    • The problem has been iddentified by experienced Assurers and filed into Disputes
    • So a solution has to be twofolded
      • Training of Assurers
        • In the Assurer Training Events (ATEs) starting 2009 Assurers gets trained with a simple Rule, this should be continued:
          • "don't assure names or name parts you cannot find in at least one ID doc"
          • From psychological viewpoint, Not is impossible to remember, so transitioned to:
          • "Assure only those names and name parts (incl. suffixes) you can read in at least one ID doc"
        • There is no simple rule (exepts AP 2.1) written, what not has to be accepted by an Assurer, but with all the exceptions written in AH this simple rule fades out of mind

        • So Assurance Officer should rethink to add this simple rule and rephrase the simple rule to every chapter that handles name rules and exceptions into Assurance Handbook and PracticeOnNames or by adding a "simplification" section with simple rules, that can be easily remembered and easily followed

      • Guidance in the online Join Form
        • To prevent such problems with Suffixes in the future, Software Developers should update the online Join Form to reflect this simple rule:
          • Possible variations can be:
            • Add a header section like Password guidance onto the Online Form to guide the bonafide members in filling the several name parts into the form fields and to prevent suffixes that cannot be read in at least ID doc to be entered into the form
              • Sample: Entering names: Only add names and name parts (also suffixes) that can be read in at least one ID doc
            • Expand the description text below the Suffix field to
              • Sample: Suffix (optional) / Please only write Name Suffixes into this field that can be verified by at least one ID doc
  7. Removal of Assurances by not answering the Arbitrators request
    • As this is a minor name change dispute filing, the time to wait for an answer can be limited, so not all Assurers needs to answer
    • So no further actions should happen over the Assurer(s) who didn't answered yet, except sending an Assurers advice
    • One Assurer, who requested a "delete my account" (a20100307.1) that dispute filing is currently an open case (I assume, that he will not answer the request until his own Arbitration case will be handled), needs reviewed within this "delete account request" arbitration case. On request for the CAP forms, the Arbitrator of this case should check, if he got the CAP form to this Assurance. If he didn't received the CAP forms from the Assurer in question, he should order, that the Assurance over (C) in this arbitration case has to be revoked.

    • A note should be added to the Arbitration case a20100307.1: to review the CAP forms if received relating to Arbitration case a20100207.2 or revoke the Assurance over (C) of case a20100207.2 if CAP forms aren't received from Assurer in question.

  8. This case can be used as precedent for further cases.
    • for faster arbitration ruling, (C) can assist this process by searching for 2 experienced Assurers who can confirm the name change request thru two seperate additional Assurances
      • (C) should note the primary email adresses of the Assurers, to name them in the dispute filing or
      • One of the Assurers should note the primary email adress of the 2nd Assurer and should give a note to the Arbitrator that these assurances are subject to dispute filing with suffix removal request by the Assuree and the 2 Assurers

Frankfurt/Main, August 18th, 2010

Execution

Similiar Cases

a20090618.4

User wants a name change

a20090621.2

User not registered under full names

a20090618.8

User has non-validated middle name in account

a20090823.1

Assurance with an additional Suffix

a20091124.2

User has shortened form of name in account

a20090618.12

User not registered under full name. Ruling accepts a common short name in the account

Post Arbitration Note


Arbitrations/a20100207.2 (last edited 2011-02-08 03:51:34 by UlrichSchroeter)