= Minutes Management Sub-Committee meeting 20080121 = Present: teus, iang, 22:30 to 01:00; * next meeting next thursday, 10 days. == Dispute Resolution == * list of names for Arbitration * (manager: Dispute Resolution Coordinator) teus sent email about start of arbitration email list. * Got 2 OK, 2 acks * maillist is up * organigram * '''teus''' to add the new arbitrators to the list and send reminder to others * wiki is updated * and some documentation tree adjustments into the wiki record of arbitrations * added templates * call for ticketing system done. * Roles * for now, people can be Case Managers and Arbitrators at the same time * but not for the same case * idea is to start out as Case Manager and then go up to Arbitrator. * this will will evolve naturally == Assurance == * CATS * 2nd sysadmin, has he been added yet? '''Evaldo''' * launch * '''iang''' ask Ted for some statistics * need to mention that the Assurers will be chopped off * Challenge passed report over to core system, status of that? * implementaton of Challenger-passed mark into the database is pending? * '''teus''' to chase Philipp. * assurer mark for challenge passed assurers * ask sysadmins for this ('''Evaldo''' file bug) * paper certs * was the certificate for "passed the Challenge" or was it "am an Assurer" ? * decision by policy/edu that only the name is the certificate * '''iang''' to ping ted on status here * in US the paper certificate is in big demand * cost of postage is another issue * but Secure-U should pick this up * how do we check who is an assurer? * if a challenge test, * have 100 points, and passing challenge, this is pretty automatic * there is less of a privacy issue here? * '''iang''' let's take it to policy * in principle, we need something * privacy/public status of cert numbers * should declare these to be public * as they cause problems if "private" ... PII as well * propose to policy list * same discussion applies to all other info in certificate * '''iang''' take it to policy? * main system cacert.org never tells you what your internal number is * OA * NL: OA assurer bootstrapping of teus * has been proposed to board * Organisation as OA handler? * '''teus''' to take it to policy * US: Colorado, California, ? no action... * other countries? Teus asked on policy list. * oversight JP? * '''teus''' to chase Jens and ask * in ticketing system? * '''evaldo''' to report status on ticketing systems * AT Austria SubPol has been proposed * comments from a few, including some bounces, * but bounces are not being proposed '''iang''' * review OA subpols that are there * Q for feedback 3 weeks old now * need list of changes * need driver for this * we don't want 50 subpols ... and that's just for the US * maybe we can combine all into Euro subpol * code signing * current consensus/abstract? * policy write up * income base for-profit packages? * Assurance promulgation plan * '''Iang''' to mail systems & marketing groups. * teus wants metadata on the page for the policies. * there needs to be a link from the top page to policies. * CCA is policy now * late arrivals Ayes after last call * 9th of Jan 2008 * agreed that it is approved to POLICY * 3rd WiP of 3pv-DaL for vendors * no priority now * teus asked for add recursive arrangements (noted in WiP) * Exceptions: * Other CA policy needs to have Tverify page moved across into a SubPol * discuss this in m-sc with Evaldo, need to get the old scattered secret policies into their new homes * Junior Assurer needs to have a SubPol started, in discussion on policy * Identity versus Arbitration * need for DOB, ongoing discussion * DOB is approximately like an SSN, as an analogue * is used internally as a discriminator, not externally, and there is already the email address as internal discriminator == Systems == * NL move * USB link cable on their way -- unknown '''teus''' to chase * new interest of volunteers: Xs4all, NLnet Labs, Medison, ... * NLnet Labs is around 6 people: DNSsec, IPSec, IPv6, VoIP (security on SIP), RFC work * create systems committee * Evaldo compiles req list * need closed group nomination policy? * alternate plan C project cacaca * lots of interest * AT Comp++ * Less from NLnet Labs (full now with trainees) * Nothing from Tix, will chase * 2 Unis? * enough Evaldo to get some firm interest from '''Evaldo''' * 1st March? 3 month stay, dates, info from consulate * flight: CAcert 1k * spending costs: 1k * food & board: ATC (or sponsor). * some spending stipend from sponsor. * in exchange for courseware, need to negotiate that with ATC. * a one year exclusive for Holland * inform ted about the progress, bring him into the loop, '''teus''' to mail ted * in discussion with others, JJ @ NLL and FC @ MK and xxx@xs4all * we have to build the teams at the same time * rudi, i, ... on embedded signing server * admin team: Daniel (takes up), Ted, michael ??? * Daniel set up info@cacert.org, signal that there is something. * what is this, '''Evaldo''': bill to CAcert * Teus+Evaldo: should bill, submit? * check OCSP/CRL distr systems (Philipp request) * not clear what check is required * outline of concerns by '''Evaldo''' to M-SC * '''iang''' to talk to Pete S * are these critical systems? * nothing much on them * DOS for revocation checking * certificate could be used for a social engineering attack * '''teus''' chase philipp with questions * why are these being distributed now and not being run on our NL machines??? * Tix active monitoring/changing issue * question raised by Tix to go transparent or filtered? * was from Oophaga to Philipp * happened around the time of Philipp looking at RBL list * at that moment, Tix made an error ... caused an event call * The answer from Philipp was to continue the RBL active work * issue raised 17th november call # 01225785 * as a result, RBL was turned off, but there are other aspects * gate.cacert.nl is doing the reply * gate.cacert.nl cert * '''teus''' to ping the support people and brief them * rumour that Philipp is no longer doing support and is looking for others to do the task -- need to check == House Style == * refer to list of decisions by board, posted by Teus. * new logo incorporation still not done (2 months now) * new style in web pages (2 months now) * new style development for wiki, blog * advertisement handling * google also now in wiki * text ref only now on main web page * buttons & logo's * cert button == Admin == * organigram wait for M-SC comments * update in wiki * '''evaldo''' is this ok!!!??? * need confirmation from m-sc before publication! * overview of decisions taken * in wiki now: AGM, M-SC * policy has started to record the decisions * ask Evaldo for additional permissions for all board members to write on the board decisions page * tracking system for policy progress? * wiki pages update * teus to write to Sebastian Documentation Officer * more people to help == Audit == * DRC-A, DRC-B are * audit.cacert.org is up and running * https://audit.cacert.org/drc/browser.php * need to drop the insistence on CAcert certificate being installed * workplan for auditor, '''teus''' * teus to respond to audit proposal * start requires move + dual control * teus to talk it over with Greg * security manual * Pat made chapter outline, some feedback from Ian and Philipp, is in progress * Pat is external to CAcert or one of community (CCA)? * '''iang''' to ask. * MoU for NLnet funding signed by parties * need announcement press release, but defer this until after agreement with auditor is reached * documents now on website * m-sc decision to remove the older HTML discussion document because it is completely replaced by the PDF. * '''audit can only restart when systems are completely moved to NL''' == Policies == * on website, need some wrap up * Sebastian's criticism * OfficialDocument changes * recent POLICY votesom == Committee meetings == * schedule 3 month period for wrap up decisions taken by email * evaldo/teus chase up board * get email decisions into wiki * AGM minutes need board review is now on wiki * if we get Evaldo/cacacha then talk to Greg and to Robert about a meeting == M-SC finances == * need 2008 budget request to sent to Robert ---- . CategoryPolicy . CategoryAssurance . CategoryArbitration . CategoryAudit