Committee Meeting 2022-06-02

The meeting will take place at 18:00 UTC in the IRC channel #board-meeting on the CAcert IRC network.

The committee changed the starting time of its monthly meeting. To not get lost, please click on the linked time 18:00 UTC above to see the time in your local time.

Feel free to add a business item within the acceptance period of 48 hours or your question to the board below. Non-committee members: the committee may choose to convert any business proposed as a question in the questions section.

Agenda

Signs that appear in the agenda
<!> Formulated motion on your topic. It will be put to the vote. Adjustments may be made before the vote. A motion must be submitted for resolutions!
{i} Information for your attention. Does not need to be explained or discussed at the meeting. Purpose: Everyone is up to date.

  1. Preliminaries
    1. Chair opens the Committee Meeting
    2. Who is making minutes? ### (Writing minutes in real time)

    3. Chair asks whether cacert-board-private or cacert-board maillist includes any items that need to be disclosed to Members.

    4. Accept minutes from 7.4.2022 <!> "I move to accept the minutes of the committee meeting of 5th of May 2022."

  2. Business D R A F T

    Acceptance of new business items no later than 48 hours before the start of the committee meeting!

    1. Quick decisions
      1. <!> Maybe* "I move to accept the background check for Gero T." (*the BGC is under way, decision can be taken if it arrives before the meeting, if not, decision to be taken on July 7th)

    2. Quick infos
      1. {i} CCA update has been initiated. (ad new IBAN in Feb, review in March, sent in spring after new firewall installed) XXX ANP. NACH ANTW D.A: XXX

      2. {i} Tax exemption: on the way

    3. Finance team (Michael)

      1. Question to Secretary: What is the status of the Treasurer's access to our Bank Account? There are outstanding transactions that must be made, and can not be until he has that access.
      2. New ERP: Info: State of affairs
    4. Board Member Access to services
      1. Several Board Members do not yet have access to various essential CAcert services, such as Wiki Editing.
        1. Who needs what access, and what is the progress on providing that access? see here

    5. Hosting Expense and CRL
      1. In our most recent bill from BIT, they charged us for excess usage, which they have never done before. Critical Team reports that the excess is largely, or completely, due to the downloads of the CRL data ( 9+Meg per transaction ).
      2. In the past, Critical Team has recommended that the CRL data be hosted elsewhere, but still under the control of Critical Team.
      3. Discussion
      4. <!> Motion: ........

    6. OpenID Connect (Brian) (integration / what is done / what will be done until end of year / Board asks whether there is anything that they can do to assist)

      1. At present, there is a need for people who are willing to edit and create appropriate documentation for various audiences. --> involve partner organisations? e.g. via mailing list (Linux Australia comes to mind, also x, y, z?)

      2. Update
        1. A message was sent to the mailing lists CAcert and CAcert Board Public, with no response at this point.
        2. Messages were sent to other Linux organisations, with similar lack of response.
        3. Does the Board feel that I (Brian) should mention payment when I repeat our call for volunteers, since there has been no response to the first message?
        4. It has been recommended that I (Brian) proceed with completing the coding, and ask for volunteers again afterwards. I will do so.
    7. Future of secureU e.V. (Information)
      1. {i} What happened in the last weeks?

      2. Something to discuss?? next step(s) ??
    8. Background Check (Ted)

      1. {i} BGC for Gero: Interview happend (by Ted&Etienne), report will be sent to committee soon.

      2. {i} BGC for Peter is initated. (date searching; Interview by Ted&Egal)

      3. {i} BGC for Kim, Matthias and Sascha are initated. (address transfered to BGCer)

    9. Events
      1. Froscon https://www.froscon.org

        1. CAcert @ Froscon: https://wiki.cacert.org/Events/FrOSCon2022

        2. Call for papers (dead line: 12 June 2022 - one focus is identity) https://www.froscon.org/en/cfp/cfpapers/

        3. Project presentation (dead line: 12 June 2022) https://www.froscon.org/en/cfp/cfprojects/

    10. New CSR software (Ted)

      1. Brian and Dirk have been looking at possible updates for this software. There appear to be two current options, one from Jan.
    11. Software reviews
      1. {i} Thank you for the contributions at https://nextcloud.cacert.org/apps/files/?dir=/CAcert%20board/Work%20products&openfile=5961 It will be used for the upcoming mailings. The secretary will update the original in the wiki: https://wiki.cacert.org/engagement

    12. Remote Assurance (Brian)

      1. {i} Discussion in Policy Group is refreshed https://lists.cacert.org/wws/arc/cacert-policy/2022-04/msg00000.html

      2. Create a remote assurance sub committee (RASC)
      3. {i} Brian envisaged writing a version of the "modified" Policy paragraphs, and post that to Policy Group.

        1. Dirk reported that Eva, in conversation, offered to work on this, but not before late June, at the earliest.
    13. Hardware renewal plan (Michael)
      1. {i} The committee will take time to discuss the equipment renewal proposal, brought forward by Michael, when he is present.

