Ĩesky | english
TTP-User
All you need to know to get assured under the TTP-Assisted-Assurance program
Contents
How the TTP-Assisted-Assurance program works
The TTP assisted Assurance is a program of CAcert to establish assurances in areas where you do not find a CAcert assurer in a reasonable distance, to get more members in these areas.
You always should try to find a CAcert assurer before you use the TTP-Assurance. It might be possible to combine a business or vacation trip with the possibility to get assured at your trip destination. Or maybe an assurer does a trip into your area.
As CAcert is based on a Web of Trust (WoT) there is the need to establish this trust with a face to face meeting (F2F), normally with another CAcert member. If there is no CAcert member available, one part of the F2F meeting can be conducted by a Trusted Third Party (TTP) which is approved for your area.
Basically the process is the following.
If you want to get assured, you are a TTPUser. First you need to inform yourself about CAcert and also about the TTP process.
Then you need to fill out the first part of the TTPCAP form (Trusted Third Party CAcert Assurance Program) but you do not sign the form at this stage of the process.
With this TTPCAP form you meet with the TTP. The TTP checks your identity with at least one official government issued ID document with a photo. This check is recorded on the TTPCAP form. Then you have to sign in presence of the TTP a few statements on the TTPCAP form to make sure you know about the main aspects of CAcert. The TTP confirms that he witnessed your signing on the TTPCAP form. The TTPCAP form is now send via postal mail to CAcert.
After arrival of the TTPCAP form, a TTP Admin takes it, checks if all requirements for the next steps are fulfilled, especially checks if the TTP is duly authorised for your area. If the check is passed, the TTP Admin enters the assurance into the system and grants up to 35 points.
If you want to be able to get personalized certificates, you need to get at least two assurances of different persons. In the case of TTP Assurance you need to go to two different TTP.
The main aim of the TTP Assurance program is not only to provide people the chance to get personalized certificates but also to get new assurers. Therefore there is a further step available: the TTPTopup.
Normally the way to become a CAcert assurer is the following:
You need at least 3 assurances with a F2F meeting and you have to pass the CAcert Assurer Challenge. The assurer candidate sees in a normal assurance the steps how an assurance is conducted. This is not given in the case of TTP Assurances. There the TTPTopup steps in. A TTP Admin acts as a tutor for the process of a TTP user on becoming an assurer.
The TTP Admin trains the TTP user in one or more online sessions in the assurance process (educated assurance). The TTP Admin instructs the TTP user to start the CATS test.
If passed, this 3rd TTP-admin reviews the 2 previous TTP assurances and collects additional evidence about the Community part of the assurance process from within the online sessions with the TTP user and grants up to 35 TOPUP points, that qualifies the TTP user to become an assurer.
The whole TTP process to become a CAcert assurer is given here
.................................................................. : : TTP (A) ----:--> TTP-Admin (1) --> 35 points max : / : \ : Assuree = - - - -: - > =-----------------> TTP-Admin (3) --> 35 points max : \ : / (Topup) : TTP (B) ----:--> TTP-Admin (2) --> 35 points max : : : :........ CAcert internal .......................................: | | | max points 0 ------------------------> 70 --------------------> 100 | + CATS --> become an Assurer qualifies for | ------------------------> | --------------------> | Certs expires after Certs expires after Assurer candidate 1/2 year 2 years + Code Signing
There have to be 2 different TTPs and there also have to be 3 different TTP Admins in the process.
Is this program applicable to you?
If you have checked that the TTP program is available in you country and that there is no assurer near your location or no assurers near by respond, the TTP program is the one to take.
Preliminaries
If you are familiar with the CCA and you can confirm the four statements in "What to consider", you should decide whether the program is applicable to you. If you feel unsure, please ask your questions either to our mailing list support@lists.cacert.org or ask them in the IRC #cacert. If you use the IRC, keep in mind that most of the users are located in Europe, so there might be problems with being in different time zones.
Are you living in a country where the TTP assisted Assurance program is applicable?
Have a look if there is a TTP program for your country in the list of approved TTP.
If your country is not listed here, please further check the Q&A section.
Checklist for the TTPprocess
Get familiar with CAcert and read the CCA http://www.cacert.org/policy/CAcertCommunityAgreement.php
- Create an account with CAcert
Write an email to support@cacert.org and ask to send you a TTP-CAP-Form
- Find a TTP and schedule a meeting
- Print the TTPCAP Form and the CCA
- Go to the meeting with the TTP
- The TTP sends the fully filled TTPCAP Form in an envelope prepared by the TTP user to the TTP Admin
What you should consider before contacting a TTP
Make sure you are familiar with the CCA http://www.cacert.org/policy/CAcertCommunityAgreement.php
You know about and understand the part of risks, liabilities and obligations (R/L/O) stated in the CCA 2.1/2.2/2.3.
You know about and understand the part of internal arbitration as stated in CCA 3.1.
Within the TTP meeting you need to confirm the following statements:
- I confirm that I agree with the CCA and accept the CCA.
