Document preparation

This page is the wip of a text for the Executive's annual report for AGM.

ToDo

(put completed actions at next) See also AGM/Next for other work.

Questions

Complete



Text

Abstract

The big project of the period was the moving of the critical systems to their final home in Ede, Netherlands.  With planning stretching over 6 months and a dozen volunteers working to make it happen, the move went without a hitch and downtime of less than 24 hours.  The new critical systems team then spent 6 months in working up to the initial audit steps.  In other technical developments, two attempts to create new roots brought us closer, but not completely there.  Also, the first big steps were taking in creating a large and active infrastructure team, and the first small steps in a software team.

During the year, the policy group passed into DRAFT three key documents, being the Assurance Policy, the Security Policy and the long-awaited Certification Practice Statement (or CPS).

With Assurance on a good policy footing, the audit reviewed much of the Assurance side across Europe, and started on systems.  Unfortunately the audit work triggered a dramatic call on more resources than could be delivered, and audit terminated unsuccessfully in June 2009.  This caused some rethinking by the community, and a new committee was installed in the July 2009 SGM, which team lead forward in building the human and system resources needed to meet the heavy audit demands.

From the Committee of CAcert, 201001xx

Hereby, the Committee of CAcert Inc presents its executive report to the members of Association, and by extension, to the entire Community of CAcert. This report is over the period 20080701 to 20090725, being the date where the previous report left off, up to and including the SGM of 2009.

Signed, all? one? CARS

Introduction

The work of the entire community is broken up into 3 approximate areas: Systems, Governance, Community. These can be termed as such:

  1. Governance: Committee and Executive Work, Arbitration, Policy, Audit. This part approximates Brain.
  2. Systems: Systems (critical, access and infrastructure), Software (php & BirdShack). This part approximates Technology, and is the parts most effected by Security Policy.

  3. Community: Support, Assurance, Events, Education, the broader teams.

This organisation is followed in this text, although note that no simple image covers all realities.

Historical note on Accuracy & Style

This executive report is a reconstruction of the activities of the Executive Committee of the period 20080701 to the SGM of 20090725, at which event the committee was removed by the Association.

This report draws from events and actions that were recorded in maillist archives, decision records and other sources. The sources were chosen as those that were or should have been visible to the committee. It thus presents a viewpoint as available to the then-committee, or as close as we can make it. There may be biases or blindspots in either their view or our view. The many teams of the Community were also invited to report, and their good work is attached. Note that their perspective is different, including that they were not constrained in period, and their reports may extend as far as 20100116.

As this report is prepared by the Committee appointed at that SGM, not by the committee that lived these events, the report is more of a listing of recorded events and actions than descriptive in nature. While the records and presented facts are believed to be correct, there may be some errors. Some statements of interpretation are made, and these may be less correct.

The members of the previous committee were given the opportunity to make a statement, but no statement was received by time of closing of contributions (20100116). The present committee feels that it is in the community's best interest to re-construct the events and present a fair record, as far as is reasonable. Errors & omissions can be dealt with by petition to the committee of 2010, or by filing under dispute resolution policy.

Terms

The terms committee and board are used interchangeably. The terms CAcert Inc. and the Association are used interchangeably. The term Member means a member of the Community, under the CCA, where unqualified, and a member of the Association or the committee where qualified.


1. Brain

Opening Committee

AGM 20081107


  1. http://svn.cacert.org/CAcert/CAcert_Inc/General_Meetings/AGM-Nov2008/Minutes-7Nov2008-AGM.pdf Minutes AGM 2008

  2. http://svn.cacert.org/CAcert/CAcert_Inc/General_Meetings/AGM-Nov2008/CAcertInc_Yr2008BoardReport.pdf CAcert AGM 2008 Board Report.

  3. http://wiki.cacert.org/wiki/AGM20081107?action=AttachFile&do=view&target=CAcertBalanceSheet07-08.pdf CAcert Fin 2007/08 Balance sheet.

