= Management Sub-Committee meeting 20080317 = * Present: teus, evaldo, iang * schedule next meeting: Thursday 27 March 2008 == Dispute Resolution == * emaillist of case managers and arbitrators, no news * any cases? * one indicated from MS, iang chased, no action. * CeBIT Jens: any news on whether on-the-spot-arbitrations would have been useful at CeBIT? == Assurance == === Policy list work === * '''teus''' to give overview of current issues and status. * OA, M-SC has taken the lead for OA. Pending in AT 1, US 3, AU 1, CH 2, SE 1 * CH is stalled. Teus is chasing... * OA AT: sub-pol is in draft. p20080310 should be recorded? * OA USA: GS, GM + RJ will do next step including Europe+Mexico * OA AU: RC proposed subpol end discussion 19 March, 20080326 March. * AU COAP needs dns record discussion. * Evaldo to check the AU subpol * feature request for DNS control check? '''evaldo''' to chase OAP (main one, not subpol): * countries/areas which have no OAs nor a subpol * board agrees to the task * teus, guillaume has mailed to policy group * policy on OA in "empty" areas proposed 14 March * '''teus + iang''' to check the posts * how do we check who is an assurer? * now CATS passing-marks are in the database is easier * overall question still stands for the Assurance process * privacy/public status of the information in the certificates * cert numbers * name * DPA issue policy discussion: DoB drop request, rumbles on * DoB is in debate and call for vote to drop DoB in 19th of March * need for DOB, proposal to drop DOB from database (i Naye, 2 Aye) * dropping the DOB ''and'' making all cert info as "public" means practically all DPA/PII data disappears. Big win! * make this claim on the policy list... * code-signing policy * TH made proposal to [policy] for basic claims plus optional claims * code-signers enter into a contract * modelled after the Creative Commons concept * need to chase it: '''Teus''' still * code signing: proposed signer agreement and signer statements/claims Then policy write up * Dutch DPA authority statement that it is forbidden to copy passports * do all passports copies need to be dropped? * what about old Assurers? * some very early Assurances were "send photocopy to CAcert Inc" ... what to do? * '''Teus''' announced this decision to policy list:. * need to announce to all Assurers to destroy * need a dispute filed to ask Arbitrator to order all passports copies to be destroyed. (i) Assurers, (ii) CAcert Inc., (iii) support IMAP mailbox. * policy question is whether to delete and drop any and all requirements. '''Teus'''. * board question is whether the board decides to unilaterally drop their copies and their requirements. * priority is not high, but we need to progress the question * add a CATS question, when we have a result * related question: Identity Numbers (passport numbers, identity card numbers) were and are being written down on CAPs. * Tverify ==> subpolicy for other CA's members. * Tverify needs subpol to be written, on ToDo. * TTP * need a subpolicy (propose a new policy) proposed no discussions seen, on ToDo. * Junior Assurer, below 18 years of age * need a subpolicy for Junior Assurer * there are about 30 or so... * 10 points allocatable only. * Senior Assurer, people who have reached 150 or beyond? * need to drag out the wip doco and think about it * Policies now linked directly from main page * php and wiki list to compile for text changes due to policies * new e-mail cert form request php id * new certificate request page text * translation is an issue * translingo is back but still a good idea to move to rosetta? === CATS === * 2nd sysadmin, has he been added yet? * '''Evaldo:''' Add Ted. * Evaldo is changing the test system, when changed, can bring in new sysadms * Current server goes down soon, new server is online. * Sonance requests one VM for DNS/mail failover. * can over the same in return * Bernhard has reported: ''for those interested in such things here is a current status of CATS:'' * 341 different certificates have passed tests (ask Sourcerer how many different users, I'd guess more than 300) * Since CeBIT (about 100 tests on CeBIT saturday!) there have been 5-10 passed tests per day * I have created about 150 documents for passing the test, including 27 printed ones * The passed results are already imported into the CAcert database * User interface for viewing passed tests is in code review * Admin interface and other related code changes are in (slow) progress * The great majority (>90%) of users who have requested a document have been german speaking (DE/AT/CH). Only about 5 non european Assurers (judging from email adresses)... * need to mention that the Assurers will be chopped off * Teus: how many Assurers have 150 points? Ask Philipp. * how many Assurers are active today? In the last 6 months? * if number of active Assurers (last year) is N, then 25% should have it before we impose a deadline. * Ted to chase PR? Ask Ted whether he can ask Greg + Henrik to generate some PR? * Challenge-passed * report over to core system, status of that? * '''iang''' to chase: * implementaton of Challenger-passed mark into the database is pending? * teus reminded Philipp. * assurer mark for challenge passed assurers * ask sysadmins for this http://bugs.cacert.org/view.php?id=499 is progressing: Current status: * Import interface (CATS->CAcert DB): In code review * User interface (showing passed tests in CAcert account): Coding with low intensity * Admin interface (modifying results): pending === Other === * Assurance promulgation plan * main web page has been updated * logo is in * housestyle adoption is pending, johan needs access to test system, '''evaldo''' to chase? * teus wants metadata on the page for the policies. * on the todo list * Changes * Principles should be somewhere too * these are recorded as task on RolloutCommunityAgreement == Systems == * new team members * Evaldo to present list * several prospects for non-critical servers, positive * [[CharlieGarrison]] * Nagy (hungarian) * Matthijs M * ishbir * Jacob S * amessina * premrara * kim H * shaun L. * thomas w (association member) salzburg * Sam J (SAGE, google apps) * questions (however brief) for 