## 20160614 AK ---- [[Support/SE/CZ|Ĩesky]] | '''english''' ---- ## page was renamed from comma/Support/SE . '''To [[Support/Handbook|Support Handbook - Mainpage]]''' == Purpose == || The Role of Support Engineer Team is to fix support problems || * Support Engineers are empowered to see stuff that others cannot see * Changing things, and in many cases seeing things, requires ''authority''. * this page documents the various incoming acts and resultant outgoing acts. * this page is intended to be the SE team's primary resource. SET is part of the overall [[Support/Team|Support Team]]. This is your page. Other documentation is at: 1. The "bible" of support: [[https://svn.cacert.org/CAcert/Policies/SecurityPolicy.html#8|Security Policy #8 Support]] which is formal and binding policy over you and the Community. 1. Each Security Policy section has a matching section in the Security Manual: [[https://wiki.cacert.org/SecurityManual#SUPPORT|Security Manual #8 Support]]. This latter section is managed by the [[Brain/Support/TeamLeader|Support t/l]] so it is easy to suggest changes. 1. This wiki tree has an Index at [[Support]]. Keep that up-to-date and friendly, because also Members seeking help will go there. The Support Engineer should be familiar with these documents. == The Picture == An evolving picture: {{{ triage | \|/ | /--<-----<---arbitrators \ / |\ \ / \ \ / \ SE channel Case Managers \ /|\ \ | \ / \ / Support Engineer ---> disputes | /|\ /|\ | | | /|\ | | / | \ | (via support) / | \ | | / | user feedback | / \ | / meta \ \|/ / channel \---> help channel }}} == The Resources == There are several resources available to you. See [[Support/Triage|Triage]] for description of buckets. Resources {{{ -----sysadms / / Support Engineer <--- resources <---- buckets \ \ \ \--- online system \ \--- feedback from member }}} === Languages === * [[http://translate.google.com/#de|en|Translations by Google]]. If a support mail is written in a language unfamiliar to you, it is likely that [[http://translate.google.com/#de|en|Google Translate]] can find enough of a sense of it to tell you what to do next. * Fiddle around to get the best options, then bookmark the link. * ''Think Twice'' before leaking privacy info to google. Have a shot at anonymising the message first. Of course, this is unreliable because you might not be able to read it anyway.... * There are lists for some of the communities where you can ask for a quick translator. === Abuse / Security / Systems === Anything like an abuse, security weakness, disclosure, attack should alert the sysadms or the programmers. * If not-information-sensitive, send to the [[https://lists.cacert.org/wws/arc/cacert-sysadm|sysadm maillist]]. * If ''information-sensitive'', look in the list of [[SystemAdministration|Systems Administrators' Page]] for a list of appropriate people, and/or try the "staff" list there. * Complaints about spam or other abuse apparently from CAcert have to be dealt with quickly because upstream suppliers of bandwidth might act to cut off the services. * Note there should be an abuse@co email address. This channel should go directly to the sysadms. * Check whether this is working, and figure out whether it is being handled properly. Abuse@co is the channel that sysadms understand, but it isn't used that often, so it might have been broken in the meantime. * Tested on Dec 8, 2009: abuse@co mail is working and mail was delivered to support@co. * Follow it up to make sure the technical team is on the case. Abuses, breaches, etc often get lost because of hand-over problems. Don't be shy. Seek help and fast. The more eyeballs, the better. You aren't expected to understand what the system is all about ... ''but you are expected to find someone who does...'' Consider for serious cases: * If there is a breach of Security Policy or similar, consider filing a dispute. The Arbitrator may be required to provide dual control or 4-eyes. * for a serious breach or a security disclosure, alert the Board which currently handles the portfolio of security officer. * Security and systems Incidents are covered by [[https://svn.cacert.org/CAcert/Policies/SecurityPolicy.html#5|Security Policy #5 Incident Response]] and by matching section [[https://wiki.cacert.org/SecurityManual#INCIDENT_RESPONSE|Security Manual #5 Incident Response]]. * For the big deal, we may find ourselves in a fully-fledged [[https://svn.cacert.org/CAcert/Policies/SecurityPolicy.html#6|Security Policy #6 Disaster Recovery]] (matching section [[https://wiki.cacert.org/SecurityManual#DISASTER_RECOVERY|Security Manual #6 Disaster Recovery]]). * The Security Engineer may very well be the first person to spot the disaster. If you see this, be prepared to start notifying people. * There is no clear or predictable line between ''crying wolf'' and being eaten. Start small, but escalate until it becomes clear. == The Resolutions == As SE you can resolve this to a next level resource: ||''Resolution''||''short''||''location''||''notes''|| ||Help Team|| '''help''' || cacert-support@ || to be rebuilt as a forum sometime || ||Disputes|| '''disputes''' || cacert-disputes@ || good to go || ||meta-discussion|| '''meta''' || IRC #se || if it is not privacy-sensitive || ||Systems administrators|| '''sysadm''' || cacert-sysadm@ || may be able to help, or may not || ||Sysadms || '''sysadm''' || [[SystemAdministration|Systems Administrators' Page]] || look at the staffing list there for appropriate admin email addresses || ||CATS || '''cats''' || cacert-education@ || all CATS related questions, infos || * [[Support/SE/Manual|Manual on operation of the online system]] * on recovering passwords, see [[Support/SE/PasswordRecovery|guidelines on recovering passwords]] (SEs only) * [[https://svn.cacert.org/CAcert/Support/SupportOfArbitration.html|Support of Arbitration Guidelines]] * [[Support/SE/templates|guillaume's template emails]] * [[AdminLeftTheCompany]] === Requests for Information === The general rule is that a Support Engineer needs an ''authority'' to hand out any information. In general, see, [[https://svn.cacert.org/CAcert/Policies/SecurityPolicy.html#1.2|SP 1.2]], [[http://www.cacert.org/policy/DisputeResolutionPolicy.php#0.1|DRP 0.1]] and in particular [[https://svn.cacert.org/CAcert/Policies/SecurityPolicy.html#8.1|SP 8.1]]: '''''8.1. Authority''''' ''.... Support Engineers do not have any inherent authority to take any action, and they have have to get authority on a case-by-case basis. The authority required in each case must be guided by this policy or the Security Manual or other clearly applicable document. If the Member's authority is not in doubt, the Member can give that authority. If not, the Arbitrator's authority must be sought.'' So, any question needs to establish that authority: . The user can ask for her information. (As long as we know it is the user, see elsewhere...) . The Arbitrator can ask. (As long as the request is within a duly filed dispute...) The authority is expressed in the Arbitration filing number. . A member can ask about the assurance level (not points) of another member, [[http://www.cacert.org/policy/AssurancePolicy.php#2.3|according to AP]]: ''"A Member may check the status of another Member, especially for an assurance process."'' . An Assurer can confirm the details presented in an Assurance. But this is done through the Assurance interface. Beyond that, we don't have much. Here are some specific cases where there is no inherent authority: * a request from contracted supplier (business partner of some form) cannot be answered by an SE (or other) unless found in one of the above. Hence such a case is referred to Arbitration. * a request by an "official" or "quasi-official" agency. Similarly, refer to Arbitration. [[https://svn.cacert.org/CAcert/Policies/SecurityPolicy.html#9.3.2|Security Policy 9.3.2]] speaks broadly to this: '''''9.3.2. Response to external (legal) inquiry''''' ''All external inquiries of security import are filed as disputes and placed before the Arbitrator under DRP.'' ''Only the Arbitrator has the authority to deal with external requests and/or create a procedure. Access Engineers, systems administrators, Board members and other key roles do not have the authority to answer legal inquiry. The Arbitrator's ruling may instruct individuals, and becomes your authority to act.'' Note that future software revisions (e.g., Birdshack) intend to document the authorities as used, as tokens. For now, we make do with simple substitutes such as the arbitration number. == Communications == In sending email to the member, do this: * always use your cacert.org email address (not your private one nor support@co). * always sign the email, so that the member knows it comes from a proper place * for [[Support/SE/PasswordRecovery]] check special notes. * Your mail and the responses should track on to the private SE's channel. * currently, cacert-support-engineer list. * By BCCing it, or * By manually forwarding it. * Can we use the colours to do statuses? No. === Mailbox Setup === ''This is no longer actively used but each mail sent to support@cacert.org gets recorded there, so it may be used as fall back if there are problems with OTRS and for searching old mails from the pre-OTRS time'' 1. details: * username is support * IMAP only. * password you have to get from t/l. * See [[CommunityEmail]] for most of the details 1. a separate sending-STMP-out service needs to configured in your MUA client. This is because the smtp server rejects your existing one as using your individual user name, not 'support'. * in Tbird, it is Tools/Accounts/ "Outgoing Server (SMTP)" in the list of accounts at left; Add. * username is 'support'; see rest of details at [[CommunityEmail]]. 1. Turn OFF downloading of mail before you connect. * The mailbox is already big enough that it will take hours for your client to download and index it locally. * Also, for security reasons, we don't want all this stuff cached on your machine. ---- . CategorySupport