= Minutes Management Sub-Committee meeting 20080121 =
Present: teus, iang, 22:30 to 01:00;
* next meeting next thursday, 10 days.
== Dispute Resolution ==
* list of names for Arbitration
* (manager: Dispute Resolution Coordinator) teus sent email about start of arbitration email list.
* Got 2 OK, 2 acks
* maillist is up
* organigram
* '''teus''' to add the new arbitrators to the list and send reminder to others
* wiki is updated
* and some documentation tree adjustments into the wiki record of arbitrations
* added templates
* call for ticketing system done.
* Roles
* for now, people can be Case Managers and Arbitrators at the same time
* but not for the same case
* idea is to start out as Case Manager and then go up to Arbitrator.
* this will will evolve naturally
== Assurance ==
* CATS
* 2nd sysadmin, has he been added yet? '''Evaldo'''
* launch
* '''iang''' ask Ted for some statistics
* need to mention that the Assurers will be chopped off
* Challenge passed report over to core system, status of that?
* implementaton of Challenger-passed mark into the database is pending?
* '''teus''' to chase Philipp.
* assurer mark for challenge passed assurers
* ask sysadmins for this ('''Evaldo''' file bug)
* paper certs
* was the certificate for "passed the Challenge" or was it "am an Assurer" ?
* decision by policy/edu that only the name is the certificate
* '''iang''' to ping ted on status here
* in US the paper certificate is in big demand
* cost of postage is another issue
* but Secure-U should pick this up
* how do we check who is an assurer?
* if a challenge test,
* have 100 points, and passing challenge, this is pretty automatic
* there is less of a privacy issue here?
* '''iang''' let's take it to policy
* in principle, we need something
* privacy/public status of cert numbers
* should declare these to be public
* as they cause problems if "private" ... PII as well
* propose to policy list
* same discussion applies to all other info in certificate
* '''iang''' take it to policy?
* main system cacert.org never tells you what your internal number is
* OA
* NL: OA assurer bootstrapping of teus
* has been proposed to board
* Organisation as OA handler?
* '''teus''' to take it to policy
* US: Colorado, California, ? no action...
* other countries? Teus asked on policy list.
* oversight JP?
* '''teus''' to chase Jens and ask
* in ticketing system?
* '''evaldo''' to report status on ticketing systems
* AT Austria SubPol has been proposed
* comments from a few, including some bounces,
* but bounces are not being proposed '''iang'''
* review OA subpols that are there
* Q for feedback 3 weeks old now
* need list of changes
* need driver for this
* we don't want 50 subpols ... and that's just for the US
* maybe we can combine all into Euro subpol
* code signing
* current consensus/abstract?
* policy write up
* income base for-profit packages?
* Assurance promulgation plan
* '''Iang''' to mail systems & marketing groups.
* teus wants metadata on the page for the policies.
* there needs to be a link from the top page to policies.
* CCA is policy now
* late arrivals Ayes after last call
* 9th of Jan 2008
* agreed that it is approved to POLICY
* 3rd WiP of 3pv-DaL for vendors
* no priority now
* teus asked for add recursive arrangements (noted in WiP)
* Exceptions:
* Other CA policy needs to have Tverify page moved across into a SubPol
* discuss this in m-sc with Evaldo, need to get the old scattered secret policies into their new homes
* Junior Assurer needs to have a SubPol started, in discussion on policy
* Identity versus Arbitration
* need for DOB, ongoing discussion
* DOB is approximately like an SSN, as an analogue
* is used internally as a discriminator, not externally, and there is already the email address as internal discriminator
== Systems ==
* NL move
* USB link cable on their way -- unknown '''teus''' to chase
* new interest of volunteers: Xs4all, NLnet Labs, Medison, ...
* NLnet Labs is around 6 people: DNSsec, IPSec, IPv6, VoIP (security on SIP), RFC work
* create systems committee
* Evaldo compiles req list
* need closed group nomination policy?
