- Case Number: a20140405.1
- Status: closed
- Claimant: CAcert
- Respondent: Haz H. (name needs to be verified)
initial Case Manager: EvaStöwe
Case Manager: BernhardFröhlich
Arbitrator: EvaStöwe
- Date of arbitration start: 2014-04-05
- Date of ruling: 2014-04-16
- Case closed: 2014-06-30
- Complaint: Revoke my password
- Relief: TBD
Before: Arbitrator EvaStöwe (A), Respondent: Haz H. (name needs to be verified) (R), Claimant: CAcert (C), Case: a20140405.1
History Log
- 2014-04-05 (issue.c.o): case [s20140405.57]
- 2014-04-05 (iCM): added to wiki, request for CM / A
- 2014-04-05 (iCM): notification of R about case
2014-04-05 (A): I'll take care about this case, BernhardFröhlich volunteered as CM
- 2014-04-05 (A): send init mail
- 2014-04-05 (A): proposes to solve problem with pw-recovery assurances
- 2014-04-06 (A): orderd block of account
- 2014-04-06 (Support) account is blocked
- 2014-04-06 (R): declares to be sorry to have entered false data, proposes to move to a new account
- 2014-04-12 (R): asks about status of the case
- 2014-04-12 (A): is sorry for the delay (caused by heartbleed-response), proposes to help R, asks him to enter real data this time
- 2014-04-16 (R): thanks A
- 2014-04-16 (A): ruling, send to R, Support
- 2014-04-21 (Support): informs A that there was no contact from R so far
- 2014-04-22 (R): asks some questions regarding the process defined in the ruling
- 2014-04-25 (R): asks if he can use another email-address or if he should use the primary of the original
- 2014-04-25 (A): preferes if the original primary email address would be used for the transfer process
- 2014-04-25 (R): will use original primary address and change over to the new address after the transfer
- 2014-04-25 (Support): explains further steps
- 2014-04-26 (R): account created
- 2014-04-26 (Support): declares that data entered in new account looks sensible and that the domain was released from old account, which will be closed in next step
- 2014-04-26 (Support): account will be deleted as soon as possible (currently not possible because of a software issue)
- 2014-04-26 (R): thanks for the help
- 2014-06-30 (Support): deleted account
- 2014-06-30 (A): closed case
Private Part
Link to Arbitration case a20140405.1 (Private Part), Access for (CM) + (A) only
EOT Private Part
original Dispute
Support moved the following mail to Arbitration instead of a dispute, because
- Support has no precedents case to fix the passwort reset problem in this case
- The member acknowledged to have entered wrong data in his account which is a CCA violation
> Dear Support, > > My certificate expired. I would like to creat a new one but I cannot > login to my account. I tried changing the password but I got stuck on > the date of birth which obviously I typed random when creating an > account (i was not aware it will be used to verify my account). Is there > a way to have the password reset in any other way? How long does it > take?
Discovery
- R contacted support because he had forgotten his password and could not reset it, because of the random DoB previously entered in the account.
- According to support the names did not look like real data as well.
- When addressed R declared to be sorry about the issue and that the lesson was learned to not enter false data.
- R showed no interst to solve the issue with assurances and preferes to open up a new account
To enter wrong data into the account has to be considered as a violation of CCA 2.3
"2.3 Obligations
You are obliged [...] 2. to make no false representations. [...]"
- When addressed R declared to be sorry about the issue and that the lesson was learned to not enter false data.
- As R showed remorse, the process A defines for R to regain access to the domain can be regarded as enough penalty.
- If no further complications arise no further actions should be taken against R.
- The process for the account recovery should be of two steps so that R only gets access to the domain, after entering convincing data.
Ruling
Regarding arbitration case a20140405.1 I come to the following ruling:
The claimant should contact support with the primary email address and a reference to this mail and ask to get this address released out of his current account.
Support should than hijack the account of the claimant and add an email-address pointing to this arbitration case. This address should be changed to primary email address, and the orignal primary email address should be removed from the account.
The claimant than may create an new account with this email address. He should take care to enter his personal data as it is written in his official documents.
When he has created a new account he should report back to support to get domains released out of his current (then old) account. Support should check if the entered data looks convincing as that of a the claimant and if this is the case remove any domains from the old account. This account should than be closed without further with a reference to this case where needed.
Hamburg, 2014-04-16
Execution
- 2014-04-16 (A): ruling send to R, Support
- 2014-04-21 (Support): informs A that there was no contact from R so far
- 2014-04-22 (R): asks some questions regarding the process defined in the ruling
- 2014-04-22 (Support): explains next step to R
- 2014-04-25 (R): asks if he can use another email-address or if he should use the primary of the original
- 2014-04-25 (A): preferes if the original primary email address would be used for the transfer process
- 2014-04-25 (Support): explains further steps
- 2014-04-26 (R): account created
- 2014-04-26 (Support): declares that data entered in new account looks sensible and that the domain was released from old account, which will be closed in next step
- 2014-04-26 (Support): account will be deleted as soon as possible (currently not possible because of a software issue)
- 2014-04-26 (R): thanks for the help
- 2014-06-30 (Support): deleted account
Similiar Cases