      2. {i} Dirk planned to replace the broken alix-board (10/100) to apu-board (1 Gbps) for firewall fw02 within the next two weeks, and perhaps the second firewall next time he visits Bit in May. Reports!!

      3. {i} Frederic proposes to go with Dirk to Ede at BIT in May, to mount an extra processor and its cooler on the server Brent gave us, which is now running as Infra03. Dirk proposes to take advantage of Michael's presence in Europe in May, to visit BIT together. Update!!

      4. Who is taking care of this project?
      5. Who will start to write a draft?
      6. Critical Team recommends that an HSM module be purchased soon to upgrade the operations of CAcert's signer, which is far out of date.
  3. Question Time

    Questions from CAcert.org community members can be added until beginning of committee meeting! As well questions can be asked at "Question Time", without added question here.

    1. "Question One." added by Your Name Comment: Replace "Question One" by your Question and add your name

      • ..
    2. Closing
      1. Agree on date of the next Committee Meeting: 7. July 2022
      2. Agree on the following meeting dates: 4. Aug. 2022, 1. Sept., 6. Okt., 3. Nov. 2022 (keep date free, can be changed if necessary)
    3. To remember: Goals 2021/2022 (propositions by board 2020/2021) - Each goal needs a responsible person on the board who keeps an eye on it and reports regularly, keeps in touch with the responsible people.
      • push OrgA (Guy)
      • expand PR (Alex cannot do this, wants to hand over)
      • support SecureU (find an active board member for them in Germany)
      • expand background check
      • simplify the certificate creation (this enables the start of various projects from the pipeline)
      • remote assurance, if accepted by the community;
      • software development and testing
      • delivering the OpenID Connect integration, for which CAcert is funded by the RIPE NCC.
    4. Not to forget: Staffing the teams
      1. Applicants to the Infrastructure team
      2. Applicants to the Development team
      3. Applicant to the Critical team

  1. Access to local systems for board members

Person

Board-Private

Committee Archive

Wiki

Nextcloud

Brian

(./)

(./)

(./)

(./)

Etienne

(./)

(./)

(./)

(./)

Frédéric

(./)

(./)

(./)

Admin

Kim

(./)

(./)

<!>

(./)

Michael

(./)

(./)

<!>

(./)

Sascha

(./)

(./)

(./)

Admin

Wacław

<!>

(./)

<!>

?

1. Tasks assigned to Board Members and others

Person

Task

Deadline

Other People Involved

Notes

Brian

Contact QA/QC Volunteers

10 January 2022

Gero Treuner, Peter Nunn, others?

To begin work, they do not need ABC.

Brian

bla

2022

xxx

xx.

Brian

bla

2022

xxx

xx.


  1. Software Team
    1. Issue 1502: Adapt the UI at CAcert.org to deal with the "keygen" feature having been removed in browsers

    2. Issue 1482: Limit validity period of new HTTPS certificates to one year

    3. Issue 1444: PHP - Brian

    4. Issue 1417: Keygen / new CSR software - Bernhard

  2. Organisation Assurance
    1. How to relance OrgA? (Guy)
  3. Grant applications
    1. Protopype Fund https://prototypefund.de/en/ (mail to SW Board only)

      1. The Prototype Fund is a project of the Open Knowledge Foundation Germany, funded by the Federal Ministry of Education and Research (BMBF). This is for residents of Germany only. We could create a group of people that work on a project for CAcert (with all support of the others in the background). It runs for two more years, every 6 month.
      2. Infra does not see any acute need at the moment, and does not have the capacity to provide qualified support.
      3. There are some ideas for software, but in infra's view there is still a lot of conceptual and preparatory work missing. What Infra could imagine is financing people to carry out a requirements analysis and write a requirements and test specification. This could then be used as a basis for a new implementation of the CAcert software (WebDB, Signer and perhaps other things like CATS). But these are just a few ideas of JanDD and he cannot currently recommend any people who would be suitable for this. Potential candidates would have to deal intensively with the existing software on the one hand and with the underlying policies on the other, and would have to identify a lot of missing information, ask for it and make assumptions for discussion. This requires very good analytical and communication skills and a high level of stamina.
  1. Blockchain
    1. see here: https://wiki.cacert.org/Brain/CAcertInc/Committee/MeetingAgendasAndMinutes/2018-03-01/ideas#Blockchain (waiting for answer from IanG)

Minutes Committee meeting - 2022-06-02

Participants

Members of the Committee:

Present, by alphabetical order

Brian McCullough

Etienne Ruedin

Kim Nilsson

Michael Richardson

Sascha Ternes

Absent or silent, by alphabetical order

Frédéric Dumas

Wacław

Members of the CAcert community and other guests

Having been active during the meeting, by alphabetical order

Aleš Kastner

Dirk Astrath

Committee meeting - 2022-06-02

1.1 Opening

Brian (Chair) opened the meeting at 18:16 UTC.

