Policy-Discussion

[Ian G <iang AT systemics.com>]

Jens Paul wrote:
> Hi!
>
> First: Sorry for not writing the last days ... I was struck by a pretty 
> bad flu and nailed to my bed :-((
>
> There have been many good points in the discussion. I liked Ian's 
> conclusion to be written down in the policy (at least for an interim 
> solution) and Duanes voting for the counter signing proposal.


It gets better and better ... I'd like to add another 
perspective.


> While I understand Philipp's point of the "less than 1%" isn't that much 
> important, I still have to quote Sven's posting:
>
> > what I mean by "legally binding" is:
> >  1. in case of an assurance, if a court could convict me, if I make wrong
> > statements on the CAP (= Assurance Form), or if it would accept the CAP as
> > a piece of evidence.
> >  2. in case of a signature, if the signature is accepted by a court like a
> > handwritten signature.
> >
> > (1) can be necessary for (2): If I want to prove, that a certain signature
> > is really by the person I want to sue, I may need the CAPs as a piece of
> > evidence. If these CAPs turn out to be signed by minors, they will most
> > probably ignore it.
> >
> > The question is simply, if the WoT should provide a network of statements,
> > which you can use in front of a court, or not.


The answer to Sven's question is "no," (provisionally) if I 
understand it to mean the local court down the road.  You 
can use it in front of arbitration within CAcert, but taking 
it to court will require *both* sides to agree to do that, 
in general.  There are many reasons for this ... and if you 
see it differently, you should yell, because this conclusion 
was arrived at after much discussion over the year 2006.


> Exactly Nr. (2) is my point. As people people in germany easily see that 
> using a CAcert cert means using an advanced cert (whatever the policy 
> says ...) and therefore the evidence of a signed mail is srengthened., 
> they might relly on that fact. But if the assurance was done by minors 
> we MIGHT have a diffrent situation. So using CAcert certs might be a 
> great danger: (1) It is possible that the evidence is strenghtened OR 
> (2) It is possible that the evidence is weakened.


According to the Non-Related Persons "Disclaimer & Licence," 
NRPs are not permitted to rely.

http://www2.futureware.at/svn/sourcerer/CAcert/NRPDisclaimerAndLicence.html

(The document is draft but reflects policy.)

So that leaves disputes between registered users, who are 
permitted to rely on that signature.  However, registered 
users (should) agree to take their disputes to internal 
arbitration.  As internal arbitration works to 
CAcert-created rules (as well as establish law) and as 
CAcert currently accepts minors, we can presume (!?) that an 
arbitrator will err on the side of CAcert policy -- a 
minor's signature is valid, a priori.

http://www2.futureware.at/svn/sourcerer/CAcert/dispute_resolution.html

(The document and policy claim to be "interim" ...)

OTOH, if both sides agree to take the dispute outside CAcert 
and put it in front of their local court, then they are 
going against CAcert practice and policy.  So CAcert could 
quite reasonably say "We tried to create some certainty for 
you in our rules, but if you go and do *that* then you're on 
your own."

OT3H, the two sides could ask CAcert's arbitrator for a 
ruling on the strict nature of the signature, which could 
then be presented as evidence to the foreign court.

Again this is all subject to discussion.  And in any court, 
it is dangerous to predict what the forum decides...


> While we can say that's not a problem of CAcert, I think it is not fair 
> that we put our users in such a risk. If we need to keep that risk (by 
> keeping the youth assurance process as it is) we need to clearly warn 
> our potential users about that fact. But not by writing it down 
> somewhere. Instead we need to write it somewhere where it is clearly 
> seen, maybe on the CAP forms. But if we do so, we are at the point that 
> our applicants start ID checking their Assurers and rejecting youth 
> assurances as well ....


I wonder if it is covered by the above.  That has curious 
ramifications for the cases that you've explained.


> I already posted my opinion about it, so no need to say it again. What I 
> am still missing by those who want to keep it "as is", is a statement 
> how we could avoid our users to be in such a situation ...


I think it might circle back to that old chestnut:  does 
CAcert issue (**) Advanced Signatures, and can the German 
provisions apply...  If the answer is YES & YES, then we 
have a problem for the rest of the world...

iang


** wrong usage there, but never mind...