  4. m20081112.1 positions announced.

Miscellaneous Committee Actions


  1. m20081215.1 and m20081215.2.

  2. mail proposal.

Audit

The following actions signify events and actions by the committee related to Audit project.


  1. approved as m20090519.1.

  2. mail.

  3. Auditor's first reply, second reply.

  4. mail.

  5. checklist.

  6. asked.

  7. mail

Lead-up to SGM

In the aftermath of the termination of the Audit, the following events and actions laid the scene for the SGM.

The Special General Meeting 20090725

The Special General Meeting of 20090725 was duly held and chaired by vice-president Evaldo Gardenali. Minutes are to be approved at the AGM of this report. Highlights:

  1. The resignations of Teus Hagen and Philipp Dunkel were accepted, and both were thanked for their service.
  2. The large rule change was not carried by 75% majority required, and therefore failed.
  3. The motion of no confidence was carried by the majority, and the committee was removed.
  4. A new committee was appointed under the casual vacancies rule: Nick Bebout, Mark Lipscombe, Ernestine Schwob, Philipp Dunkel, Guillaume Romagny, Andreas Buerki, Ian Grigg. A motion to accept the votes, as counted, was duly voted and carried.

The adjournment of the SGM marks the closing point in the period of this report. Further developments are remarked on in the Forward-Looking Statement, also for presentation to the pending AGM, but will be formally covered in the next year's annual report.

Policy

  1. Following on from the prior year, the Security Manual was progressed throughout 2008. It followed these phases:

    1. 1st cut written by Pat Wilson after surveying industry practices and CAcert documentation.
    2. Reworked a little and filled out massively by Philipp Dunkel, Teus Hagen, Wytze van der Raay, Ian Grigg.
    3. Philipp Dunkel introduced into the Board discussion a new Background Check policy for debate m20090203.2. Although taken through board in a narrow vote, this was eventually passed into the Security Policy/Manual.

    4. A late decision was taken to split it into a smaller Security Policy and larger Security Manual. This allowed a split in the document into harder principles under policy group control, and working practices under team leader control.
    5. Security Policy was passed into DRAFT p20090327. This event gave the ability to start the audit over systems.

  2. Assurance Policy was voted to DRAFT by policy group p20080712.1. This represented a dramatic shift in the Assurance process, but required implementation. Then, to POLICY p20090105.2.

  3. CPS was gradually reworked throughout the year.
    1. All information is verified. p20081016.

    2. Checks over emails and domains were hotly debated. Auditor held the line that one single ping check was insufficient. Policy group proposed and voted on a two checks practice taken from a list of alternatives, into CPS. p20090105.1.

    3. CPS was finally brought to DRAFT with p20090706. Board members added their votes.

Arbitration

Disaster Recovery and Data Protection

  1. 20081222 Rasika, Philipp D, Philipp G and Iang met in Vienna. A basic Disaster Recovery plan was created, using the CISA format. Data protection was also discussed, and Rasika was asked to prepare a cross-country comparison (NL, GB, SE).
  2. 200903xx Board discussed in two meetings the data protection project. This discussion was caused by remarks of frustration by Philipp Dunkel. The result was a motion to mandate Teus Hagen to investigate and negotiate the situation m20090330.1, and a cooling off period of 6 weeks for Philipp Dunkel. Although it was claimed to be resolved, good relationships were never restored, which fed into the summer events.


2. Technology

2.1 Critical Systems

  1. Board passed series of motions (m20080901.1, m20080903.1, m20080903.2) that set the scene for the move to Netherlands. These decisions were based on the "May Plan of 20080625" which laid out people, actions, budget (euros 5200). Updated 20090901.

  2. 20080930. Vienna data operations were shut down. The team in Vienna secured backups and drove the disks to Netherlands. Philipp Guering, Matthias Gassner, Matthias Subik, Iang. Henrik H reported to community:
    • From 29.September 2008 till 4.October 2008, the mission-critical systems of CAcert.org will be moving from the current location in Austria to the new location in the Netherlands.