- I confirm that I am aware of the R/L/O resulting from CCA 2.1./2.2./2.3
- I confirm that I am aware of the CAcert internal arbitration and accepts the internal arbitration from CCA 3.1.
- I confirm that the email address placed in the CAP-form is used as primary mail address for my account as long as the TTP assurance process is running and that I know that I need to have a working email address as primary address in my CAcert account.
So if there are questions here, ask these questions prior to your visit to the TTP, because a TTP probably cannot give answers as he is not involved into CAcert. His duty is only to confirm your identity and your statements towards the CAcert community. Please address our questions either to our mailing list support@lists.cacert.org or ask them in the IRC #cacert. If you use the IRC keep in mind that most of the users are located in Europe and there might be problems with being in different time zones.
Questions and Answers
Where to find CAP forms?
Do I have to contact a TTP Admin?
What, if I'm below age of 18 years?
What, to do if there is no TTP available?
What is done with my data?
What is the TTP TOPUP program?
How to apply to take part in the TTP TOPUP programme?
to be continued
Where to find CAP forms?
Q: Where to find CAP forms?
A1: There is a first draft CAP forms for TTP-Assisted-Assurances (WIP) of a TTP-CAP form. As there is no online TTP CAP available you have to request it via support.
A2: You have to request a TTP-CAP-Form with an email to support@cacert.org.
Do I have to contact a TTP-Admin?
Q: Do I have to contact a TTP-Admin?
A1: No. - Usually there is no need for a TTP user to get in contact to the TTPAdmin. If the TTPAdmin needs information he will get in contact with the TTP user.
A2: After you request for a TTP assurance by sending an email to support, a TTP Admin gets into contact with you and sends you the prefilled TTP-CAP-form.
What, if I'm below age of 18 years?
Q: What, if I'm below age of 18 years?
A: Currently the TTP assisted Assurance program is under deployment. The Assurance of Junior members follows another special assurance program. So therefore the deployment of U18 program under TTP assisted Assurance is delayed and therefore currently not yet applicable.
What to do if there is no TTP available?
Q: What to do if there is no TTP available?
A: Probably there is not yet a deployment for the TTP program for your country. To start a deployment for your country, you can write an email to support. They will forward your request to the appropriate mailing lists.
- How can you assist in deployment?
- * Do you have useful information about possible TTP in your country?
- * Do you have assurer contacts within your country or from other countries?
- * Do you have contact to a possible TTP e.g. Notary Public who is willing in answering questions regarding TTP deployment for your country ?
What is done with my data?
Q: What is done with my data?
A: The TTP-CAP form is kept by the TTP Admin for 7 years. After that period the form will be destroyed in a secure manner. The TTP Admin assures that only authorized parties are able to access the TTPCAP form according to definitions under Assurance Policy section 4.5: The CAP form
What is the TTP TOPUP program?
Q: What is the TTP TOPUP program?
A: CAcert encourage each new user who asks for assurances also to become a CAcert Assurer once the user has been fully assured to support CAcert in his local area by giving assurances so that the more complex TTP process is no longer required for new other users especialy in CAcert desert areas.
- The TTP process allows a max of 2 TTP assisted assurances. So the aim of the TTP TOPUP programme is to close the gap between 70 points gained by TTP assurances and the need for 100 Assurance points (one of two requirements) to reach the CAcert Assurer status. During the TTP TOPUP process you get trained via mail and voice so you become able to perform a CAcert assurance after this process.
- You need to proof that you are familiar with:
the CCA CCA http://www.cacert.org/policy/CAcertCommunityAgreement.php
- the process how to verify the identity of a person
- the CAcert arbitration
- how an CAcert Assurance is entered into the CAcert web database
The process is lead by the Educated Assurance (for further reading)
How to apply to take part in the TTP TOPUP process?
Q: How to apply to take part in the TTP TOPUP process?
A: There are two options:
- Request a TTP TOPUP in the initial TTP assurance (then the TTP TOPUP process is queued until 2 TTP assisted assurances have passed)
Later you can request for a TTP TOPUP once you've received two TTP Assurances you can apply to take part in the TTP TOPUP programme with a mail to support@cacert.org.
- The preconditions for starting with the TTP TOPUP process are:
- you've passed 2 TTP assurances and received 70 Assurance points
- you've still received less than 100 assurance points
WIP
TTPs Approved List
A list of TTP's that are accepted by CAcert.
The old Assurers TTP Matrix is only a suggestion, from the old days program that needs to be get approved. Needs the TTP to be registered in a register that can be checked by a TTP-Admin?
Where to find a TTP?
Questions that needs to be answered on this page
Is this program applicable to you ?
{+}
Are you living in a country where the TTP assisted Assurance program is applicable ?
{+}
What you should consider before contacting a TTP?
{+}
Which TTPs can you contact? Where to find a TTP?
{+}
Where to find TTPCAP forms?
{+}
How does the TTP assisted Assurance program work?
{+}
Do I have to contact a TTP-Admin?
{+}
What is the TOPUP program?
{+}
What, if I'm below age of 18 years?
{+}
What, to do if there is no TTP avialable?
{+}
What is done with my data?
{g}
more questions ?