= Management Sub-Committee status of actions 20080403 = == Pending action points: == === Dispute Resolution === * email list of case managers and arbitrators, no news * any cases? * case [[http://wiki.cacert.org/wiki/Arbitrations/a20071205.1|Jazbec]] has had final ruling. GR is case manager. * new case on name (Warnat). GR is case manager. * M-SC asked for CeBIT report, no feedback yet. No cases filed arising from CeBIT. === Assurance === === Policy list work === * '''teus''' chart is in wiki and svn tree. Wiki updated. Table updated. Need to chase person on the lead of an Office. * OA, M-SC has taken the lead for OA. Pending in AT 1, US 3, AU 1-2, CH 2, SE 1, IE 1, FR ?. * CH is stalled. Teus is chasing got ref from SC. * OA AT: sub-pol is in draft. p20080310 is recorded. * OA USA: GS, GM + RJ no reactions yet, * general COAP init by Sam? * AU COAP needs dns record discussion. * OA AU: voted on 2st of April. * OA IE. SJ initiated similar to OA AU, need extra vote from IE * SJ from Ireland * feature request for DNS control check? '''evaldo''' to chase OAP (main one, not subpol): * countries/areas which have no OAs nor a subpol. Proposal to change OA Pol. * voted on 1st of April, added to Pol Decisions and svn tree. * give it 2 weeks for spelling/typos to appear in formal draft policy. * wiki on OA; SJ seems to get on with this. * how do we check who is an assurer? * now CATS passing-marks are in the database is easier * overall question still stands for the Assurance process * privacy/public status of the information in the certificates * cert numbers * name * DPA issue policy discussion: DoB drop request, no clear vote. * dropping the DOB ''and'' making all cert info as "public" means practically all DPA/PII data disappears. Big win! * internal discussions with Sam, M-SC, Philipp on DPA * DoB on user initiative? * code-signing policy * TH made proposal to [policy] for basic claims plus optional claims (still to do) * code-signers enter into a contract * modeled after the Creative Commons concept * code signing: proposed signer agreement and signer statements/claims Then policy write up * Dutch DPA authority statement that it is forbidden to copy passports * do all passports copies need to be dropped? * what about old Assurers? * some very early Assurances were "send photocopy to CAcert Inc" ... what to do? * board question is whether the board decides to unilaterally drop their copies and their requirements. * '''Teus''' announced this decision to policy list:. * need to announce to all Assurers to destroy * need a dispute filed to ask Arbitrator to order all passports copies to be destroyed. (i) Assurers, (ii) CAcert Inc., (iii) support IMAP mailbox. * policy question is whether to delete and drop any and all requirements. '''Teus'''. * priority is not high, but we need to progress the question * add a CATS question, when we have a result * related question: Identity Numbers (passport numbers, identity card numbers) were and are being written down on CAPs. * Tverify ==> subpolicy for other CA's members. * Tverify needs subpol to be written, on ToDo. * TTP * need a subpolicy (propose a new policy) proposed * due to help request it is proposed. Discussion started. * Junior Assurer, below 18 years of age * need a subpolicy for Junior Assurer * there are about 30 or so... * 10 points allocatable only. * Senior Assurer, people who have reached 150 or beyond? * need to drag out the wip doco and think about it * php and wiki list to compile for text changes due to policies * new e-mail cert form request php id * new certificate request page text * translation is an issue * translingo is back but still a good idea to move to rosetta? * trial started for form fields in pdf/OpenOffice : trail on CAcert Inc. forms and COAP forms. * need PDF/OpenOffice signature features/tooling === CATS === * 2nd sysadmin, has he been added yet? * '''Evaldo:''' Add Ted. * Evaldo is changing the test system, when changed, can bring in new sysadms * Current server goes down soon, new server is online. * Sonance requests one VM for DNS/mail failover. * can over the same in return * Bernhard has reported: ''for those interested in such things here is a current status of CATS:'' * 341 different certificates have passed tests (ask Sourcerer how many different users, I'd guess more than 300) * Since CeBIT (about 100 tests on CeBIT saturday!) there have been 5-10 passed tests per day * I have created about 150 documents for passing the test, including 27 printed ones * The passed results are already imported into the CAcert database * User interface for viewing passed tests is in code review * Admin interface and other related code changes are in (slow) progress * The great majority (>90%) of users who have requested a document have been german speaking (DE/AT/CH). Only about 5 non european Assurers (judging from email adresses)... * need to mention that the Assurers will be chopped off * Teus: how many Assurers have 150 points? Ask Philipp. * how many Assurers are active today? In the last 6 months? * if number of active Assurers (last year) is N, then 25% should have it before we impose a deadline. * Ted to chase PR? Ask Ted whether he can ask Greg + Henrik to generate some PR? * Challenge-passed * report over to core system, status of that? * '''iang''' to chase: * implementaton of Challenger-passed mark into the database is pending? * teus reminded Philipp. No action yet seen. * assurer mark for challenge passed assurers * ask sysadmins for this http://bugs.cacert.org/view.php?id=499 is progressing: Current status: * Import interface (CATS->CAcert DB): In code review * User interface (showing passed tests in CAcert account): Coding with low intensity * Admin interface (modifying results): pending === Other === * Assurance promulgation plan * main web page has been updated * logo is in * housestyle adoption is pending, johan says he has access to test system. * teus wants metadata on the page for the policies. * on the todo list * Changes * Principles should be somewhere too * these are recorded as task on RolloutCommunityAgreement === Systems work === * new team members * Evaldo to present list * several prospects for non-critical servers, positive * [[CharlieGarrison]] * Nagy (hungarian) * Matthijs M * ishbir * Jacob S * amessina * premrara * kim H * shaun L. * thomas w (association member) salzburg * Sam J (CISSP, SAGE[-AU,-IE], Google Apps) * questions (however brief) for 