* alternate plan C project cacaca
* lots of interest
* AT Comp++
* Less from NLnet Labs (full now with trainees)
* Nothing from Tix, will chase
* 2 Unis?
* enough Evaldo to get some firm interest from '''Evaldo'''
* 1st March? 3 month stay, dates, info from consulate
* flight: CAcert 1k
* spending costs: 1k
* food & board: ATC (or sponsor).
* some spending stipend from sponsor.
* in exchange for courseware, need to negotiate that with ATC.
* a one year exclusive for Holland
* inform ted about the progress, bring him into the loop, '''teus''' to mail ted
* in discussion with others, JJ @ NLL and FC @ MK and xxx@xs4all
* we have to build the teams at the same time
* rudi, i, ... on embedded signing server
* admin team: Daniel (takes up), Ted, michael ???
* Daniel set up info@cacert.org, signal that there is something.
* what is this, '''Evaldo''': bill to CAcert
* Teus+Evaldo: should bill, submit?
* check OCSP/CRL distr systems (Philipp request)
* not clear what check is required
* outline of concerns by '''Evaldo''' to M-SC
* '''iang''' to talk to Pete S
* are these critical systems?
* nothing much on them
* DOS for revocation checking
* certificate could be used for a social engineering attack
* '''teus''' chase philipp with questions
* why are these being distributed now and not being run on our NL machines???
* Tix active monitoring/changing issue
* question raised by Tix to go transparent or filtered?
* was from Oophaga to Philipp
* happened around the time of Philipp looking at RBL list
* at that moment, Tix made an error ... caused an event call
* The answer from Philipp was to continue the RBL active work
* issue raised 17th november call # 01225785
* as a result, RBL was turned off, but there are other aspects
* gate.cacert.nl is doing the reply
* gate.cacert.nl cert
* '''teus''' to ping the support people and brief them
* rumour that Philipp is no longer doing support and is looking for others to do the task -- need to check
== House Style ==
* refer to list of decisions by board, posted by Teus.
* new logo incorporation still not done (2 months now)
* new style in web pages (2 months now)
* new style development for wiki, blog
* advertisement handling
* google also now in wiki
* text ref only now on main web page
* buttons & logo's
* cert button
== Admin ==
* organigram wait for M-SC comments
* update in wiki
* '''evaldo''' is this ok!!!???
* need confirmation from m-sc before publication!
* overview of decisions taken
* in wiki now: AGM, M-SC
* policy has started to record the decisions
* ask Evaldo for additional permissions for all board members to write on the board decisions page
* tracking system for policy progress?
* wiki pages update
* teus to write to Sebastian Documentation Officer
* more people to help
== Audit ==
* DRC-A, DRC-B are
* audit.cacert.org is up and running
* https://audit.cacert.org/drc/browser.php
* need to drop the insistence on CAcert certificate being installed
* workplan for auditor, '''teus'''
* teus to respond to audit proposal
* start requires move + dual control
* teus to talk it over with Greg
* security manual
* Pat made chapter outline, some feedback from Ian and Philipp, is in progress
* Pat is external to CAcert or one of community (CCA)?
* '''iang''' to ask.
* MoU for NLnet funding signed by parties
* need announcement press release, but defer this until after agreement with auditor is reached
* documents now on website
* m-sc decision to remove the older HTML discussion document because it is completely replaced by the PDF.
* '''audit can only restart when systems are completely moved to NL'''
== Policies ==
* on website, need some wrap up
* Sebastian's criticism
* OfficialDocument changes
* recent POLICY votesom
== Committee meetings ==
* schedule 3 month period for wrap up decisions taken by email
* evaldo/teus chase up board
* get email decisions into wiki
* AGM minutes need board review is now on wiki
* if we get Evaldo/cacacha then talk to Greg and to Robert about a meeting
== M-SC finances ==
* need 2008 budget request to sent to Robert
----
. CategoryPolicy
. CategoryAssurance
. CategoryArbitration
. CategoryAudit