20080326 * proposal for new non-critical members for 26th * agreement on 29th by M-SC+pg * Cachaca project drafted: to be decide: * need speed. * philipp is back from link protocol * need to assess amount of time he has available * NL team will need 2 people in sysadm team to meet dual control criteria * request for costs is implied * preparations in Brazil, in "production with test systems" * had got close, but disks got reallocated * starting again, but this time with documentation * doco not yet published * should be part of the security manual * remote work? how to do the reboot remotely? * prepare the kvm before flight? * Plan proposed to board??? * M-SC decision is to build the team to move the system to Netherlands. * Evaldo is to start that team. * Philipp is providing the software to Evaldo. * incorporate tonight's changes, circulate plan, and then send plan to board. '''iang''' == Admin == * Funding * from Audit Project? * AtC funding needed? * NL move * USB link installed, serial line was also requested by PG * interest of volunteers: JJ (NLnet Labs) proposed, Medison (pending) * no interest seen: old email from PG with some names. Need to chase. * create systems committee * Evaldo compiles req list '''For systems sub-committee? We said it is not exactly needed''' * need closed group nomination policy? * bounce back ideas and create a proposal to board: '''all''' * link * serial not on Suns * Spare Tunix firewalls PC has them * or use USB, or use Ethernet, device nodes available? * software * decision taken by board sw to go to EG * familiarisation with sw is started * Some pieces are already sent, missing many pieces still, but probably able to create a working set with the available data already * Virtual machine with signer is installed, missing OpenSSL profiles * Virtual machine with web application is in progress, missing some bits and pieces * Support team * new member was discussed (problems: not assurered, possible conflict of interest with his work) * notify ggr + rob of situation: done, Member not invited. * admin team: Daniel, Ted, Michael ??? * check OCSP/CRL distr systems (Philipp request) * not clear what check is required * outline of concerns by Evaldo to M-SC: * '''a CRL distribution point that is NOT UP TO DATE is a big denial of service on revocation (unable to properly revoke and send the message out)''' * '''a bogus OCSP server can declare legitimate certs revoked, and vice versa''' * '''Even if we decide to remove a DNS entry for the bad servers, DNS caching might hurt us''' * PG asked for status. * iang to talk to Pete S * are these critical systems? * nothing much on them * DOS for revocation checking * certificate could be used for a social engineering attack * teus chase philipp with questions. Done. * OCSP/CRL usage stats: 5000 p/mnth (PG) * outage stats OCSP routing: 25 mins/mnth (98% uptime) (PG) * getting sources up and available * good to get the board to finalise the licence under which the source code is to be issued. * agreed that CAcert is to own the full rights, as per the FSFE tfr agreement * proposal to board to be written up on that basis '''iang''' * '''iang''' to review GPL[23] again :( == House Style == * new logo is in * web style has not been incorporated ... (promised first week Febr) to be incorporated. * No action caused ripple effect for events. New request on 13th of March with one week to results. * request for access on test system by Johan. Also on 13 March email to support. '''evaldo''' to chase * advertisement handling (teus: status unknown) * cert button (teus: status unknown) == Admin == * organigram wait for community comments ends on 1st of March. * '''Evaldo''' to review. * email lists / aliases for offices. Names / offices to be sync'd. Still to do. Wiki needs to be updated. * leave it as it is for now, pending the systems changes. * progress on tracking system: none found as yet. * wiki pages update in progress by M-SC (!?) * more people to help for doco * now in svn: Doc Policy work-in-progress, early stage, not near to DRAFT == Audit == * workplan for auditor, teus * MoU with Ian is in place. * start real audit requires '''NL move + dual control''' * preparations * policy Assurance Policy * press release * rollout plan: policy progress * where we are now, write statement of where we are * look at the report sent to board in around January. * rewrite this for up to date comments, plus the needs in the MoU. * add bullet that MoU is now in effect, has ramifications * timeline, operations. * defer discussion until we have had a chance to review the MoU. * look for MoU and get it to the SVN. * security manual * NLnet-MoU * need announcement press release, but defer this until after agreement with auditor is reached * RC received first 9K * documents now on website * real audit can only restart when systems are completely moved to NL Need date (Cachaca project and/or PG last trial; GP seems to be stalled on serial/link protocol. * need link from main web site to audit pages. == Committee meetings == * Cmtee met 29th Febr 2008. Minutes and decision list is updated on wiki [[Board/Minutes/20080229]] * AGM and board minutes need (board) review * iang has now read the minutes, '''and will review them again!''' == Assurance Events == * Need CeBIT report (Jurgen/Mario) == CAcert Associations == * Policy on Foundations and Associations: to be updated * introduce it to the policy list * secure-u commitments, still pending, still under negotiation * for example, funding earmarked for CAcert should be controlled by CAcert (board notice?) * if local funding is raised locally how to get properly in control of CAcert? * finances for meetings * non-profit issue raised * needs a change of CAcert Inc. by-laws * SGM called on 4th April for Association * mail has gone out to members of the Association * within 3 weeks so it is enough notice to change the rules * is in hand * board asked M-SC to do the preparations for the AGM * date: 20081107 23:00 MET. == PR / Marketing == * flyers/CAP/COAP, CCA printouts, sources * presentations in svn tree * need overview of events in wiki == M-SC finances == * finances for meeting travel * equipment funding?