Policy-Discussion

[Eva Stöwe <estoewe AT cacert.org>]

Dear Alex,

> Including the death of a member as a trigger is sufficient to meet that 
> demand.
> 
> However then leaving it with a non-existent  policy as to what the 
> response to that trigger should be negates that.
> 
> Therefore please either define the subsidiary policy - or leave the 
> current text alone (or put it into in a "stub" policy) - you can always 
> come back to it later.

It's not a "you" it's a "we". And also as long as there is no policy
installed there will always be arbitration. 

But leaving it with the arbitrator just does not work. And you are one who
was strictly against death being a trigger - it also cannot be if it s left
with the arbitrator, because either the death is the trigger, or the
decision of the arbitrator. And there is no way that a death automately
activates an arbitrator or an arbitration case.
 
>> There is also no reason for sharing of an account (assisting someone 
>> with the access for example because of medical reasons is not sharing!).
> 
> Hmm... then perhaps what YOU mean by "sharing" is not what I mean.... so 
> warrants clarification. If anyone else has access to the account or to 
> the machine, the account's security  becomes questionable. This could 
> (I'm not saying it will!) easily occur in the example above or in the 
> case of multiple users on a single machine or even in the case of the 
> theft of a machine.

No. 

a) Sharing a machine is not sharing an account.
b) Sharing is something intentional, theft is not - at least if one takes
some sensible precautions
c) Assisting someone with access does not need to involve any sharing. It
may be that only the assistant has actual access to the account but only
data of the assisted person is handled and it is only the will of the
assisted persen relevant (or whoever may voice the will for the assisted
person).


>> It would contradict the ideas of our accounts, the definition of a
>> member in CCA and the idea of AP. It also contradicts our privacy and
>> security ideas of not sharing personal information (in the case of
>> assurances) and to keep precautions that someone else can impersonate
>> oneself.
> This comes back to 2.5 as it stands - "reasonable precautions" should be 
> taken by an account holder.
>> Accounts do not cost anything, one even can have multiple ones for
>> different contexts or whatever.
> I actually have greater issues with this than with "sharing" - whatever 
> we may decide that means. I'll leave that as a matter for another day 
> though.

It is already there and nobody suggested to change it. IMHO It is probably
one of the best parts of the CCA.


>>> 2.5b Various countries - certainly including UK and US (and I think AU)
>>> have legislation in place that can enforce surrender of keys allegedly
>>> for anti-organised crime and anti-terrorism reasons in their
>>> legislation. Given this, *I'd prefer not to add such a clause*,
although
>>> I could "live with it under protest". If such a clause is put in place,
>>> I'd suggest that this perhaps needs to be considered, and that
direction
>>> be given to clarify what action a member of the community should take
it
>>> it did. I also think we would be on "dodgy ground" if such legislation
>>> applies to NSW-AU as we take that as our "governing law"!
>> Those laws are part of the reason why people not living there (and
>> probably also people living there) come to CAcert for certificates,
>> because it is one of the few CAs not based in the USA so that such laws
>> are not the basis of the CA. And our RA is spread out so that it cannot
>> be affected as easily by such laws.
> Even in Germany you are likely to be affected by this - there are 
> various German organisations that may have this type of power (BfV and 
> BND come to mind) and there is a considerable amount of EU legislation 
> that's at least related as well.

No they have not. Not legaly. Neither has EU legislation. 

Nobody may force me to hand out my private keys under German or EU law. Not
even a judge. 

(Well, at least not any private key that is not stored on a device owned by
someone else - so I may have to hand out that device.)

> You make sweeping assumptions here as to why people choose to come to 
> CAcert - I suspect that the vast majority of people don't even consider 
> them. They may be your reasons - but they are not mine!

No. But when I speak about reasons why people joined CAcert recently, this
reason is a major one.

If you just want to have free certificates there are other - more
professional CAs that even are in the browsers.

> Regardless of that, it makes no difference to the individual - they are 
> still subject to the laws of their land, whether you like that or not. 
> The CA doesn't hold the keys, the individual does. The only choice the 
> individual will have if their keys are demanded by a competent legal 
> authority in their country is to either comply with the law  and break 
> CAcert's rules as proposed or to face fines or jail for breaking the 
> law. This is the place to make that clear and possibly to provide 
> explicit guidance.

This may be the case. And there even may be people who will decide one way
or the other or destroy the keys or whatever. 

The consequences of such action from the point of view of CAcert would have
to be decided by an arbitrator who would cosider the whole situation and
decide based on that. 

Also NSA & Co are by way not the only "persons" whom one can share keys
with. There are enough other situations covered by such an addition which
would make it worth to have something installed.

If we do not define something like this, CAcert may be reliable for such a
break under continental law for everybody (external) who was relying on the
certificates - which is a much greater legal issue than how to treat
someone in such a case. And for those external persons probably continental
law would apply. Especially as our servers are in NL.

> As far as I am concerned, 2.5 works reasonably well as it stands and 
> thus is in no real need of change!

As I said in the side-discussion. The fact THAT you read that above sharing
is currently allowed is the reason why I think that it does not work. Else
I would agree with Benedikt.

-- 
mit freundlichen Grüßen / best regards
Eva Stöwe
CAcert Assurer
CAcert Arbitrator & Case Manager
CAcert.org - Free Certificates
E-Mail: 
estoewe AT cacert.org