      These servers are moved to meet the requirement of the audit for improvement and inclusion with the mainstream browsers and other vendors. The Netherlands location is planned to host the servers in a full dual control and 4 eyes environment, at both physical and logical levels. As an audit requirement, this is essential for balancing the security of certificates. Furthermore, all non-critical systems like the blog and the wiki are already hosted in the Netherlands. This location in the Netherlands does fully comply to the audit criteria for secure hosting.

  3. 20081001 The newly-formed critical systems team in the Netherlands received the disks from the Vienna transport team and got the servers up and running by approximately 12:00 that day. Wytze van der Raay & Mendel Mobach, with Hans Verbeek providing Access Engineeer. Philipp Guering as consultant. This marked a significant improvement in providing physical security and dual control over most levels of access to the systems.

  4. 20091028 Board appointed Wytze van der Raay and Mendel Mobach as critical system administrators for CAcert. Motion m20081006.1

  5. 20090228. Old drives were destroyed in a workshop at Garnisongasse 7, an art/tech place. Destruction was done by disassembly, power-scoring and breakup of the platters.
  6. 20090308 critical systems team reviewed the Security Policy. Although still WIP, it was decided to push it through, and organise the first audit visit over this document. Reviews also conducted by Teus Hagen and Philipp Dunkel.

  7. 20090418 Plan for First visit for systems review announced for 20090504-06.
  8. 20090515 Stefan Kooman was appointed to critical systems administration team. m20090515.1 marking the first use of the new Security Policy approach to Arbitrated Background Check.

  9. 20090628 Signing server failed, possibly due to earlier air conditioning failure and consequent over-heating. Oophaga pursued and financed a replacement with diligence.

New Roots

  1. 20080903 Board passes motion (m20080903.3) to authorise new roots, and later m20081008.1.

  2. 20080913. Roots/NewRootsTaskForce was created to research and design the content of new roots.

  3. 20081028. Guillaume Romagny and Teus Hagen created new roots in Netherlands. Auditor was in attendance. This attempt failed.
  4. 20081128. Guillaume and Teus again met and created new roots. This attempt worked. Teus reported to board 20081129:
    • The Root Key generation and subroot keys (2 + 2 spare for later) have been generated and installed on the signing server successfully in a full ceremony prepared by Guillaume/Teus, audited by Ian, at 1 am at Moboch Ssystem location, installed by Wytze/Mendel/Rudi Engelbertink (CAcert crit team and Oophaga) at BIT i n Holland.

      The subroot keys will now be tested and evaluated. Philipp will look into that and is asked to report.

      After that on board decision the sub root keys will be activated. Some thoughts of the constraints for this will be discussed on the policy email list as well.

  5. 20090101 Over the new year period, MD5 came under a cloud due to attacks. Investigations led to the conclusion that as CAcert certificates had server-side nonces in them, they were not (as) vulnerable. However MD5 has to be replaced in time, but this proves hard because most software was not ready. m20090109.1.

  6. 20090501 Teus reported on difficulties in root escrow. More progress reported.

  7. 20090515 Auditor reports issues with new roots, however board was unable to respond.

Infrastructure Team

  1. 20090422 Board approved m20090422.1 the scoping of new systems to meet (non-critical) infrastructure needs by Daniel Black (email sysadm). Daniel and Greg Stark negotiated with a hosting provider but without success.
  2. 20090508 Progress was slow, and full access was requested to the (non-critical) infrastructure systems. This was accepted as m20090524.1.

  3. 20090701 A call for new systems administrators went out. mail. Many responded and the new team was built.

Software

  1. 20090303-06 A preliminary review of software by Auditor and programmers Philipp Dunkel and Mario Lipinski at CeBIT led to disquieting results. Plans were laid for a better review.
  2. 20090325 Auditor announced plan for a full review of software. Teus Hagen suggested funding opportunities. mail.

