Committee Meeting 2024-02-01 19:00 UTC

The meeting will take place at 19:00 UTC at https://meet.jit.si/cacert If you do not have audio channel, you may try in the IRC channel #board-meeting on the CAcert IRC network.

Feel free to add a business item within the acceptance period of 48 hours or your question to the board below. Non-committee members: the committee may choose to convert any business proposed as a question in the questions section.

Agenda

Signs that appear in the agenda
<!> Formulated motion on your topic. It will be put to the vote. Adjustments may be made before the vote. A motion must be submitted for resolutions!
{i} Information for your attention. Does not need to be explained or discussed at the meeting. Purpose: Everyone is up to date. (max. 10 seconds) (!) Discussion topic with or with no decision.

  1. Preliminaries one
    1. Chair opens the Committee Meeting
    2. Who is making minutes?
    3. Chair asks whether cacert-board-private or cacert-board maillist or Threema chat or Telegram group includes any items that need to be disclosed to Members.

    4. <!> Accept minutes from 4. Jan 2024 <!> "I move to accept the minutes of the committee meeting of 4th of Jan 2024."

  2. Business
    1. Decisions
      1. <!> TTP Assurer Nominations
        see liste of candidates: https://wiki.cacert.org/TTP/TTPadmins#TTP_Assurers_.28active.29
        "I move that board appoint xxxx as TTP assurer."

    2. OpenID
      issue: alpha or beta version available
      who: Brian, +?
      what help needed:
      next step: (do we know someone who could get a hand to be asked directly?)

    3. ERP / other tool
      issue: install, following plan
      who: Frédéric G, Etienne
      what help needed:
      next step: Frédéric will propose a tool for accounting and members list

    4. {i} Big Mail
      issue: review and sending
      who: Etienne, Dirk
      what help needed: none
      next step: review under way, (last discussion Jan 31; next conference call, Feb 1st after meeting)

    5. Elephant (Mission & Future)
      issue: keep in mind; organisational improvements
      who: Frédéric D, +?
      what help needed:
      next step:

    6. {i} Paypal
      issue: get the money (when, the 180 days are over?) (ClawbackAction)
      who: Frédéric G, Etienne, +?
      what help needed:
      next step: (last steps: conference call FG, FD, ER on Jan 28; hand over all documents MR to FG Jan 31)

    7. Class 1 / Class 3
      issue: singer issues: repair or change the policy
      who:
      Missing care taker, +?
      what help needed:
      next step:
      There are known issues with the signer. Some which need to be fixed and some that should not be fixed, as they aren't in line with how certificates should be used today (processes which have been incorrect for many years). Unfortunately, there are some old rules in CAcert documentation, specifically in the CPS, which seem to prohibit the necessary changes and improvements to the certificate creation and signing process. This means that the CPS, and perhaps other documentation needs to be rewritten, and some will require acceptance of the Policy group. A new version of documents need to be created and proposed, and when they are accepted, the necessary work on more correct processes can begin. A first draft has been created, and shared among Board and a few other active members.
      See also proposition from Aleš at the minutes of January https://wiki.cacert.org/Brain/CAcertInc/Committee/MeetingAgendasAndMinutes/2024-01-04

    8. Dissolution of CACert Inc (Association), (by FG)
      Reasons in favour: ...
      Reasons against: Community agreement, ...

  3. on hold (for later this year)
    1. Infrastructure: (Dirk)
      1. Start thinking about planning when to do things about new roots, so we are prepared several years in advance, as no certs should have a end-date after any root certificates. Also take a look at the old Escrow article. https://wiki.cacert.org/Roots/EscrowAndRecovery

      1. How is it going with implementing LetsEncrypt certificates on public facing services, instead of keeping them behind CAcert's "unknown" certificates?

    2. Remote Assurance (Brian)

      1. {i} Creation of remote assurance sub committee (RASC) on the hold until Eva is available for the policy. Secretary got in touch with Eva on Oct. 12.
        "Users Requests, summarized." added by Aleš a) need for a distant assurance (no assurers, no TTP possibility in their country); b) need for the write access to our Wiki.

    3. Background Check
      1. done
        1. {i} BGC for Gero: Interview happened (by Ted&Etienne), committee is waiting for the report (has to be sent by Gero).

      2. pipeline
        1. BGC for Brian: who (no board member in BGC team! (Egal/JanDD) /!\ Brian has to re-contact the two checkers at 01 sept 2023.

        2. {i} BGC for Peter is initiated. (date searching; Interview by Ted&Egal)

        3. {i} BGC for Matthias are initiated. (date searching started in August 2022)

        4. {i} BGC for Sascha are initiated. (language: en or de)

    4. Any other business (board members forgot to ask the secretary to put it on the agenda)
    5. What's coming next? ???
  4. Question Time

    Questions from CAcert.org community members can be added until beginning of committee meeting! As well questions can be asked at "Question Time", without added question here.