20080326 * proposal for new non-critical members for 26th... * Philipp has initiated task list on wiki * establish good cooperation between PG and EG (trial TH) * seem no cooperation between PG and EG on this. Teus asked PG. * agreement on 29th by M-SC+pg * Cachaca project drafted: to be decide: * need speed. * philipp is back from link protocol * need to assess amount of time he has available * NL team will need 2 people in sysadm team to meet dual control criteria * request for costs is implied * preparations in Brazil, in "production with test systems" * had got close, but disks got reallocated * starting again, but this time with documentation * doco not yet published * should be part of the security manual * remote work? how to do the reboot remotely? * prepare the kvm before flight? * Plan proposed to board??? * M-SC decision is to build the team to move the system to Netherlands. * Evaldo is to start that team. * Philipp is providing the software to Evaldo. * incorporate tonight's changes, circulate plan, and then send plan to board. '''iang''' == Admin == * Funding * from Audit Project? * AtC funding needed? * NL move * USB link installed, serial line was also requested by PG. Status? * chase status of more admins failed with PG. * create systems committee * Evaldo compiles req list '''For systems sub-committee? We said it is not exactly needed''' * need closed group nomination policy? * bounce back ideas and create a proposal to board: '''all''' * link * serial not on Suns * Spare Tunix firewalls PC has them * or use USB, or use Ethernet, device nodes available? * software * decision taken by board sw to go to EG * familiarisation with sw is started * Some pieces are already sent, missing many pieces still, but probably able to create a working set with the available data already * Virtual machine with signer is installed, missing OpenSSL profiles * Virtual machine with web application is in progress, missing some bits and pieces * Support team * new member was discussed (problems: not assurered, possible conflict of interest with his work) * notify ggr + rob of situation: done, Member not invited. * admin team: Daniel, Ted, Michael ??? * check OCSP/CRL distr systems (Philipp request) * not clear what check is required * outline of concerns by Evaldo to M-SC: * '''a CRL distribution point that is NOT UP TO DATE is a big denial of service on revocation (unable to properly revoke and send the message out)''' * '''a bogus OCSP server can declare legitimate certs revoked, and vice versa''' * '''Even if we decide to remove a DNS entry for the bad servers, DNS caching might hurt us''' * '''PG asked for status'''. * iang to talk to Pete S * are these critical systems? * nothing much on them * DOS for revocation checking * certificate could be used for a social engineering attack * teus chase philipp with questions. Done. * OCSP/CRL usage stats: 5000 p/mnth (PG) * outage stats OCSP routing: 25 mins/mnth (98% uptime) (PG) * getting sources up and available * good to get the board to finalise the licence under which the source code is to be issued. * agreed that CAcert is to own the full rights, as per the FSFE tfr agreement * proposal to board to be written up on that basis '''iang''' * '''iang''' to review GPL[23] again :( === House Style === * new logo is in * web style has not been incorporated ... (promised first week Febr) to be incorporated. * No action caused ripple effect for events. New request on 13th of March with one week to results.No success. * request for access on test system by Johan. Also on 13 March email to support. '''evaldo''' to chase. Done. * advertisement handling (teus: status unknown) * cert button (teus: status unknown) * advertisements in wiki pages does not mix well with style (SJ). === wiki === * wiki pages update in progress by M-SC (teus) * more people to help for doco * now in svn: Doc Policy work-in-progress, early stage, not near to DRAFT === Audit === * workplan for audit work and preparations. * MoU with Ian is in place. * start real/formal audit requires '''NL move + dual control''' * preparations * policy Assurance Policy * press release * rollout plan: policy progress * where we are now, write statement of where we are * look at the report sent to board in around January. * rewrite this for up to date comments, plus the needs in the MoU. * add bullet that MoU is now in effect, has ramifications * timeline, operations. * defer discussion until we have had a chance to review the MoU. * look for MoU and get it to the SVN. * security manual. Is on wiki. Seems Pat need better help. Chase PG. * NLnet-MoU * need announcement press release, but defer this until after agreement with auditor is reached * RC received first 9K * documents now on website * real audit can only restart when systems are completely moved to NL Need date (Cachaca project and/or PG last trial; GP seems to be stalled on serial/link protocol. * need link from main web site to audit pages. == Committee meetings == * AGM and board minutes need (board) review * iang has now read the minutes, '''and will review them again!''' == Assurance Events == * Need CeBIT report (Teus asked twice Jurgen/Mario) === CAcert Associations === * Policy on Foundations and Associations: to be updated * introduce it to the policy list * secure-u commitments, still pending, still under negotiation * for example, funding earmarked for CAcert should be controlled by CAcert (board notice?) * if local funding is raised locally how to get properly in control of CAcert? * finances for meetings * non-profit issue raised * needs a change of CAcert Inc. by-laws * SGM called on 4th April for Association * needs reminder on 1st of April. * mail has gone out to members of the Association * within 3 weeks so it is enough notice to change the rules * is in hand * board asked M-SC to do the preparations for the AGM * date: 20081107 23:00 MET. * two new applications for membership: PG (nominated?) and SJ (ready to go). === PR / Marketing === * flyers/CAP/COAP, CCA printouts, sources Teus: they are in the svn tree now. Try out for form fields. OOo generates OK PDF. OOo signing OK. PDF signing only from commercial packages. * presentations in svn tree (inclusive some old ones). * teus restructured svn tree (from flat to some hierarchy) * overview of events in wiki needs update. MS! === M-SC finances === * finances for meeting travel * equipment funding? == end of action points ==