- Case Number: a20140928.1
- Status: withdrawn
- Claimant: CAcert(board) - entered by Juergen B
- Respondent: CAcert
initial Case Manager: EvaStöwe
- Case Manager: none
- Arbitrator: none
- Date of arbitration start: 201Y-MM-DD
- Date of withdraw: 2016-07-02
- Case closed: 2016-08-31
- Complaint: Dispute about the issue with non-ASCII-characters from 2014-08-28
- Relief: TBD
Before: Arbitrator name arbitrator (A), Respondent: CAcert (R), Claimant: Juergen B (C), Case: a20140928.1
History Log
- 2014-09-28 (issue.c.o): case [s20140928.131]
- 2014-10-02 (iCM): added to wiki, request for CM / A
- 2014-10-02 (iCM): notified C about case
- 2014-10-02 (Jürgen B for C): asks iCM to treat this case as urgent
- 2016-06-19 (iCM): informs Jürgen and board, that the case looks like a case filed by board and not as a personal case by Jürgen, would update case accordingly; asks board if there is a need to continue it, as case is old and regrettably no CM and Arbitrator could be found so far to handle it
- 2016-06-19 (Jürgen): iCM is right, it's not a personal case
- 2016-06-20 (a board-member): suggests to withdraw case, because it's more like something for the security officer(board) and also quite old
- 2016-06-21 (iCM): answer to board some comments/clarification
- 2016-07-02 (board): discussed case at board meeting
- 2016-07-02 (C): withdraw case with motion m20160702.7
Private Part
Link to Arbitration case a20140928.1 (Private Part), Access for (CM) + (A) only
EOT Private Part
original Dispute
I want to file a dispute to clarify possible consequences for the issue discovered and treated at 2014-08-28. At said date a member discovered that accounts, which held names with special characters were not displayed correctly on the website. The issue itself was fixed within hours and is currently described at https://wiki.cacert.org/SecurityManual/IncidentReports as 2. But there was a time frame where the affected members could either have been assured wrongly or issued wrong certificates with missing name parts. If this is the case, there may be a need to revoke them and inform the affected members. As the problem was probably introduced by an update process done on the critical system, it may be useful to review and improve the processes for such updates to prevent likewise issues in the future. I also think that there is a need to communicate the issue and its resolution and consequences broadly. If we are not transparent with incidents like this, I fear that we jeopardise our reputation and credibility.
Discovery
At 2016-07-02 the claimant motioned to withdraw from this case:
The motion with the identifier m20160702.7 has been accepted. Motion: Withdraw from 20140928.1 Resolved, that CAcert Inc withdraws from case a20140928.1. The case relates to certificates that might have been issued, but no evidence presented of that. If such certificates were issued, they are almost expired. The case is more a security incident than an arbitration and documented as 1.2 in http://wiki.cacert.org/SecurityManual/IncidentReports https://wiki.cacert.org/Arbitrations/a20140928.1 As a general comment, the filing of cases in uncertain situations is to be discouraged. The community should be encouraged to do more of the investigation and respond with facts so that others can help. Throwing a case over the wall to arbitration results in clogged arbitration, not resolution. Any review of DRP should ask how to encourage more active cleaning of the case load and more skepticism over marginal and make-work cases. [Note: motion recorded from committee meeting] Vote type: motion Ayes: 4 Nayes: 0 Abstentions: 0 Percentage: 100%
Ruling
none - case was withdrawn.
Similiar Cases
To be identified if there are any.