    1. Would it be possible to make an Interim Measure? I have prepared the text of proposals. added by Aleš Kastner

    2. "Question One." added by Your Name Comment: Replace "Question One" by your Question and add your name

1. Closing

  1. Propose a date of the next Committee Meeting: 7. March 2024 19:00 UTC
  2. Agree on the following meeting dates: 7. March 2024, 19:00 UTC; 4. April, 2. May, 6. June, 4. July 2024 18:00 UTC (keep date free, can be changed if necessary)


  1. To remember: Goals 2021/2022 (propositions by board 2020/2021) - Each goal needs a responsible person on the board who keeps an eye on it and reports regularly, keeps in touch with the responsible people. {X} obsolete / (./) started / {OK} waiting for available time

    • push OrgA (Guy)
    • expand PR (Alex cannot do this, wants to hand over)
    • (./) delivering the OpenID Connect integration, for which CAcert is funded by the RIPE NCC.

    • (./) expand background check

    • {OK} remote assurance, if accepted by the community;

    • (./) simplify the certificate creation (this enables the start of various projects from the pipeline)

    • software development and testing
    • (./) New CSR software

    • {X} support SecureU (find an active board member for them in Germany)

  2. Not to forget: Staffing the teams
    1. Applicants to the Infrastructure team
    2. Applicants to the Development team
    3. Applicant to the Critical team

  1. Access to local systems for board members

Person

Board-Private

Committee Archive

Wiki

Nextcloud

Brian

(./)

(./)

(./)

(./)

Etienne

(./)

Admin

(./)

(./)

FrédéricD

(./)

(./)

(./)

Admin

FrédéricG

(./)

(./)

(./)

(./)

Kim

(./)

(./)

(./)

(./)

Michael

(./)

(./)

<!>

(./)

Wacław

<!>

(./)

<!>

?

Aleš

(./)

(./)

(./)

(./)

1. Tasks assigned to Board Members and others

Person

Task

Deadline

Other People Involved

Notes

Brian

Contact QA/QC Volunteers

10 January 2022

Gero Treuner, Peter Nunn, others?

To begin work, they do not need ABC.

Brian

bla

2022

xxx

xx.

Brian

bla

2022

xxx

xx.


  1. Software Team
    1. Issue 1502: Adapt the UI at CAcert.org to deal with the "keygen" feature having been removed in browsers (Some of this will be met with 1551 )

    2. Issue 1482: Limit validity period of new HTTPS certificates to one year

    3. Issue 1444: PHP - Brian

    4. Issue 1417: Keygen / new CSR software - Bernhard

  2. Organisation Assurance
    1. How to relance OrgA? (Guy)
  3. Grant applications
    1. Protopype Fund https://prototypefund.de/en/ (mail to SW Board only)

      1. The Prototype Fund is a project of the Open Knowledge Foundation Germany, funded by the Federal Ministry of Education and Research (BMBF). This is for residents of Germany only. We could create a group of people that work on a project for CAcert (with all support of the others in the background). It runs for two more years, every 6 month.
      2. Infra does not see any acute need at the moment, and does not have the capacity to provide qualified support.
      3. There are some ideas for software, but in infra's view there is still a lot of conceptual and preparatory work missing. What Infra could imagine is financing people to carry out a requirements analysis and write a requirements and test specification. This could then be used as a basis for a new implementation of the CAcert software (WebDB, Signer and perhaps other things like CATS). But these are just a few ideas of JanDD and he cannot currently recommend any people who would be suitable for this. Potential candidates would have to deal intensively with the existing software on the one hand and with the underlying policies on the other, and would have to identify a lot of missing information, ask for it and make assumptions for discussion. This requires very good analytical and communication skills and a high level of stamina.
  1. Blockchain
    1. see here: https://wiki.cacert.org/Brain/CAcertInc/Committee/MeetingAgendasAndMinutes/2018-03-01/ideas#Blockchain (waiting for answer from IanG)

Minutes Committee meeting - 2024-02-07

Participants

Members of the Committee:

Present, by alphabetical order

Aleš Kastner

Étienne Ruedin - Secretary

Frédéric Dumas

Frédéric Grither - Treasurer

Kim Nilsson - Vice president

Absent or silent, by alphabetical order

Brian McCullough - President

Members of the CAcert community and other guests

Having been active during the meeting, by alphabetical order

none

1 Opening

From November 2023 to March 2024 inclusive, committee meetings will be held at 19:00 UTC.

Chair Kim opens the meeting at 19:10 UTCs.

Kim and Frederic D. invite everyone to join the livepad on Nextcloud for collaborative note-taking of our minutes.

The minutes of the meeting of 2024-01-04 are submitted to the members of the committee for approval. Etienne moves to accept the minutes of the committee meeting of 4th of Jan 2024. Frédéric D. seconds the motion.

Result of the vote:

Aye: 4 Naye: 0 Abstain: 1

The minutes of the 4th of January meeting are accepted.

2 Business

2.1 Trusted Third Party assurer

Etienne moves to accept the updated list of Trusted Third Party assurers: "I move that board appoin Andreas P. A, Raoul Xavier B, Brian McC, Peter Y and Kim N as TTP assurer". Frédéric G. seconds the motion.

