Policy-Discussion

[Daniel Black <daniel AT cacert.org>]

On Saturday 27 March 2010 12:26:25 Ian G wrote:
> On 27/03/2010 11:42, Daniel Black wrote:
> > I think that bugged me while doing root key escrow procedures 9.2.3.
> > 
> > 9.2.3.  Recovery
> > Recovery must only be conducted under Arbitrator authority.
> > 
> > I don't know why this is here. There will be procedures for subroot
> > generation so I'm not sure what arbitrator control is required. Really
> > only board control is required to recover as it follows on from 9.2.4
> 
> It's because the Arbitrator is used to evaluating issues such as these,
> and is better at it than the board is.

I'll slightly sceptical about Arbitrators being better at evaluating these 
given the number of outstanding name issues.

Just to clarify - I'm reading Recovery - as any process that takes a 
root/subroot from its secure storage and makes it operational for a brief 
time 
before sending the root/subroot back into archive.

> > replace to "Recovery must only be conducted under board control"
> > 
> > 9.2.4 Revocation is oddly enough blank.
> > 
> > My suggestion here is as we the rest of root processes are under board
> > control this should be also.
> 
> As above.  It's blank because there is nothing to say as yet, and
> therefore the SM is expected to fill it out.

by who? anyone with wiki access? At least say who has responsibility here.

> If in the process we
> discover something that should be in the Policy, then over to policy
> group it goes.

or we could just alter the SM so say anything we want in all these blank 
sections without any policy group oversight. I'm sure this isn't the intent.

> > "Revocation of root and subroots must only be performed under board
> > control"
> > 
> > Arbitration isn't required. It will be a decision of the board based on
> > evidence and it isn't an abnormal procedures - only hopefully a very
> > infrequent only.
> 
> Indeed, it's based on evidence, and policy,

So 9.2.1 the board can decide to issue new roots but it doesn't have the 
authority to revoke the old root/subroots?

Given its need to be undertaken fast I envisage a board approved procedure 
for 
the revocation. The evidence required for the decision had better be fairly 
conclusive so even a dumb board can make the decision.

At least the board is more liable than arbitrators for a wrong decision:

http://www.austlii.edu.au/au/legis/nsw/consol_act/aia2009307/s33.html

A committee member of an association  who ... caus[es] detriment to the 
association is guilty of an offence (Maximum penalty: 240 penalty units or 
imprisonment for 2 years, or both).  1 penalty uni t is $110 (Crimes 
(Sentencing Procedure) Act 1999 No 92 section 17)

> and the Arbitrator is well accustomed to dealing with these things.

The 3 active Arbitrators and looking at the categories of closed tasks I have 
doubts here as to their frequently dealing anything significantly impacting.
http://wiki.cacert.org/OverviewProjectsBoard

> It is an unusual procedure

hopefully unlikely - but well planned.

> because it is one that isn't supposed to happen, and needs complicated
> thought, so again this is better off in the Arbitrator's hands.

It needs the board to issue new ones. it needs speed of operation. 
Complicating it with more people despite the arbitrators proficiency is a bad 
thing.

> Putting the unexpected and unusual in the hands of the Arbitrator was
> one of CAcert's biggest successes.

they can deal with all the name changes, assurance errors, disputes, 
background checks all they want. All of these are a success. None of these 
are 
irreversible or time critical.

> Boards plural have shown themselves
> unable to deal with these things.  Arbitrators on the other hand have
> shown themselves able to read and interpret policies, and make decisions
> within them.
> 
> Boards are better off doing what boards do best:  managing the business.
as best they can in limited time.

>   Arbitrators are better off doing what they do, dealing with the
> exceptions.
in making proper precedents in the fullness of legal time.

-- 
Daniel Black
CAcert

Attachment: smime.p7s
Description: S/MIME cryptographic signature