To Software Software - To Software-Assessment Software/Assessment - To previous meeting - To next meeting
Minutes of the MiniTOP on the 2012-02-28
Setting
The MiniTOP will be held via telco 22:00 CET
Attendees: Magu, Uli, Michael, dirk
Topics
(skip to agenda)
Action items from last meeting Meeting Action Items
Software/Assessment/ActionItems
all
proposed Apache config SSLCipherSuite settings for CAcert SSL enabled infrastructure systems
see also BEAST migration https://community.qualys.com/blogs/securitylabs/2011/10/17/mitigating-the-beast-attack-on-tls
Proposal from Sysadm list 2013-09-06{0}
SA
documentation server cert design concept to SystemAdministration/Systems/Development/Prepare
{0}
all
{0}
BenBE, Marcus
documentation: developer git repos under github
bug #1131 history @ github
CAcertOrg @ github
started under Software/Assessment/Documentation/UpdateCycle/step1{0}
NEO
{0}
all
read x509 guide
{0}
all
bug#1068 blog problem (also relates to community)
debian lenny - edge - squeeze upgrades needed
alternate: new server with squeeze, install wordpress, transfer domain
workaround: configure your FF FAQ/BrowserClients{g}
uli
Experience points for ATE attendance
check board motions and/or trigger if not yet passed{0}
uli
Infrastructure separation, to contact secure-u (Frank, Mario, Ted, Sebastian) for discussion, prepare a plan, started 2011-12-18
current state: see Funding Landing Page
May 2013: tk-server sponsoring, tk-server rcvd, deployment: WIP, project not yet finished{0}
All
1. next: strategy for "New Roots & Escrow" - using indirect crl's ?
indirect CRL: RFC 5280 http://tools.ietf.org/html/rfc5280 (chapter 5) - test deployment{0}
dirk, Michael
3. next: strategy for "New Roots & Escrow" - how does debian work?
to contact, deferred to next events (?)
next round: picked up by Benedikt new proposal 2013-06-02{0}
Uli, Michael
Documentation Bugs.cacert.org Review, documentation I (bugs handbook) svg files to convert to jpg or png
{0}
Development, Deployment, Discussion
OAO, Ted
bug #943 change OA admin/assurer text
needs 2nd test -> Fabian, Marc, Alex? {g} / needs 2nd review -> Ted, rejected
{-}
uli, Ted
bug #824 Org User cert fix Case study
Organisation User Certificates: Need UI improvement for proper production usage
{0}
uli, ted
bug #823 email address removal fix
No warning when removing e-mail address from account that certificates will be revoked
checked by 4, needs 2nd review, deploy
rejected{-}
inopiae
bug #920 Join - single name only (eg Indonesian)
details under bug number
{0}
uli
bug #859 admin console interface
feature request: show activity on an account in the admin interface
rejected, certs login doesn't modify "modified" field{r}
Michael
p20111113 CPS #7.1.2 "Certificate Extensions" adjustments - testing
uli, marcus: needs full cert create tests
duplicate report to bug#978
tested by 3, 2nd review done, transfered
Ken reported: still has problems, bug kept open{0}
gagern, NEO
bug #440 Problem with subjectAltName (CSR, renew certs)
There seems to be a problem with the subjectAltName. Dupes, missing entries, and more, rejected, needs further development
{r}
neo
bug #1025 Domain Dispute issue
disputes rc and rc2 var prob
needs work{r}
dirk
bug #1054 0001054: Review the code regarding the new point calculation
Thawte patch part II
needs further work{r}
Software Assessors: Review 1 / add to cacert-devel, add to testserver
Software-Assessors task
Testing
Testers task
neo
bug #1004 Stats page improvement
tested by 2, needs 2nd review
{0}
neo
Bugs #1159 it might be possible to execute commands on the signing server
{0}
inopiae
bug #1065 Wrong wording when sending mails during the assurance process
{0}
inopiae
bug #1162 calcutate (the passwords) hash in php instead of in mysql
create test scenarios for the software testers
Full testing{0}
inopiae
bug #0028 Wrong language for you've been assured & [CAcert.org] Client Certificate emails
{0}
inopiae
bug #988 TTP cap form deployment
{0}
Software Assessors: 2nd Review, Bundle Package to Critical Team
Software-Assessors task
Ted
bug #500 Get contact mail adress after resolving test
tested by 3, requires review
{0}
Ted
bug #1140 Show if a test is passed in learnprogress
tested by 3, requires review
{0}
magu
bug #1131 Rename _all_ Policies from .php to .html and fix all links
global policy directory maintenance and update
{0}
inopiae
bug #1010 Reorder the view on organisation certificates
tested by 3
{0}
Software Assessors: Bundle Package to Critical Team
Software-Assessors task
inopiae
bug #1139 Add new fields to the database
tests through #500 and #1140, 2nd review done, requires transfer
{0}
Awaiting Response from Critical Team
inopiae
bug #411 Wrong text is made into link
{g}
Agenda
1. Dirks Big Redesign Project
- bug #827 - New Points calculation / Thawte patch
- bug#827 + bug#882 to merge
- close bug#882
- wot.inc.php + notary.inc.php to merge
- continue with bug#827
- pojam bug to fix
- Thawte points removal, final step
- relates to 6.php
- this also relates to TTP
- dirk will work on this last weekend (2012-01-21)
- current state: not yet finished
- expected finishing? upcoming weekend (2012-01-23 to 2012-01-30)
- not finished, upcoming weekend 2012-02-06?
