Category Archives: Policy

CAP-Formulare vernichten

Das Standard-CAP-Formular enthält eine Klausel, dass Sie die Formulare nach der siebenjährigen Aufbewahrungsfrist vernichten dürfen. Dies wird üblicherweise so interpretiert, dass Sie sie in einer “angemessenen Zeit” (ein Jahr als Faustregel) nach Ablauf der Aufbewahrungsfrist vernichten müssen, “es sei denn, ein Schiedsrichter ordnet etwas anderes an”.

Obwohl es dazu keine offiziellen Richtlinien gibt, zeigen einige Schiedsgerichtsurteile, insbesondere a20090328.1 und das Folgeurteil a20090618.3 ganz klar in diese Richtung. (Quelle: Assurance-Handbuch)

Destroying the CAP form

The standard CAP form contains a clause that you may destroy the forms after the seven year period of safekeeping. This is usually interpreted that you must destroy them in a “reasonable time” (one year as a rule of thumb) after the safekeeping period has expired “unless ordered otherwise by an Arbitrator”.

Though there are no official policies about this, some Arbitration rulings, especially a20090328.1 and the follow up a20090618.3, point in this direction. (source: Assurance Handbook)

Disabling SSL3 and 3DES support to improve security for CAcert’s users

CAcert intends to disable SSL3 and 3DES support for its main website by December 1, 2014.

The main CAcert website is currently still supporting the SSL3 protocol for secure connections. However, in  it is shown that SSL3 is susceptible to certain cryptograhical attacks. While does support the recommended TLS_FALLBACK_SCSV option to protect clients with that same protocol option against unintended downgrades to SSL3, this still leaves plain old SSL3 clients vulnerable for the new attack.

Similarly, is currently still supporting the 3DES cipher suite for encyrpting secure connections. However, this provides only 112 bits of security, which is below the currently recommended number of 128. Hence we should disable it to protect CAcert’s clients.

In practice, the only client known to negotiate SSL3 with is Internet Explorer 6.0 as found in Windows XP. Thus disabling SSL3 will block https access for these clients only. Similarly, 3DES will only be negotiated by IE 6 and IE 8 running on Windows XP. Since Windows XP is no longer supported by its vendor, and the widely circulated advice to all its users is to switch to a more recent operating system (or switch at least to a more current browser), announcing termination of support for SSL3 and 3DES by CAcert on December 1, 2014 does not seem unreasonable, and is fully in line with our mission to support the security of its users.

If you want to discuss this issue further, please use the bug tracker created for this issue (

The policy group has started a new vote on “CCA – Update” (CAcert Community Agreement)

CAcert-vote p20140709After a long period of inactivity on the policy side, we are back in
in business again.

In February board nominated a Policy Officer (Eva Stöwe) and this was later
confirmed by a Policy Group vote.

At about the same time an intensive discussion regarding changes to the CCA

There are a lot of changes, some of them being just cleanups or
rephrasing, but there are also some bigger changes.

The central changes are:
– The CCA can be accepted by more ways than currently allowed.
– How CCA may be terminated was greatly rephrased, it now also covers
death of members.
– A clear obligation to answer truthfully before and to help arbitration
was added.

If you want to follow the discussion visit the archive on

The actual version of the proposal is located here:!svn/bc/2568/CAcert/Policies/CAcertCommunityAgreement_20140708.html

Every community member is also invited to participate by joining the
policy group. Just subscribe the mailing list

The state of the voting can be found at

The voting stays open until Sunday 27th of July 2014.

ATE-Wiesbaden, 22. Mai 2014

Am Donnerstag, 22. Mai 2014 findet in den Räumen des CCCMZ e.V. in Wiesbaden das nächste ATE in der Region Rhein-Main statt.

  • Was hast du auf dem CAP Formular hinzuzufügen, wenn du Minderjährige überprüfst ?
  • Warum solltest du dir die 3 Buchstaben: R/L/O einprägen ?
  • Wie verhälst du dich, wenn du ein fremdes Ausweis Dokument zum ersten mal prüfst ?

Continue reading

New Vote on a policy change

The policy group as just created a new vote on “DRP – minor changes, excluding controversial issues”

After one year of no activity on the policy side we are back in to business again.

If you want to follow the actual discussion just visit the archive on

The voting on the motion p20121213 is closed now.

The motion is CARRIED with an overwhelming consensus of 30:0.

Thank you all for participating!

Merry Christmas and a happy new year to everyone!