• Community
• Update

• NOTA BENE - WORK IN PROGRESS - Your Inputs & Thoughts

• To CAcert.org Community

CAcert.org Community Update

• CAcert.org Community Update is maintained by active contributing community members as Ulrich Schroeter, Iang and others. If you are here contributing, please feel free to add your name.

2010 October Update

• 2010-10-31 Board pings the team leaders and major documentation providers on the proposed licensing of our documentation under CC-by-sa+DRP

  • blog and email

• 2010-10-24 Board announces a preliminary date for the upcoming AGM: 2010-11-28 or 28th November.

  • announced on the private member's list so not widely visible.

• 2010-10-07 Software-Assessment-Project reached next milestone

  • Todays systemlog message marks the quantum leap in our about 10 months project work, to become the Software-Assessment area auditable. As many Software-Updates are in the queue from the software developers, that needs testing and reviews by Software Assessors, the team started by end of last year with this project, to build up a new controlled testserver with authority by Software-Assessors, built up by the critical team as a Disaster Recovery testcase, a new central repository for all the upcoming software projects (including the New Software project BirdShack), building a new test team running the software tests, and finalyze the process by a review of the patches by 2 Software-Assessors, document the patches, the testing, the review and the check by two Software-Assessors to bundle the new Software-revision for transfer to the Critical team. The systemlog message signals, that the first tested and reviewed patches has received by the critical system webdb and is incorporated into production. A new tarball has been generated to build the next basis for applying the next patches. So here my thanks goes to all the involved teams, Software-Assessment-Project team, the new Software Testteam, the Critical Sysadmins team and last but not least to the Software-Assessors from the Software-Assessment team. With all these people assistance, this project hadn't be pushed to this milestone. Thank you Andreas, to build the project plan and the technical background, and also hosting the current testserver, Thank you Wytze for all your work to build the new testserver from scratch as identical as possible to the production server, to Michael, who assist us in deploying the new git repository and also assistance in deploying the Testserver-Mgmt-System, so everybody can start testing w/o the need of console access, Thank you Markus, for all your time and effort to deploy the repository and testserver environment and also your work together with Philipp as Software-Assessor, to finalyze the Software-Update-Cycle. Thank you Dirk for all your suggestions to move on with this project. Some more work is todo: adding a test-signer, so also cert related patches can be tested in the future (Andreas and Markus are working on this), deploying a C(ontinous)I(ntegration) system for automated testing (Andreas is working on this). Now the teams have to walk thru the list of open bugs, that needs to be pushed thru ... First of all is the "Thawte" bug ... to signal all users who've got their Thawte points transfered by the old Tverify program if they are effected by the points removal or if they are safe. The CCA-Rollout with a couple of patches, a list of new Policies and Subpolicies related patches (eg. PoJAM, TTP program), a list of Arbitration pushed patches, and so on ... So guys, lets have a party tonight, we've wiped out one of the biggest audit blockers!

• 2010-10-12 ATE-Canberra

  • The 2nd ATE outside Europe! with 3 attendees in Canberra, a small town in Australia. Success!

• 2010-10-04 ATE-Aachen

  • The 2nd ATE in Germany, near the Belgium border, happened with about 8 attendees. The new presentations series (currently in German only) started with ATE-Essen has been reviewed and updated. The Co-Audits in the 2nd half of the ATE, that is the essential part in the Audit plan over Assurance helps us to move forward in the overall audit plan. We've got at least 3 interesting contacts for essential audit projects. So it can be concluded an overall success.

