## was copied from /ThawteNotary ||'''NOTE WELL: This Programme is Suspended. ''' || || [[https://community.cacert.org/board/motions.php?motion=m20090928.1|m20090928.1]] || ---- = How to Access the Tverify System = <> == I used to be a Thawte Trusted User : Does this help me become a CAcert Assured Member? == '''NO!''' The Tverify programme was suspended as of 20091116. [[https://community.cacert.org/board/motions.php?motion=m20090928.1|m20090928.1]] == I got points from the Tverify Programme, what happens to them? == || /!\ '''All Tverify points as above will be deleted late 2010''' /!\ || You have a year to find some more CAcert Assurers. == Is there any Certificate Authorities that can be accepted for point transfer ? == Not at the moment. If the process is similar to our CAcert Web of Trust process, and we can determine the details to meet the policy requirements, then we can consider adding it. === Can I do a Cert Login to CAcert.org with my Certificate from another CA? === No. Notes: * Question: ''Is there any chance of getting the certificate login to work with Certs from another CA? like the tverify portion of the site?'' * Answer: ''Yes and no...'' * Longer answer: ''Technically it's possible, but from the point of trying to increase the number of certs we have issued it's not a good idea as it wouldn't promote the use of our client certs...'' * Audit answer: ''it makes reliance on the person much harder.'' === Is any CA covered by the Tverify Programme? === Not currently. See [[Brain/Study/AuditNextSteps/Tverify]] for any progress. ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- = Beyond Today -- The Past = ''The rest below is ''historical information'' which is no longer reliable.'' == I am a "Trusted User" : Can I be recognized as a CAcert Assured Member? == || '''''OLD DEAD INFO''''' || Under the old Tverify it was possible for trusted users to get 50 [[Points|Assurance Points]]. As a WoT Notary, up to 100 [[Points|Assurance Points]] ! || You provide : || How many assurance points you get ? || comments || more comments...|| || your '''assured''' otherCA X509 cert plus some evidence of Date of Birth. || '''50 ''' || If you are a verified user, you can get 50 CAcert Points for connecting to the CAcert website and telling your browser to send your certificate details. || Provide evidence of Date of Birth. ''[[Iang]]: how?'' || || A '''Notary''' listing entry || ''' +40 ''' || If you were a Notary, and you provide your Notary listing entry URL, then you will get another 40 points. || ''[[Iang]]: why 40? why not 50? below it says 50...'' || As your request is '''reviewed by real people''', it may take some time before you get the extra points over 50. So do not worry, the reply will come as soon as possible! For more details go [[Tverify]]. == I am a Notary : Can I be recognized as an Assurer? == || '''''OLD DEAD INFO''''' || No. In order to become a CAcert Assurer, you have to collect 100 Assurance points (possibly by the above process) '''and pass the [[AssurerChallenge|Assurer Challenge]].''' Tverify only helped with Assurance Points, you have to do the Challenge by yourself! == Can I keep my already collected CAcert Assurance points with Transfered points? == || '''''OLD DEAD INFO''''' || No. If you plan to be assured by a CAcert assurer, you can do it after you get points via Tverify. Example : * you have zero assurance points * step 1 : get 50 assurance points from T transfer * step 2 : get another 50 assurance points from CAcert assurers So you'll have 50+50 = 100 points. The opposite way is *impossible* :( Example : * you have zero assurance points * step 1 : you get 50 points from CAcert assurers * step 2 : you get 50 points from T transfer So you'll have 50+0 = only 50 points as T transfer points do not accumulate with already existing assurance points. However, note that all Tverify points as above will be deleted late 2010 /!\ so it is best to get assured by CAcert assurers anyway. If you can reach a few of them it may be easier all round if you do that instead of using the Tverify process. == Warning == || '''''OLD DEAD INFO''''' || Before starting the Tverify process, the user is highly encouraged to mention his CAcert main email address on the T..... notary directory. Of course, the user can remove the email address after this process. Should you change the details of your T Notary listing, such as to add your email address, your listing will be pulled from the Notary directory until such time as the change has been approved by T. This could take as long as a week. == Troubleshooting == || '''''OLD DEAD INFO''''' || === You must load a valid T email cert in your browser first === This site expects that '''you had a T certificate loaded in your browser's certificate cache'''. If you receive an error -12xxx trying to load the site, it means that your browser was unable to present a T certificate. Notes: * Doesn´t work with Mozilla! With IE it works. ''Jens Kühnel'' * Did not try with Mozilla, but Firefox works. ''Christof Dallermassl'' * When requesting the T certificate with Mozilla/Firefox, do not restrict the "Netscape Certificate Type" to "S/MIME". That means it will not work for "SSL CLient Authentication" (but this is needed for verification). ''Thomas Henlich'' === What is a Notary URL? === You should have something like ht tps://www.thaw te.com/cgi/personal/wot/dire ctory.exe?node=00000 where 00000 is the node number where you appear in the notary map. === What passphrase should I use, do I make one up? === || '''''OLD DEAD INFO''''' || Use the passphrase that you would normally login to CAcert with, not T. The name on your T cert should match the name you have listed in the CAcert system. = CAcert Tverify team = == What is the process for people checking requests? == || '''''OLD DEAD INFO''''' || There will be up to 2 pieces of information in each request: * Details extracted from a T Certificate (name, email address etc) * T Notary URL Once you receive a request you need to verify the name and hopefully the email address of the notary exists in the URL presented, if not reject the request and state the reason as unable to locate. If details match 100% there should generally be no reason to reject requests, but as always, if in doubt ask the mailing list or reject the request asking for further clarification, there is no harm in trusting people, but always verify! Usually there are no more then a handful of requests per week, other times there won't be any for a few weeks, and it shouldn't take more then a minute to process each request. == Transfer Process behind-the-scenes... == || '''''OLD DEAD INFO''''' || Tverify Notifications come with 2 links in the email One is the person's T listing; this should be verified to make sure they are indeed listed. Another link will be the CAcert link to VOTE on the application. If there is any reason to doubt the assertion, or any other reason you would decline the assertion in person, then you vote it down. You may also put in comments as to WHY you voted the way you did. As far as finding their data on the website? T now has a search by name for Notaries, you can also search by location which should be listed on their ID. But really part of the application is that THEY provide a link to their T Notary listing, like this... ht tps://www.tha wte.com/cgi/perso nal/wot/directory.exe?node=12345 So, we know that by signing into https ://tver ify.cacert.org that 1. they have possession of a cert issued from T 1. the person named in the cert has been verified by T's Web of Trust 1. at least 1 of the emails listed is valid in that cert belongs to a CAcert.org user It's up to us as voting members to verify the details that can't be programatically handled, that means checking the ID, and signing into the T site and validating their name is listed as a notary. As a side note, if a T user with only 50 points (verified user but not a Notary) signs into tverify, the system will automatically assign them 50 points, as all the checking can be done automatically.