1.3 Chair asks whether cacert-board-private or cacert-board maillist includes any items that need to be disclosed to Members.

1.4 Etienne moves to accept the minutes of the committee meeting of 5th of May 2022. Accepted.

2. Business

2.1 & 2.2 has no info so chair moves on.

2.3 Finance team (Michael)

2.3.1 Chair asks Etienne about the timeframe for giving the treasurer (Michael) access to the CAcert bank account. Etienne explains he is severely hampered to conduct CAcert related things during business hours, making it hard to communicate with the bank.

2.3.2 Frederic absent. Moving on.

2.4 Board member access to services

2.4.1 Kim & Michael don't have Wiki Edit

2.5 Hosting Expense and CRL

2.5.1/2 It is suggested to move CRL hosting elsewhere.

2.5.3 Dirk explains why cost had increased (too much bandwidth, >20Mbit/s) with most traffic from crl.cacert.org. Michael suggests serving the content from S3 or Cloudflare. Dirk mentions there's a copy of crl.cacert.org on Contabo. Dirk reminds everyone that since the content is signed, it can basically be served from anywhere, and anyone. Michael feels it's better for CAcert to serve the crl, to manage availability.

Kim asks about, and Dirk confirms that crl.cacert.org is currently offline. To not incur cost, since it's not bandwidth limited yet.

Dirk explains that BIT doesn't charge extra for traffic below 20Mbits/s, no matter the amount.

Moving the crl to other service isn't costly, nor difficult, as it's mainly a change of DNS. (And of course setting up the new web server.)

Ideas how to best proceed are discussed. Setting up a second CRL server outside of BIT is said to be the fastest way to get the CRL online again, and might be good as a backup server in the future.

2.5.4 Brian moves that Critical Team be authorised to create additional servers, under the control of the Critical Team, to host and serve crl.cacert.org.

Aye: Brian, Kim, Sacha, Etienne

2.6 OpenID Connect Project

2.6.1-4 Brian will complete coding and ask for volunteers to document when there is something to test.

2.7 Future of secureU e.V

Dirk relays that Michael didn't meet Mark O, but all busniess should be possible remotely/digitally.

Dirk asks if the BIT contracts came through, and if not, perhaps Dirk himself could do it on behalf of CAcert on his next trip to BIT?

Kim suggests Michael emails/calls Mark O to initiate the digital contract process.

2.8 Background check

2.8.1-3 Etienne awaiting respons from Gero about report. Etienne explains that the report is sent by the person checked. Other BGCs initiated.

2.9 Events

2.9.1-3 Froscon - Etienne has emailed cacert-de list and Froscon, and suggests "someone should ask for a table before 12 June". Dirk says he has access to all event material (rollup, CAPs) stored in Velbert. Seems Dirk is definitely going to attend. Etienne asks Dirk to try to reach out to Alexander Bahlo. Dirk will reach out to Joost also. Maybe someone can show something about OpenID.

2.10 - 2.12 Nothing much to report.

2.13 Hardware renewal plan

2.13.2 Dirk is doing actual replacements: fw02 replaced in April. fw01 died, and a new apu-firewall will replace it, and will have bandwidth restriction possible. fw02 will also get that eventually. sun3 will be replaced with a Pi4, and webdb will be moved from sun2 to sun1.

Dirk relays that Ales and Kim had discussed incompatibilities with CAcert's S/MIME certs, a discussion that grew exponentially in the Telegram group, where many suggestions were made to improve compatibility of future subordinate certificates, and for that it was discussed to replace/add HSM hardware.

2.13.6 Critical Team recommends that an HSM module be purchased soon to upgrade the operations of CAcert's signer, which is far out of date.

Brian/Chair, Kim and Sasha agrees. Brian will craft an offline motion and submit to the voting machine. Etienne supplied the URL to it, https://motion.cacert.org

3 Question time

3.1 Bug 1540

Dirk explains that Ales and Kim detected some issue with the resigned class3-certificate, confirmed by Jan, so it may be necessary to do the class-3-resigning again during the next visit. Also, structure of certificates need to be adjusted to closer match industry standard.

Brian/Chari confirms, after asking around, that it is the consensus of the Board that Critical Team re-sign the class 3 certificate as soon as possible.

Dirk reminds board to should add AGM-prepation to the next agenda. Brian will fix that.

3.2 Next committee meeting 7 July 2022.

Brian/Chair closes meeting at 20:46 UTC.

Logfile

Logfile from meeting 2022-05-05

Motions

Actions

Who

Status

Action

Minutemaker

wip

prepare Agenda and Minutes for the next meeting

Brian

Software meeting

every 2 month

Secretary

bank

accounts, contact with treasurer


Brain/CAcertInc/Committee/MeetingAgendasAndMinutes/2022-06-02 (last edited 2022-06-03 06:33:49 by EtienneRuedin)