Management Sub-Committee status of actions 20080416
still draft and need updates from M-SC
Pending action points:
Dispute Resolution
- email list of case managers and arbitrators, no news
- any cases?
case Jazbec has had final ruling. GR is case manager. Case closed.
- case on name (Warnat). GR is case manager. Investigations going on.
Assurance
Policy list work
- OA, M-SC has taken the lead for OA. Pending in AT 1, US 3, AU 1-2, CH 2, SE 1, IE 1, FR ?.
- OA CH is stalled on sub-pol def.
- OA AT: sub-pol is in draft. Need OAA's.
- OA AU: sub-pol in draft. Need OAA's.
- OA NL: sub-pol in draft. Need OAA's
- OA DE: sub-pol in draft.
- OA USA: GS, GM + RJ no reactions yet,
- OA IE. SJ initiated similar to OA AU, need to chase SJ
- general COAP init by Sam.
- AU COAP needs dns record discussion. Chase SJ.
feature request for DNS control check? evaldo to chase OAP (main one, not subpol):
- CAcert OA for "deserts" is in OA policy (draft)
- wiki on OA; SJ seems to get on with this. Tues added/corrected some stuff.
- how do we check who is an assurer?
- now CATS passing-marks are in the database is easier
- overall question still stands for the Assurance process
- privacy/public status of the information in the certificates
- cert numbers
- name(s)
- DPA issue policy discussion: DoB drop request, no clear vote.
dropping the DOB and making all cert info as "public" means practically all DPA/PII data disappears.
- hash number as discriminator?
- DoB on user initiative?
- board is made aware of responsibility
- try to wrap up discussion on policy list
- code-signing policy
- TH made proposal to [policy] for basic claims plus optional claims (still to do)
- code-signers enter into a contract
- modeled after the Creative Commons concept
- code signing: proposed signer agreement and signer statements/claims Then policy write up
- Dutch DPA authority statement that it is forbidden to copy passports
- do all passports copies need to be dropped?
- what about old Assurers?
- some very early Assurances were "send photocopy to CAcert Inc" ... what to do?
- board question is whether the board decides to unilaterally drop their copies and their requirements.
Teus announced this decision to policy list:.
- need to announce to all Assurers to destroy
- need a dispute filed to ask Arbitrator to order all passports copies to be destroyed. (i) Assurers, (ii) CAcert Inc., (iii) support IMAP mailbox.
policy question is whether to delete and drop any and all requirements. Teus.
- priority is not high, but we need to progress the question
- add a CATS question, when we have a result
- related question: Identity Numbers (passport numbers, identity card numbers) were and are being written down on CAPs.
Tverify ==> subpolicy for other CA's members.
Tverify needs subpol to be written, on ToDo.
- TTP
- proposed a new policy
- due to help request it is proposed. Discussion started. No feedback seen.
- Junior Assurer, below 18 years of age
- need a subpolicy for Junior Assurer
- there are about 30 or so...
- 10 points allocatable only.
- Senior Assurer, people who have reached 150 or beyond?
- need to drag out the wip doco and think about it
- php and wiki list to compile for text changes due to policies
- new e-mail cert form request php id
- new certificate request page text
- translation is an issue
- translingo is back but still a good idea to move to rosetta?
- trial started for form fields in pdf/OpenOffice : trail on CAcert Inc. forms and COAP forms.
- need PDF/OpenOffice signature features/tooling
CATS
- 2nd sysadmin, has he been added yet?
Evaldo: Add Ted.
- Evaldo is changing the test system, when changed, can bring in new sysadms
- Current server goes down soon, new server is online.
- Sonance requests one VM for DNS/mail failover.
- can over the same in return
Bernhard has reported: for those interested in such things here is a current status of CATS:
- 341 different certificates have passed tests (ask Sourcerer how many different users, I'd guess more than 300)
- Since CeBIT (about 100 tests on CeBIT saturday!) there have been 5-10 passed tests per day
- I have created about 150 documents for passing the test, including 27 printed ones
- The passed results are already imported into the CAcert database
- User interface for viewing passed tests is in code review
- Admin interface and other related code changes are in (slow) progress
The great majority (>90%) of users who have requested a document have been german speaking (DE/AT/CH). Only about 5 non european Assurers (judging from email adresses)...
- need to mention that the Assurers will be chopped off
- Teus: how many Assurers have 150 points? Ask Philipp.
- how many Assurers are active today? In the last 6 months?
- if number of active Assurers (last year) is N, then 25% should have it before we impose a deadline.
- Ted to chase PR? Ask Ted whether he can ask Greg + Henrik to generate some PR?
- Challenge-passed
- report over to core system, status of that?
iang to chase:
- implementaton of Challenger-passed mark into the database is pending?
- teus reminded Philipp. No action yet seen.
- assurer mark for challenge passed assurers
ask sysadmins for this http://bugs.cacert.org/view.php?id=499 is progressing: Current status:
Import interface (CATS->CAcert DB): In code review
- User interface (showing passed tests in CAcert account): Coding with low intensity
- Admin interface (modifying results): pending
Other
- Assurance promulgation plan
- main web page has been updated
- logo is in
- house style adoption is pending
- teus wants metadata on the page for the policies.
- on the todo list
- Changes
- Principles should be somewhere too
these are recorded as task on RolloutCommunityAgreement
Systems work
- new team members
- Evaldo to present list
- several prospects for non-critical servers, positive
- Nagy (hungarian)
- Matthijs M
- ishbir
- Jacob S
- amessina
- premrara
- kim H
- shaun L.
- thomas w (association member) salzburg
- Sam J (CISSP, SAGE[-AU,-IE], Google Apps)
- suggest JdL NL by teus
- questions (however brief) for 20080326
- proposal for new non-critical members for 26th...
- Philipp has initiated task list on wiki
- establish good cooperation between PG and EG (trial TH)
- seem no cooperation between PG and EG on this. Teus asked PG.
- agreement on 29th by M-SC+pg
- Cachaca project drafted: to be decide:
- need speed.
- philipp is back from link protocol
- need to assess amount of time he has available
- NL team will need 2 people in sysadm team to meet dual control criteria
- request for costs is implied
- preparations in Brazil, in "production with test systems"
- had got close, but disks got reallocated
- starting again, but this time with documentation
- doco not yet published
- should be part of the security manual
- remote work? how to do the reboot remotely?
- prepare the kvm before flight?
- Plan proposed to board???
- M-SC decision is to build the team to move the system to Netherlands.
- Evaldo is to start that team.
- Philipp is providing the software to Evaldo.
incorporate tonight's changes, circulate plan, and then send plan to board. iang
Admin
- Funding
- from Audit Project?
- AtC funding needed?
- NL move
- USB link installed, serial line was also requested by PG. Status?
- chase status of more admins failed with PG.
- create systems committee
Evaldo compiles req list For systems sub-committee? We said it is not exactly needed
- need closed group nomination policy?
bounce back ideas and create a proposal to board: all
- link
- serial not on Suns
- Spare Tunix firewalls PC has them
- or use USB, or use Ethernet, device nodes available?
- software
- decision taken by board sw to go to EG
- familiarisation with sw is started
- Some pieces are already sent, missing many pieces still, but probably able to create a working set with the available data already
- Virtual machine with signer is installed, missing OpenSSL profiles
- Virtual machine with web application is in progress, missing some bits and pieces
- Support team
- new member was discussed (problems: not assurered, possible conflict of interest with his work)
- notify ggr + rob of situation: done, Member not invited.
- admin team: Daniel, Ted, Michael ???
- check OCSP/CRL distr systems (Philipp request)
- not clear what check is required
- outline of concerns by Evaldo to M-SC:
a CRL distribution point that is NOT UP TO DATE is a big denial of service on revocation (unable to properly revoke and send the message out)
a bogus OCSP server can declare legitimate certs revoked, and vice versa
Even if we decide to remove a DNS entry for the bad servers, DNS caching might hurt us
PG asked for status.
- iang to talk to Pete S
- are these critical systems?
- nothing much on them
- DOS for revocation checking
- certificate could be used for a social engineering
- teus chase philipp with questions. Done.
- OCSP/CRL usage stats: 5000 p/mnth (PG)
- outage stats OCSP routing: 25 mins/mnth (98% uptime) (PG)
- getting sources up and available
- good to get the board to finalise the licence under which the source code is to be issued.
- agreed that CAcert is to own the full rights, as per the FSFE tfr agreement
proposal to board to be written up on that basis iang
iang to review GPL[23] again
House Style
- web style has not been incorporated ... (promised first week Febr) to be incorporated.
- No action caused ripple effect for events. New request on 13th of March with one week to results.No success.
- advertisement handling (teus: status unknown)
- cert button (teus: status unknown)
- advertisements in wiki pages does not mix well with style (SJ).
wiki
- wiki pages update in progress by M-SC (teus)
- more people to help for doco
- now in svn: Doc Policy work-in-progress, early stage, not near to DRAFT
Audit
- workplan for audit work and preparations.
start real/formal audit requires NL move + dual control
- preparations
- policy Assurance Policy
- press release
- rollout plan: policy progress
- where we are now, write statement of where we are
- look at the report sent to board in around January.
- rewrite this for up to date comments, plus the needs in the MoU.
- add bullet that MoU is now in effect, has ramifications
- timeline, operations.
- defer discussion until we have had a chance to review the MoU.
- look for MoU and get it to the SVN.
- security manual. Is on wiki. Seems Pat need better help. Chase PG.
- NLnet-MoU
- need announcement press release, but defer this until after agreement with auditor is reached
- RC received first 9K
- documents now on website
- real audit can only restart when systems are completely moved to NL Need date (Cachaca project and/or PG last trial; GP seems to be stalled on serial/link protocol.
- need link from main web site to audit pages.
Committee meetings
- AGM and board minutes need (board) review
iang has now read the minutes, and will review them again!
Assurance Events
- Need CeBIT report (Teus asked twice Jurgen/Mario)
CAcert Associations
- Policy on Foundations and Associations: to be updated
- introduce it to the policy list
- secure-u commitments, still pending, still under negotiation
- for example, funding earmarked for CAcert should be controlled by CAcert (board notice?)
- if local funding is raised locally how to get properly in control of CAcert?
- finances for meetings
- non-profit issue raised
- needs a change of CAcert Inc. by-laws
- SGM called on 4th April for Association
- needs reminder on 1st of April.
- mail has gone out to members of the Association
- within 3 weeks so it is enough notice to change the rules
- is in hand
- board asked M-SC to do the preparations for the AGM
- date: 20081107 23:00 MET.
- two new applications for membership: PG (nominated?) and SJ (ready to go).
PR / Marketing
- ry out for form fields. OOo generates OK PDF. OOo signing OK. PDF signing only from commercial packages. Trials with Acrobat.
- overview of events in wiki needs update. MS has too little time.
M-SC finances
- finances for meeting travel
- equipment funding?
end of action points