Policy-Discussion

[Jens Paul <cacert AT canyonsport.de>]

Hi!

> > > > If I got it right, the majority liked the idea that "under 18" 
> > > > Assurers should only be allowed to assure people if their Assurance 
> > > > is countersigned by an "over 18" Assurer guardian.
> > > >         
>
>
> I would say that if CAcert went with this idea (still under 
> debate) then it might be better off if the Youth Assurer's 
> papers were countersigned by *any* Assurer.  Just trying to 
> think practically here, I think having to tow ones pet 
> Guardian around could be annoying to both pet and Youth.
>   

Agreed.

>   
> > > I was wondering whether the Assurance itself was counter-signed, or 
> > > whether there is a once-only Guardian Assurer who signs the Youth 
> > > Assurer into the system?
> > >   
> > >       
> > Well, if you only "sign the youth assurer into the system" what does 
> > that mean? Are you then liable for any action the youth assurer does?
> >     
>
>
> A Guardian would pick up any additional risk, yes.  If it is 
> not picked up by the Guardian, then it is picked up by ... who?
>
> (I'm assuming that the youth has no normal legal liability, 
> in this conversation ... I think that is a good baseline 
> from which to work in developing the policy.)
>   

Exactly my question :-)

>   
> > If 
> > so I'm pretty sure that we won't find any guardians to take such a risk. 
> >     
>
>
> Well, that's an issue, indeed!
>
> If then we can't find anyone to take on that risk, why is it 
> that we as a community are taking on the risk jointly?
>   

If we can make sure that those assurances are supervised ...


> > I think if we really wanna avoid the missuse by those youth, we need to 
> > have a guardian sign every single assurance or we won't avoid any 
> > missuse at all.
> >     
>
>
> OK, so we have two different concepts here.  Both 
> dramatically different...  and therefore we will have to 
> search for more consensus in the policy group.
>   

Seems that no one is joining in :-)


> There are now 4 options:
>
> 1.  Have a Guardian sign a Youth Assurer into the system, 
> and Guardian picks up the residual liability not 
> attributable to the Youth Assurer.
>   

I don't think we find anyone taking all the liabillity for a stranger on 
his shoulders ...


> 2.  Have a Supervising Assurer add a countersignature on 
> every assurance done by the Youth Assurer.
>   

I like this idea, but is it possible and controlable?


> 3.  The null option -- we leave the system as is, with Youth 
> Assurers limited to 10 points, and that's it.
>   

Than we keep all those problems. Big NO from me-


> 4.  The zero option -- turn off all Youth Assurance.
>
>   

I don't like loosing all those youth assurers, but I think it is the 
only way we could handle that issue.


> Well, this is a fact of life.  We have this situation with 
> the entire CA -- we are building a system to cope with 
> stopping the 0.1%, while keeping the 99.9% assurers working 
> and certs being delivered.
>
> The only difference between Youth Assurer and an (adult) 
> Assurer is that the former has less liability, and the 
> latter has more liability.  As CAcert has structured the 
> organisation to work with much reduced levels of liability 
> any way, I'm not sure that this difference is so dramatic as 
> causes us to take huge steps to avoid it?
>
> That is, we all know minors can't sign contracts.  So what? 
>   What is the real problem that will occur, and why can't we 
> fix it with our *normal* systems?
>   

Yes, minors can't sign contracts, but adults can. Remember the german 
situation we talked about. In our discussion we concluded that a CAcert 
cert is an advanced cert in the meaning of the german law (not a 
qualified one!) even if the policy says it is not.

From that point, we concluded that the usage of such an cert strengthen 
the use of a signed mail as evidence.

So for example I use CAcert certs to strenghten the evidence of my 
mails. But if this cert was assured by a youth assurer will it be still 
called "trustworthy" by a court? If not, while I expected a strenghtened 
evidence I got a weakened one. So as a "user" of CAcert certs I need to 
check the age of the assurers to decide wheter my certs are good or not 
to strengthen an evidence. Tough decission then.

Or the other example was that a bunch of criminals hire some youth 
(which cannot made liable as we assume) to issue fake certs which they 
for example use with spam mails (especially nice when we are in the 
browsers) or anything else. As soon as we know we can block those certs 
and the yout assurers, but "seconds" later they hire the next youth. So 
my main point was that this could lead to a point which makes CAcert 
certs totally useless.

So yes, CAcert limited it's own liabillity. But we should think about 
those guys using our certs as well ...
> > OK, than direct question: would YOU in person accept that you are liable 
> > for ANY fake assurances "youth 1" does?
> >     
>
>
> Sure.  As long as I did my due diligence on "youth 1" ... 
> things like checking he has done the education, passed the 
> test, and appears to be a reliable, calm, thoughtful and 
> attentive youth ... Ok, so full points in the latter might 
> be pushing it, but I settle for a 50% pass and a good grade 
> on the Assurer test :)
>   

Than we should work together. I know a lot of youth you can pas that 
test and after that giving them 50€ they are willing to issue whatever 
cert I like ....

> I do not see it as any different to giving driving lessons. 
>    "Sure, I'll take you for a driving lesson" is something 
> that an adult would say to some kid around the neighbourhood 
> who they've known for a few years.  I've given quite a few 
> kids lessons on driving, and the issue of the driving 
> instructor being totally responsible makes me think more 
> carefully, but it doesn't make me reject it out of hand.
>   

As you said: "I'll take you" which means that you are nearby and at 
least a little in control. Or do you say: Sure, take the car and do 
whatever you like, I stay at home?


> Oh, a stranger, no.  But this needs to be explained.
>
> "You are taking on the responsibility for the Youth's 
> actions.  Be sure that you are familiar with the Youth, and 
> you have made a judgement that the Youth can fulfill all of 
> CAcert's requirements, both in the letter of our law and the 
> spirit of our community!"
>   

Would be fine for me, I just don'Ät think that many are willing to do it ...

> > Oh, you mean that wiki which calls itself "unoffical FAQ"? That one 
> > totally outdated? That one were the core team always says "it doesn't 
> > matter what's in the wiki, only the policys count? Sorry Ian for being 
> > such direct, but if we really talk about the wiki for such things we 
> > should make clear that the wiki IS the opinion of CAcert and we need 
> > some quality control first ...
> >     
>
>
> Well, ok, maybe we are all pushing each other to improve it ;)
>
> As I understand it, the wiki *is* the opinion of CAcert ... 
> the core team members tend to watch all changes to it ... 
> and there are some policy statements on there.
>
> Are you saying that it doesn't count?  I think it counts, 
> myself, but I agree that the policy documents (CPS, PoP, PP, 
> SM, ...) are "dominating" docuemnts (to use the phrase).
>
> Also, the notion is to start a policy document, and then 
> migrate it into some more formal version.  The policy will 
> become accepted long before the document is cast in 
> concrete, I suspect.
>   
If it does, take out the "unofficall" ... and by the way there many 
different opinions about the same topic within the wiki. I'm not sure if 
it's still there, but a couple of weeks I found one entry saying you 
must check at least 2 photo-ID cards and another one saying that you 
should check at least one photo-ID card. So even this small topic could 
lead to discussions between junior assurers not knowing what to believe 
in (and here we come to the point of my other topic ...).

Greetings
Jens
begin:vcard
fn:Jens Paul
n:Paul;Jens
org:CAcert Inc.
email;internet:cacert AT canyonsport.de
title:Education Officer
version:2.1
end:vcard