Result of the vote:

Aye: 5 Naye: 0 Abstain: 0

The decision to adopt the five names as Trusted Third Party assurers is accepted.

2.2 OpenID - Brian not present

A few days ago, at a preparatory meeting for today's committee meeting, Frédéric G. and Frédéric D. noted that CAcert was unable to continue any software development. The halt to all development on OpenID is not Brian's responsibility. It can be explained by the association's inability to work together on a permanent basis, and by the now almost total attrition of human resources.

2.3 ERPNext

Frédéric D. explains that he is not prejudging any future decision on whether or not to keep CAcert in business, even though his personal opinion is in favour of discontinuing operations. This is why Frédéric D. has continued work on the test deployment of the ERPNext application for CAcert, in the unlikely event that the association decides to continue its activities. Frédéric D. has resumed work on deploying ERPNext on a virtual server temporarily rented from Digital Ocean. If the decision was taken to continue CAcert's activities, this test deployment in an LXC container would then be used to deploy the definitive instance of ERPNext on CAcert's own infrastructure.

In the event that ERPNext is never deployed on CAcert's infrastructure, Frédéric G. recommends using Dolibar in SaaS mode, to enable it to carry out CAcert's closing accounting. It was also agreed that Frédéric Grither would be given administrator rights to CAcert's NextCloud application, to enable him to restructure the hierarchy of shared folders and make the financial archives he is in the process of compiling available to those concerned. As soon as Frédéric G has created a folder for the bank, the secretary can start filing the bank documents.

2.4 Big Mail

Dirk and Etienne have discussed the draft and will speak to each other on the phone this week. A beta version will then be sent to the Committee for consultation.

2.5 Paypal

Frédéric G. reports the current situation. PayPal keeps causing trouble, freezing our assets. Frédéric G. doit pouvoir dérouler une conversation à distance depuis l'adresse courriel paypal+swiss@cacert.org. Étienne will talk to Dirk to see how it can be implemented.

2.6 Class 1 / Class 3 root certificates

Kim explains that re-signing root certificates requires compliance with a large number of requirements, some of which are impossible to achieve with the small team of remaining CAcert volunteers. Many points could be amended or lightened. CAcert's guiding documents should be reworked within its Policy Group. However, the Policiy Group has not seen any activity, and Kim notes that he has never had any contact with anyone claiming to be a member of this Policy Group.

Etienne explains briefly: "The Policy Group is effectively the parliament of the CAcert community. There are no elections, but everyone who is interested signs up. As long as nobody starts a discussion, nobody will give an answer. In short, the Policy Group is a very efficient institution with short decision-making paths. He encourages Kim to submit proposals or drafts for discussion.

2.7 Elephant in the room: does CAcert still have the capacity to carry on its operations?

1 - The number of our volunteers has fallen steadily in recent years. The army of assurers has evaporated, and hardly anyone is willing to carry out the operations required to certify personal identities using the "web of trust" any more. 2 - The latest breakdown of our critical infrastructure, which lasted several months, has had a negative impact on CAcert's reputation among recent users. 3 - We are no longer able to develop the software needed for the association; we are unable to move towards a new OpenID service. 4 - Our purpose is no longer in the public interest. 5 - Frédéric D. comes to the conclusion that it is our operating methods themselves, our organisational culture, that is preventing us from achieving improvements and developments, however small. The past few years have shown that we don't have the means to change this culture, we don't have the means to be more flexible, to adopt a more efficient collaborative approach. This is due to the very nature of the association.

Kim disagrees with Frédéric D on a number of points: Let's Encrypt owns the market for free web/server certificates. CAcert has no business wasting time with that . Free S/MIME email certificates from a somewhat central provider is where CAcert is unique .

Aleš has no argument for stop. But if CAcert would continue it have to change in something. More flexibility would hopefully increase if the CPS is made less restricted. It is what Ted, Dirk and Jan are referring to whenever they say they can't do certain things. He has some hope in that out there are number of users still willing to cooperate. Aleš will not does we do a rematurely funeral.

Kim agrees: We shouldn't bury the body before it's dead. Instead a SGM, he asks if we can call an early AGM.

Frédéric G. moves that the Committee decides to hold a general meeting in the first half of 2024 to decide whether or not to close down Cacert's activities, as well as a timetable and the steps to be taken to achieve this. Kim seconds the motion.

Result of the vote:

Aye: 4 Naye: 0 Abstain: 1

The motion is adopted.

Question Time

No further questions were raised.

Closing

Chair Kim closes the meeting at 21:17 UTC.

Date of the next meeting

Following the tradition or the first Thursday of the month, the next meeting will be held on Thursday March 7th, 2024 at 19:00 UTC

Motions

Actions

Who

Status

Action

Minutemaker

wip

prepare Agenda and Minutes for the next meeting

Brian

Software meeting

every 2 month

Secretary

bank

accounts, contact with treasurer


Brain/CAcertInc/Committee/MeetingAgendasAndMinutes/2024-02-01 (last edited 2024-03-07 19:17:06 by EtienneRuedin)