Minutes Management Sub-Committee meeting 20080121

Present: teus, iang, 22:30 to 01:00; * next meeting next thursday, 10 days.

Dispute Resolution

list of names for Arbitration
- (manager: Dispute Resolution Coordinator) teus sent email about start of arbitration email list.
- Got 2 OK, 2 acks
- maillist is up
- organigram
- teus to add the new arbitrators to the list and send reminder to others
wiki is updated
- and some documentation tree adjustments into the wiki record of arbitrations
- added templates
call for ticketing system done.
Roles
- for now, people can be Case Managers and Arbitrators at the same time
- but not for the same case
- idea is to start out as Case Manager and then go up to Arbitrator.
- this will will evolve naturally

Assurance

CATS
- 2nd sysadmin, has he been added yet? Evaldo
- launch
  - iang ask Ted for some statistics
  - need to mention that the Assurers will be chopped off
- Challenge passed report over to core system, status of that?
  - implementaton of Challenger-passed mark into the database is pending?
  - teus to chase Philipp.
  - assurer mark for challenge passed assurers
  - ask sysadmins for this (Evaldo file bug)
- paper certs
  - was the certificate for "passed the Challenge" or was it "am an Assurer" ?
  - decision by policy/edu that only the name is the certificate
  - iang to ping ted on status here
  - in US the paper certificate is in big demand
  - cost of postage is another issue
  - but Secure-U should pick this up
how do we check who is an assurer?
- if a challenge test,
- have 100 points, and passing challenge, this is pretty automatic
- there is less of a privacy issue here?
- iang let's take it to policy
- in principle, we need something
privacy/public status of cert numbers
- should declare these to be public
- as they cause problems if "private" ... PII as well
- propose to policy list
- same discussion applies to all other info in certificate
- iang take it to policy?
- main system cacert.org never tells you what your internal number is
OA
- NL: OA assurer bootstrapping of teus
  - has been proposed to board
- Organisation as OA handler?
  - teus to take it to policy
- US: Colorado, California, ? no action...
- other countries? Teus asked on policy list.
- oversight JP?
  - teus to chase Jens and ask
- in ticketing system?
  - evaldo to report status on ticketing systems
- AT Austria SubPol has been proposed
  - comments from a few, including some bounces,
  - but bounces are not being proposed iang
review OA subpols that are there
- Q for feedback 3 weeks old now
- need list of changes
- need driver for this
- we don't want 50 subpols ... and that's just for the US
- maybe we can combine all into Euro subpol
code signing
- current consensus/abstract?
- policy write up
- income base for-profit packages?
Assurance promulgation plan
- Iang to mail systems & marketing groups.
- teus wants metadata on the page for the policies.
- there needs to be a link from the top page to policies.
CCA is policy now
- late arrivals Ayes after last call
- 9th of Jan 2008
- agreed that it is approved to POLICY
3rd WiP of 3pv-DaL for vendors
- no priority now
- teus asked for add recursive arrangements (noted in WiP)
Exceptions:
- Other CA policy needs to have Tverify page moved across into a SubPol
- discuss this in m-sc with Evaldo, need to get the old scattered secret policies into their new homes
- Junior Assurer needs to have a SubPol started, in discussion on policy
Identity versus Arbitration
- need for DOB, ongoing discussion
- DOB is approximately like an SSN, as an analogue
- is used internally as a discriminator, not externally, and there is already the email address as internal discriminator

Systems

NL move
- USB link cable on their way -- unknown teus to chase
- new interest of volunteers: Xs4all, NLnet Labs, Medison, ...
- NLnet Labs is around 6 people: DNSsec, IPSec, IPv6, VoIP (security on SIP), RFC work
create systems committee
- Evaldo compiles req list
- need closed group nomination policy?
alternate plan C project cacaca
- lots of interest
  - AT Comp++
  - Less from NLnet Labs (full now with trainees)
  - Nothing from Tix, will chase
  - 2 Unis?
enough Evaldo to get some firm interest from Evaldo
- 1st March? 3 month stay, dates, info from consulate
- flight: CAcert 1k
- spending costs: 1k
- food & board: ATC (or sponsor).
- some spending stipend from sponsor.
- in exchange for courseware, need to negotiate that with ATC.
- a one year exclusive for Holland
- inform ted about the progress, bring him into the loop, teus to mail ted
- in discussion with others, JJ @ NLL and FC @ MK and xxx@xs4all
we have to build the teams at the same time
- rudi, i, ... on embedded signing server
admin team: Daniel (takes up), Ted, michael ???
- Daniel set up info@cacert.org, signal that there is something.
what is this, Evaldo: bill to CAcert
- Teus+Evaldo: should bill, submit?
check OCSP/CRL distr systems (Philipp request)
- not clear what check is required
- outline of concerns by Evaldo to M-SC
- iang to talk to Pete S
- are these critical systems?
  - nothing much on them
  - DOS for revocation checking
  - certificate could be used for a social engineering attack
- teus chase philipp with questions
- why are these being distributed now and not being run on our NL machines???
Tix active monitoring/changing issue
- question raised by Tix to go transparent or filtered?
- was from Oophaga to Philipp
- happened around the time of Philipp looking at RBL list
- at that moment, Tix made an error ... caused an event call
- The answer from Philipp was to continue the RBL active work
- issue raised 17th november call # 01225785
- as a result, RBL was turned off, but there are other aspects
- gate.cacert.nl is doing the reply
- gate.cacert.nl cert
teus to ping the support people and brief them
- rumour that Philipp is no longer doing support and is looking for others to do the task -- need to check

House Style

refer to list of decisions by board, posted by Teus.
new logo incorporation still not done (2 months now)
new style in web pages (2 months now)
new style development for wiki, blog
advertisement handling
- google also now in wiki
- text ref only now on main web page
- buttons & logo's
cert button

Admin

organigram wait for M-SC comments
- update in wiki
- evaldo is this ok!!!???
- need confirmation from m-sc before publication!
overview of decisions taken
- in wiki now: AGM, M-SC
- policy has started to record the decisions
- ask Evaldo for additional permissions for all board members to write on the board decisions page
tracking system for policy progress?
wiki pages update
- teus to write to Sebastian Documentation Officer
- more people to help

Audit

DRC-A, DRC-B are
audit.cacert.org is up and running
- https://audit.cacert.org/drc/browser.php
- need to drop the insistence on CAcert certificate being installed
workplan for auditor, teus
- teus to respond to audit proposal
- start requires move + dual control
- teus to talk it over with Greg
security manual
- Pat made chapter outline, some feedback from Ian and Philipp, is in progress
- Pat is external to CAcert or one of community (CCA)?
- iang to ask.
MoU for NLnet funding signed by parties
- need announcement press release, but defer this until after agreement with auditor is reached
- documents now on website
- m-sc decision to remove the older HTML discussion document because it is completely replaced by the PDF.
audit can only restart when systems are completely moved to NL

Policies

on website, need some wrap up
Sebastian's criticism
- OfficialDocument changes
recent POLICY votesom

Committee meetings

schedule 3 month period for wrap up decisions taken by email
- evaldo/teus chase up board
- get email decisions into wiki
AGM minutes need board review is now on wiki
if we get Evaldo/cacacha then talk to Greg and to Robert about a meeting

M-SC finances

need 2008 budget request to sent to Robert