  3. 20090418 Review team met for one week near Innsbruck. Attendees: Philipp Dunkel, Mario Lipinski, Alejandro Mery, Auditor.
    1. The review was conducted in first 2 days, and concluded existing software should be replaced.

    2. Remaining time was spent on architecture, design and tools.

    3. Documented and named as Birdshack.

    4. Week closed with some coding and fullest intentions.
    5. The effort was funded by AuditBudget and Philipp Dunkel.

  4. During the remaining part of the period, Birdshack development was stalled primarily due to events of summer.
    1. Mario Lipinski created a basic selector for incoming REST calls.
    2. Philipp Dunkel created a deamon for Signing Server communications.
  5. Dirk Astrath led a spririted effort to deliver a patch to solve the CCA rollout problem was started. This comprehensive patch was too big the Software Team's limited capabilities.


3. Community

Support

  1. 20090205 After being background checked, Alexandro Mery was appointed by Board as a new Support Engineer. motion m20090205.1.

  2. 20090324 Problems surfaced with Support over lack of tools.

  3. Support suffered little attention throughout the period, probably due to Audit pressure to place critical systems and then software at the top of the board's priorities. At Innsbruck, 20090418, Alexandro Mery briefed companions on difficulties, but this did not in the event change priorities of attention.
  4. 20090612 Alexandro Mery created a maillist as a staging or handling place for disputes. This list helped a stalled and hidden process.

Education

  1. 20090125 Ted, Education Officer, reported on one year of CATS operation of the Assurer Challenge: 5000 tests taken, with around 2800 passes, resulting in 1375 "certified" Assurers as of that date. Now also available in German!
  2. Assurance Handbook received some progress throughout the year from many people, but primarily Bernhard Froelich.
  3. Bernhard Froelich started a process of Assurer Training Event which was picked up by Ulrich Schroeter and others.
  4. 20090405 A long standing request to turn off non-CATS-challenged Assurers was installed into the system. 1656 Assurers at that point. m20090408.1. Board immediately approved a mailout to effected ex-Assurers.

Assurance

  1. p20080712.1 Assurance Policy was voted to DRAFT. With Assurance Policy heading into DRAFT and then POLICY mode, there was much work to do in rolling this out. Although listed in part/detail on the wiki, progress was initially slow.

  2. CAP form was redesigned by Teus Hagen to include new Assurance Policy points, and a host of other improvements. This caused to be hard to fully integrate and implement, and after much hard work, was fully implemented.
  3. Auditor attended CeBIT and personally reviewed several Assurers by being assured. Ulrich Schroeter independently developed this process into a formalised co-auditing procedure.

  4. At CeBIT 2009, Sebastian Küppers took over the Assurance Officer role. mail.

  5. 20090516 The entire Assurance Team met in Munich for a miniTOP on Assurance, where the 1st audit review over Assurance was presented, including statistics and forward tasks for improvement. Minutes written and reported.

Organisation Assurance

  1. 20090527 Greg Stark was appointed as Organisation Assurance Officer. m20090527.1

Events

  1. At CeBIT 2009, Ulrich Schroeter was handed the Events portfolio, after two years of service by Mario Lipinski. mail.

  2. Ulrich Schroeter then led an ad hoc team to take the ATE process initiated by Education across Germany. The ATE programme was improved and rebuilt many times.
  3. Innsbruck software meeting did an ATE at Innsbruck. Auditor did Prague, Budapest, Paris, London in an 8-cities Spring Tour across Europe (including Innsbruck and Munich, and non-ATE events in Vienna and Ede).

Communications

  1. Client certificates were enabled for the CAcert blog. announcement. This made it much easier for many to write blog posts and comments, and reduced spam to nothing.



(end of report)

AGM/AGM20100130/BoardActionNotes (last edited 2010-01-28 00:52:30 by SunTzuMelange)