- bug#827 + bug#882 to merge
- Bring TTP assurances up to running
- requirement: make 855 active on production
- TTP-caps can be build by TTP-admins offline, not for public distribution !!
uli
bug #855 admin console interface "unknown" + "empty" assurance method fields, needed for correct testing on testserver
admin console lists "empty" and "Unknown" assurance types on listing given Assurances
{0}
- uli to add test report
- needs 2nd review by dirk, ted, markus, pg - ted will do within the upcoming days, probably Thursday
- passed to production
- TTP CAP form - sneak preview
for local testserver only bug #988 TTP cap form deployment Case study
- TTP system implementation to enter TTP assurances into the system
- current workaround - make use of "old" "TTP assurance" method with TTPadmin flag set, TOPUP impossible
- question araised:
- Notary public is also CAcert assurer, 2 possible ways
- make assurance via TTP assurance, entered into the system by TTPadmin
- make assurance as CAcert assurer
- TTPadmin has different userid then TTP who is also CAcert assurer
- AP prevents double assurances, but system cannot discover that, that TTP sends one TTP CAP form to TTPadmin and TTPadmin enters this assurance into the system and Notary public in role as CAcert assurer makes a 2nd CAcert assurance by CAP form
- Notary public is also CAcert assurer, 2 possible ways
- PoJAM patch
bug #872 PoJAM 3.3 restricition not applied
bug #920 Join - single name only (eg Indonesian)
- details under bug number
- presented to Policy Group
- first results from policy group?
- dirk has made some changes in 6.php last year
- there are 4 possible choices:
- givenname
- lastname (as current fix)
- givenname or lastname
- brians proposal, mononym + checkbox
- dirks proposal:
- make name handling more AP conform (1 line names, multiple names)
- 2 possible paths:
- allow multiple names (dirks proposal) is massive change (long term change)
- "simple" solution (short term change)
- global re-design
- eg users view
- 43.php, multiple views
- alternate experience points
bug #1007 add 5 Experience points for ATE attendance form
bug#964, bug#918 (Part II) Codename "BlackJack" - VBscript for Vista/Win7 (select keysize >= 1024)
x1 Dirk, new bug#964
DEV: bug#918 (Part II) (a20110312.1) Weak keys: /pages/account/.. 4.php, 17.php to combine ? (/includes/keygen.php) DEVcurrent state: test /account/4.php added to testserver
Marcus will do detailed tests on Wed
some references added to bug#964{0}
- as part of
x1 Arbitration case a20110312.1 Weak keys bug #918 / bug #954 / bug#964
- Current state:
{g}
pre mailing sent
{g}
keys revocation script to bulk revoke weak keys, new bug #954, finished
{-}
dirk: DEV: a20110312.1 bug#918 Weak keys: /pages/account/.. 4.php, 17.php to combine ? (/includes/keygen.php) DEV
vbscript needs to be improved with select box key size and lower limit to 2048 (based on https://wiki.mozilla.org/CA:MD5and1024)
Api CertEnroll (MS crypto provider)
new bug#964
current state: test /account/4.php added to testserver
Marcus will do detailed tests on Wed
some references added to bug#964 - codename "BlackJack"{g}
Weak keys blog post, published
{g}
Weak keys article published by Hanno(July 28), link is in CAcert's blog post (July 30)
{b}
weak keys: problems with cryptostick (to test at Froscon with Juergen ?)
cert enroll infos under bug#964
vista and win7 works with other engine !CryptoAPI (?) => Cryptography API: Next Generation
http://msdn.microsoft.com/en-us/library/aa833130%28v=VS.85%29.aspx
Marcus: added notes for Win7 https://bugs.cacert.org/view.php?id=964#c2249
- dirk: has not started the virtual machine
- Question from Marcus: did someone contacted illuminat?
