CAcert System Admins discussion list

[Ian G <iang AT cacert.org>]

On 16/05/11 6:51 PM, Wytze van der Raay wrote:

> While we are losing Stefan as critical sysadmin, it would seem to us that he
> could be *very* useful for the critical sysadmin team in a new role, namely
> as (Oophaga) Access Engineer. Stefan is quite willing to pick up this new
> role. An initial float of this idea among two existing Oophaga access
> engineers raised considerable enthousiasm with them too. So unless someone
> can bring up serious reasons why this would *not* be a good idea, I would
> like to propose this to the CAcert board.

Let me play the security devil's advocate here.

Is there a conflict between his access as a BIT employee, and his access 
as an Access Engineer?

One of the things that made BIT work was that they have no general 
reason to access the rack [1].  All the staff know this.  So any attempt 
by any party to bypass our access engineers by using BIT employees will 
be something that is against our rules.  They all know it is a CA, it is 
a high-security rack.  (It might be the only one!)

Knowing that no staff member should ever be in there is a big protection 
for us.  It means that all the other staff members will know something 
is wrong ... and report that person.  There are lots of Assurers in that 
building, so they have some incentive to do the right thing.

This effect may be lost if staff members are also in there accessing the 
machines.  With or without anyone else... There is no need to report, as 
the staff member is supposed to be in there.  Meanwhile, we might not 
know... as he might not be working to our interests.

Another way of looking at this.  If the principle is good, if BIT 
employees can be Access Engineers, then why haven't we recruited the 
other Assurers in there to be our AEs?  Indeed, do we even need AEs?

The answer to that is probably that we don't want anyone from BIT having 
access.  On a logical basis, as once they have some access, it can be 
easily argued as some other access.  This is how SP is written.

A third way:  are there other ways to help?  I've always felt that the 
channel to BIT was choked and unavailable to CAcert.  We had to ask 
questions of Oophaga who would sometimes not respond.  E.g., I 
frequently asked what the situation was with keys, never got a real 
response.  It took a couple of years to find out what their audit was 
about.  Having someone inside BIT who we can talk to directly would make 
matters much easier.  Just a thought.

iang

[1] I'm skipping some details here...

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature