česky | dansk | deutsch | english | español | français | italiano | lingála | netherlands | magyar | polski | português |
FAQ: How to Terminate CAcert Membership
see also: FAQ: Account Removal
How Termination of an Account affects the WoT
By creating an account on the main website www.cacert.org you have to agree to the CAcert Community Agreement (CCA).
- This CCA includes the definitions of Risks/Liabilities/Obligations and the binding to the CAcert's internal Arbitration forum.
- By leaving CAcert, this CAcert Community Agreement has to be terminated.
- Termination of the CCA can only be ruled by Arbitration or a process defined by Arbitraiton.
- For non-special cases there exists such a process that can be executed by Support directly.
- If you start working with your account using the CAcert services by issuing certificates or getting assurances, becoming an Assurer, assure others, you start building up a framework of reliance, where the Community relies on. This is the so called Web Of Trust (WoT).
- On your termination request, all these acts of reliance have to be revoked, cancelled or fade out.
- Dependent on your activities, you have build up more or less reliance where other Community members may RELY.
Dependencies between Termination and Reliance
Action
Reliance x1)
How to terminate
Create an Account
Low
Mail to Support
Issueing Certificates
High
Revoke Certificates
Receiving Assurances
Low
user record still remains
Becoming Assurer
Low
Revoke CATS test results
Assure others
High
fade out, at best transfer collected CAP forms to CAcert under authority of an Arbitrator
- x1) Reliance ... by other Community Members
- So there is a difference between creating an account and doing nothing, or creating an account and starting to use the full services up to becoming Assurer and assure others
- The main two topics are:
- User has created certificates, this includes Client Certificates, Server Certificates, signing GPG/PGP keys.
- User has assured others.
- There are also other topics like:
- is the user involved in an existing running dispute in other Arbitration cases ?
- has the user moved or has started moving into a role with other relations and reliance
- Is Organisation Admin ?
- Is Organisation Assurer ?
- Is TTP-Admin ?
- Is Infrastructure Admin ? and probably more ...
- Has the user requested for Code-Signing ?
How to Terminate ?
You have to start your Termination Request by writing a mail to SUPPORT <support AT cacert SPAMFREE DOT org> with the subject 'Account Removal'
- If you write the email from another account than the primary email address in your account, add your primary email address in the body of your mail.
- After sending the mail, support checks the conditions. In most cases support will contact you and handle the case. In demanding cases a Case Manager and Arbitrator will pick up your case and contact you with the initial notification, that the Arbitration process starts.
- You will be asked to confirm your request.
- If you don't confirm your termination request, the process continues automaticly after about 14 days
proposal HaVe: If you don't confirm your termination request, the request is cancelled.
(u60) cancel request runs into the problem, that the leaving user do no longer takes care about the accounts. So process has to continue - at least lock the account and revoke the certs (see reliance)
- It can need a few days until you will be contacted, as both, Support and Arbitration are done by volunteers.
How the Reliance impact can be solved ?
- As shown, a user can build up reliance in his time using the account. Each act of reliance must be solved before termination can succeed. For each reliance topic there are different solutions.
- Certificates issued
- The easiest way is to revoke all certificates. A grace period of 3 months has to be passed, before termination can succeed.
Revocation of certificates can be easily handled by the user itself, by going onto his account, select the appropriate menu selections and click revoke this certificate.
- All the certificatescan of an account also be revoked by Support.
- Regrettably PGP signatures cannot be revoked, but it is planned to change this with a software change, eventually. PGP signatures are valid for 1 year. Afterwards the same grace period of 3 months has to be passed.
- Assurances received
- The reliance build to other members is low, but there are relations that may affect the WoT.
- By assuring the user, the assurer builds up experience with the assurance process. This is reflected by the experience points in the assurers account. By this, recieved assurance can have an impact on the assurance points the assurer may award by further assurances. Removing the users account, leaves an orphan record in the 'assurances given' list of the assurer. Therefore the users record cannot be deleted completely.
- The user has a valid interest, to not be identifiable with the remaing entries, after the termination. For this, all information by which the user could be identified, gets removed or anonymized. This is done by anonyming the personal data in the account completely - Names, DoB, location, settings, email address(es), domains and so forth are removed, where possible, else anonymized. The primary email address and name fields are replaced with the a case number.
- At the end of the process, the account record remains in the system, but with all user identifiable data being removed or anonymized.
- The reliance build to other members is low, but there are relations that may affect the WoT.
- Becoming an Assurer
- Becoming an assurer means, the user has received at least 100 assurance points and passed the CATS test.
This has no impact onto the WoT, but allows the user to start giving Assurances or request for the Code-Signing flag (-> potential code-signing started? This is handled through revoking all certs.)
- Giving Assurances
- This topic has a high impact onto the WoT. With each Assurance given, the assurer makes an assurance statement to the community: "I have verified this user's identity and my reliance into the users identity is reflected by my given assurance points."
- This assurance statement is documented on a CAP form.
- If there is a problem regarding assurees identity or with his certs, a dispute can be filed and an Arbitrator may request informations from the assurer about the users identity. The Arbitrator may ask to see the CAP form, in this case.
- Terminating and leaving means, that no Arbitrator in a future arbitration case can request informations from the assurer about the identity of the user.
- Therefore a leaving assurer is asked, to hand over all his CAP forms, to an Arbitrator or another Assurer authorised by the Arbitrator.
- In this case, an Arbitrator would be able to request the information from the CAP forms, even after the assurer has left the community.
- WoT is saved.
- If the CAP forms are not handed over, the Arbitrator of such a case probably would have to revoke the assurance.
- The Assurers account record handling is similar to the 'Assurances received' handling. All personal data in the users record is either removed or anonymized, the record is left in the system.
- The Assurances given records may impact another users assurance points level (50 Assurance points = user can issue certificates with his name in it, 100 Assurance points = pass the CATS test, become an Assurer, request code-signing). Removing these records, would have an impact to several other users, who would loose assurance points and maybe drop below a certain level.
- To prevent this, the assurance records have to be kept.
- After the "Delete my Account" procedure, other users will see the case number as the assurers name.
Food for Thought
Think off your decision to leave ?
- rethinking "keep your account open"
- not using the services today does not mean you cannot use the services in a year or two
What does Remove Me mean ?
- the sample of "remove me" in the mailing list
- "remove me" is misleading if posted in mailing list
- "remove me" in mailing list means "unsubscribe" but this is not to terminate the CCA
- "remove me" but can also mean, "please remove my account"
- so, please to be precise of what you want to have to be removed ...