- No, Marcus: to contact illuminat
- illuminat will give it a try, first needs download of testserver image
- Update?
- marcus: illuminat not yet seen last time
baseline requirement - keyssize >= 2048 to fix till end of 2011
- how to proceed?
- dirk: 1st step, to bring win test server localy online
- marcus: to contact illuminat
- Do we have other developers who may pick up this project?
Marcus -> dirk: announcement of vbscript bug to developers mailing list
- change keysize
- merge 2 scripts to one
- fix on script 1 needs fix in 2nd script too, solutions: include, one file, or comment fix script 2 too
interrupt: bug#964 -> codename "BlackJack"
- relates to IE8 problem, that certs cannot be created
is there a security issue with available fix? also bug#918
- related 927, 901, 847
- a patch is online on testserver, but cannot found
- related patch files, /pages/account/ 3,4,16,17; /include/account.php
- there are other vbscript pages: ../account/ 6 + 19
Brian bug#964
- Michael: Marcus to test with IE
- IE select provider only
- code from Brian needs some corrections, corrections to do, 4 + 17 inclusions, checkin
- notification to Brian, done
- quickfix has problems too
- next step(s)
- check error codes / debug routines
- open developer mode, create cert
- resulting error: line 213, put length, wrong parameter
Zeile: 213 Fehler: CertEnroll::CX509PrivateKey::put_Length: Falscher Parameter. 0x80070057 (WIN32: 87) Zeile 213: objPrivateKey.Length = &h08000000
- resulting error: line 213, put length, wrong parameter
- current state: an undef error with current patch
- we need someone who has experience with vbscript, to come into telco, reviews interface/api beforehand
- illuminat: not before eastern
- marcus: will ask users on assurance party Wed 18th Jan
- we need someone who has experience with vbscript, to come into telco, reviews interface/api beforehand
- 2012-01-23:
- also cabforum requirement, keysize under IE limited to 1024
- how to find programmers ?
- windows webserver programmers: Outlook, Citrix portals
- new API's can use java, new apis have web-enabled
splitting vbscript for os revisions < vista, java for os revisions >= vista ?
- NEO started development, not yet finished
- Global Re-Design project
- add a work flow concept ?
2. Certs Patches
bug#540 No key usage attribute in cacert org certs anymore?
also: bug#905
Policy group discussion - Extended key usage -> p20111113, motion CARRIED
- deployment
prepare fixes -> Michael to prepare diffs, against svn
- sending to testserver
- transfer to critical system
- (2011-12-13) approx 2 weeks to write the fix, approx 2 months to go
- Michael did transfer the patch to testserver
- signer code update
- changes against svn
- uli, to add to tester portal, done
- uli to inform testers about new tests
- test report from kenneth to transfer to report (email from 2011-12-25)
- Michael: where to find the report from kenneth? link?
- NEO has added the report (written to private dl)
- who has adobe 8 for testing?
- magu has, please test
- next: needs testing (week 6)
- uli, marcus: needs full cert create tests
- uli (2012-01-25): sent notification to software testers
- awaiting testing ... problem FULL test, including all possible variations with certs creation
also to report under bug #978 bug 978 (weak keys) (bug 918)
- Testers: test all certs veriations, functions
bug#440 Problem with subjectAltName (CSR, renew certs)
- "There seems to be a problem with the subjectAltName. Dupes, missing entries, and more"
- patch by gagern
- Software-Assessors: needs 1st review + transfer to testserver (week 4)
- (2012-01-23) michael picked up
bug #978 bug 978 (weak keys) (bug 918)
- invalid key format, no regular error message, something wrong, error code # identified
- debugging infos from user + infos from critical team with error code #, was spkac routine
- one test done 2011-12-17 by JensK
uli, marcus: more tests: certs routine, weak keys (small keys test), relates to bug#540 tests
- (week 7)
bug #812 CAcert certificate not working with Windows Encrypting Filesystem (EFS)
bug #905 Unable to sign PDF file with Acrobat
3. Patches queue
- bug #985 - Move Translingo to Translations (incl. patches) - POST work
bug#900 0000900: CAcert Site translation
http://blog.cacert.org/2011/02/497.html Workaround for Russian Translation of the CAcert Website (bug #900)
- Does Russian charset works now?
- last comment 2012-01-30: This should be fixed by the transition to pootle. Please test and if successful close or if not reopen the bug.
- russian in signer doesn't work yet, so the problem consists using russian names in account conflicts in certs creation (will garble)
bug#1002 0001002: Contact Assurer form leaves a funny comment after sending
- Michael did transfer the patch to testserver
- Michael: request to alex to check, seems to be ok
- next: tested by 2, needs 2nd review + deploy (week 4), ted?
- (2012-01-23) ted picked up
Marcus: working session bug#789 OA field extension
- 2nd review: dirk or ted
bug #859 admin console interface - feature request: show activity on an account in the admin interface, new update
- Michael: needs 1st review + transfer to testserver
- NEO: will check the next days (done)
- show creation date as date? or daterange?
- nothing prevents to show date as SE receives request from user or arbitrator to view user record (permission given)
- will an access be logged?
- yes, eg 43.php?usreid=1234567
- expires after 3-6 months
- split 43.php to two pages?
- show last account activity on login page for the user?
- no central landing page: account.php without parameters
- alternates
- new page, needs return url
- 2nd part, add below (like points table)
- several parts: eg show user flags, show account states
- fixed: email, names, rest: dob, training, flags, addtl. parts
- find user performance varies
- sometimes fast, sometimes slow
- flag settings per get request change?
- sublinked, last login as date
- needs testing
bug #1011 problem fix
- needs review by Software-Assessor - priority: high {-}
- untestable, needs 2nd review
4. Michaels workqueue
- OCSP server - timeout 10 min too short, 3 days to long, recommendation is 24-48 hours max, verisign: 7 days, startssl: 2d
- who has been informed, contacted?
- Michael will inform Wytze
- not yet written
thread relates to https://lists.cacert.org/wws/arc/cacert-board/2011-11/msg00021.html
- general solved
- scalability might be a problem in the future ?!?
- preconfigured there is no solution
- whats with EBJCA
- java based
- distribution solution (database replication), master server distributes to other criticial slaves, no caching function
- post request includes timestamp, simple http cache probably doesn't work
- engineX ?
- ocsp protocol: version, requestor-name, extension, request-list
- open issue, needs time for implementation
- studienarbeit? bachelor arbeit?
new bug #1001 Need a way to set up redundant OCSP responders
- still WIP, low priority
- Around 2012-02-07: Google announcement: remove OCSP - use CRLs
- New function to TMS - edit notary table record
- infos from last meeting
- testers needs editing individual notary records: fields "method", "awarded", "points"
- easier to create notary records with testserver (add F2F), and edit existing record, doesn't need to check for assurer-from, assuree-to and so on
- Update?
- Michael (2011-11-15): after some other bug reviews
- TMS - certs expire handling
- for testserver eg 3 days (short), 31 days (long)
- short 3d, long 30d, org 7d activated by NEO
5. General Bugs List Overview
Bugs to Review #1, transfer to testserver - Currently 3
uli
bug #977 admin console text fix
admin console Sysadmin - find domain - lists 2 tables - one for user accounts, one for org accounts, naming issue
{0}
uli
bug #967 OA isassurer check
Give an OA the oppertuntiy to check if a desiginated Organisation Admininistrator is a CAcert assurer
{0}
inopiae
New layout of view for Organisation Administraors in account/id35
{0}
- michael will check
Bugs under testing: - Currently 4
Michael
bug #978 bug 978 (weak keys) (bug 918)
invalid key format, no regular error message, something wrong, error code # identified
debugging infos from user + infos from critical team with error code #
was spkac routine{0}
Michael
p20111113 CPS #7.1.2 "Certificate Extensions" adjustments - testing
{0}
uli
bug #859 admin console interface
feature request: show activity on an account in the admin interface, new update
{0}
gagern
bug#440 Problem with subjectAltName (CSR, renew certs)
There seems to be a problem with the subjectAltName. Dupes, missing entries, and more
{0}
Needs 2nd review + transfer to Critical team, to bundle, to deploy - Currently 4
- define priority eg. 10,2, and so on, proposed order: from 1 to 10
uli, ted
bug #789 OA edit domain fix
Editing domain for organisations does not work
new update 2011-09-26
more fixes, more testing
* testcase scenario
* open org, edit 1st domain in new window, edit 2nd domain in new window
* results in: change made in window 2, written to record in window 2
* needs cross checking7 {0}
Michael
0001002: Contact Assurer form leaves a funny comment after sending
{0}
NEO
bug #1003 permissions notifications
Provide a possibility to regularly review the permissions in the system
all special flags, recipients and board (see account in bug note){0}
NEO
bug #1011 problem fix
needs review by Software-Assessor - priority: high, untestable, needs 2nd review
{0}
- define priority eg. 10,2, and so on, proposed order: from 1 to 10
- Needs development, deployment, discussion, reminder
bug #835 Migrate CATS onto testserver
Ted
bug #835 Assurer challenge (on testserver)
asssigned to Ted, CATS to install on ca-mgr1, awaiting deployment
{0}
- (2012-01-23) reminder to Ted
bug#964, bug#918 (Part II) Codename "BlackJack"
Brian
new bug#964
DEV: bug#918 (Part II) (a20110312.1) Weak keys: /pages/account/.. 4.php, 17.php to combine ? (/includes/keygen.php) DEVsome references added to bug#964
current state: first review, add to testserver{0}
6. Long term projects
strategy plans ... next: strategy for "New Roots & Escrow"
- idea: using indirect crl's ?
- 2 crl's needed, one valid, one invalid crl server
- more infos available ? who ?
- build testserver with special certs
- Magu, Michael to send instructions for test deployment
indirect CRL: RFC 5280 http://tools.ietf.org/html/rfc5280 (chapter 5)
- meetings ago we've defined Testing requirements and a potential testszenario
- to remind every meeting
- Michael: testserver environment deployment
- Michael will review after Certs extension policy group vote
- Michael: VM + OS builtup for CRL server tests (WIP)
- roots escrow method risk analyse process for proposal to policy group / board
- currently Ian works on this
- publishing of results is not that a big problem, as not yet in production
- idea: using indirect crl's ?
- CI (Update)
description to eclipse testpage, Webinar
- deployment scenario:
- create testusers
- testing
- delete testusers
- regression test for standard tests: eg 0,1,49,50,51,99,100,101 pts w/ and w/o CATS passed
- reminder
- deployment scenario:
- Jubula Test-Tool (by Michael) - update?
instructions see under Minutes meeting 2011-08-30
Jubula documentation started: Software/Jubula
- not performant as needed over internet, testing stopped.
- new proposal by Sven: Webdriver with Maven and Jenkins-CI
- sven did some work regarding frontendtest (Webdriver with Maven and Jenkins-CI)
- Michael did some review: probably needs some seperation
- needs building a team, sven + 2 others, to be forced and pushed forward
- active people have to work with this framework
- write a testunit that triggers the bug
- write a bugfix
- start regression test
- what do we want?
- is this our direction?
- does this fit to our requirements?
- someone needs time to do a deep review
- long term view:
- developers needs to become familiar with the automated testing system to write also the test scripts
- software-assessors to review test results
- automated testing will be helpful in relation to certs creation
- but may be a problem in certs creation
- selenium test makes frontend tests, solution is ok for our requirements
- sven did some work regarding frontendtest (Webdriver with Maven and Jenkins-CI)
- Infrastructure seperation
- CAcert Inc statement - received
- Hosting/Housing
- Hosting/Housing Provider - Funkfeuer
- 2011-12-01: Vienna response
- questions answered
- Alternates
- Benedikt: rcvd contact - bladeservers exist, needs further investigations
- Hosting/Housing Provider - Funkfeuer
- Hardware
- alternate solutions
- uli: luxemburg connection, will try 1st week in january
- 2 way path: search sponsors for money, search hardware sponsors
- level after netburst
- sample TK config: 1626.90€ + 117.30€ (1750)
- includes: Intel Xeon 4-Core E3-1260L 2,4GHz 8MB 5GT/s, 16 GB ECC DDR3 1333-RAM, 4x 500 GB SATA II WD Raid
- fund rising project
new hardware -> leasing?
- Definition of Infrastructure Systems
- non-critical infrastructure - monthly costs - 50 Euro/month
- Payments to Funkfeuer - Vienna, AT, maybe a problem ? Ted has to talk to Sebastian
- alternate solutions
- Financing
- contacting secure-u, oophaga started?
- Frank, Mario, Ted, Uli, Sebastian ?
- Secure-u started 2011-12-19, awaiting response
- Oophaga: first contact 2012-02-05
- Fund raising (upcoming projects)
- Hardware and Housing
- starting at Fosdem
- rcpt: money + address to association
- Secure-u: next meeting 2012-01-12, first Thursday per month
- request to secure-u vorstand@, subject: infrastructure separation
- sent 2011-12-18
- Hardware / host funding - 2000 Euro
- starting fosdem
- collected 200 Euro at Fosdem
- Cebit booth funding - 500 Euro
- probably 2 presentations
- Cebit visitors?
LibreOffice booth on Friday
- m: 30, n: 30, d: 50, ma: 30, u: 360
- via secure-u
- Merchandizing ideas
- baseball caps
- cups and lighters
- Hardware and Housing
- contacting secure-u, oophaga started?
- Helping CAcert
- How does recruitment work?
- Newsletters, recuring notifications
Fosdem -> focus on Nucleus events
- Recruitment on events?
Recruitment page eg events/Recruitment, HelpingCAcert, Jobs
- Flyers?
- re-design main page:
- dirk: 3 news, upcoming events
- michael: *
- rss-feed script modification is simple
- main page cms page, login to secure area (portal project)
- public: www.cacert.org
- secure1: www.cacert.org
- secure2: secure.cacert.org
- public: www.cacert.org
Upcoming Event Fosdem 2012
- A3: Logo + volunteers wanted! (Software, Administration, Support)
- A5, A4 with detailed infos
- who?
- A3: dirk
- A4, A5: Software-Developer (php, vbscript), Software-Tester, Triage, Sysadmins
- who?
- Discussion: makes it sense to offer Cheat Sheets?
- experiences from ATEs: most of the Cheat Sheets left after the ATE :-P
- so does it make sense to print A4, A5 detailed infos no one wants to take @home ?!?
- Fosdem 2012: we had A3 logos + volunteers wanted, feedback?
- Ted sent infos for Assurers at events
- Cheat Sheet, first proposal ok
Discovery II a20110118.1 discussion / Permissions Stocktaking
- still running
- who should receive infos? list of appropiate recipients listed in discovery II table
- possible software solutions:
- triggered info mailing eg board-private mailing list + support
- view page with current results (like hidden stats page?)
bug#1003 Provide a possibility to regularly review the permissions in the system
- motion from last board meeting:
m20120122.1 Request permissions stocktaking SQL queries - carried
m20120122.2 Request up-to-date access lists - carried
It is moved that Board or a representative asks the persons responsible for an up-to-date copy of all access lists as specified in the Security Policy §3.4.2 including OA
- see also bug #1003
- Affilates program
- topic for SA? currently not
- planned income projects by CAcert Inc
- new portal (Benedikt, Karsten working on it)
- critical / non-critical systems
- non-critical portal - with login link to critical secure.cacert.org
- cms system: own user base?
- critical system userid includes @, cms userid does not include @
- cms login adding userid from critical system may result in security leak that account data can be collected (MITM)
- critical / non-critical systems
- affiliate link to each event (template)
- addtl. link under main ads
- affiliates program planning
- community project: crypto stick (gooze, validated)
- alternate project: crypto stick (gpf, gpg based) - doesn't relate to the planned affilates program
- CAP Form redesign for upcoming events
- Fosdem
- Cebit
- Chemnitzer Linuxtag
- CAP forms have no bank account infos
- CAP form redesign
- "NEO projects"
- architecture/design (aka Birdshack design)
- signer rewrite
- cabforum, blacklist implementation
- needs a rewrite, protocol isn't that reliable as required/needed
- problems in current design: eg count of days a cert expires will be transfered from client to server
- multiple servers (staging/scaling/load balancing)
- problems in current design: eg OpenSSL and multithreading
- Vendor-Api / New Assurers Portal
- Marcus sent some proposals
- A team is working on a Portal project (Carsten, Marcus)
- Foundations
- dst files for logos
- Google - Summer of Code
http://www.heise.de/newsticker/meldung/Auftakt-fuer-Googles-Summer-of-Code-2012-1428606.html
http://www.h-online.com/open/news/item/Google-Summer-of-Code-2012-announced-1428682.html
- OCSP project? cancled?
- not realy available
- distributed OCSP solution?
- if we want to participate
- present list of projects
- wiki page with project ideas
- fiddle system: which one is current production?
- dev.fiddle.it (works), fiddle.it (doesn't work)
- whats about a sysadmin for this system?
7. next meeting
- Tuesday, March 6, 2012 22:00
Minutes
- summary:
- there are 4 topics of high priority:
- 6.php by dirk
- testing of certs patches
- infos from last weeks test series by uli
- 2nd review of 4 patches
continue BlackJack coding by Michael
- there are 4 topics of high priority:
Fixed Action Items since last or within meeting
Action Items New
Action items: Meeting Action Items