• 2010-10-01 The Big Masterplan to become Audit Ready

  • Everybody knows it. Everybody hears it. Everybody talks about. But nobody knows about. What is the Masterplan for to become Audit Ready ? Back in January 2010, the Board decided with a motion m20100117.3 "No new subroots on current root, plan for new root". Insiders could know, what this means. The most users didn't noticed this plan. On a braindump, I've figured out, that this plan requires several milestones to reach. One of this milestone is the list of Policies, a 2nd one a working Software-Update-Cycle process, so one of the Audit-blockers - the CCA-Rollout can pass. As there are several other steps, the masterplan is a complex building. Several tasks needs to be run in parallel. And there are relations from one project to another one. One of the core projects is the ATE work with recruitment for specialists for the core audit related projects (New Roots and Escrow, CrowdIt, Funding and the Infrastructure project to seperate non-critical systems from the critical system, so the system becomes auditable). Read more on the blog post The Big Masterplan to become Audit Ready

2010 September Update

• 2010-10-28 ATE-Essen

  • With about 20 attendees, the ATE-Essen starts the Autmn season of ATE's. One of the Audit-over-Assurance (RA) programs, to become Audit-Ready in the (RA) area.

• 2010-09-27 TTP Assisted Assurance Policy has been approved to DRAFT

  • Motion CARRIED. Consensus of 24:0 has erupted in policy group once again.

  • Further infos continue reading the blog post

• 2010-09-13 Call for Vote that the TTP Assisted Assurance Policy be approved to DRAFT

  • Call 4 Vote has started in Policy Group. See also blog post over https://svn.cacert.org/CAcert/Policies/TTPAssistedAssurancePolicy.html. So this is to reapply a TTP-program that helps people in the CAcert deserts to become member and also reach the 50 points level (issue certificates with their name in it, issue server certificates for 2 years instead of renewing every half year) or 100 points level to has a chance to become Assurer (after CATS test passed). Voting closes Sunday Sept 26th, 2010

• 2010-09-12 Announcement for ATE-Essen/DE has been sent out

  • The scripted mailing (Newsletter settings in your account) has sent out invitations to 3128 recipients in Germany, Netherlands and Belgium.
  • The next ATE-Events:

    • ATE-Essen 2010-09-28

    • ATE-Aachen 2010-10-04 (2 ATEs)

• 20100912 ATEs in Australia

  • Board has decided to push ATEs in Australia and in NSW.

• 2010-09-11 PracticeOnNames updated

  • PracticeOnNames has been updated with the informations received by Dutch Assurers about the Dutch common short givenname variations

• 2010-09-08 Lost Password Overview updated

  • Lost Password Or Account has been updated with the new Password Recovery With Assurance procedure

• 2010-09-05 Practice On IDChecking updated

  • The Practice On IdChecking guide has been updated, since it includes lot of old stuff, to reflect the current practice on IDChecking.

• 2010-09-05 Nederlandse Voornamen Databank

  • AP 2.2 allows Country variations with names, so the Dutch common short givenname variation has been identified as a Country variation. But how to verify a Dutch common short name ?
  • A new database link should help Assurers to find the correct short name variation to a givenname found in an ID doc

  • The Nederlandse Voornamen Databank: http://www.meertens.knaw.nl/voornamen/vnb/

• 2010-09-04 New sources with informations about ID docs for Bulgaria have been found

  • Acceptable Documents for Bulgaria has been updated with the new found links

  • Bulgarian ID docs aren't that described in PRADO, the database of ID Documents of the European Union

  • Also other Acceptable Documents pages updated

2010 August Update

• 2010-08-22 Froscon 2010

  • At Froscon 2010 some of the Assurers trained the new procedures for

    • Password Recovery With Assurance

    • and Name Change After Marriage w/ Assurance by following the procedure described under Name change request w/ Assurance

• 2010-08-20 Assurance Handbook updated

  • AO updated AssuranceHandbook2 with simple rules each Assurer can learn. The short rules are added in boxes.

  • i.e. Allow only names or name parts (i.e. suffixes) that you can verify at least against one govermental photo ID
  • But consider that there are also exceptions, i.e. Dutch common short givenname variations

• 2010-08-17 Software Testers working

  • The first bugs has been found with the new testserver

  • For all people who wants helping on this project, please start with the Testers starting page Main Entry Info Page for Software Testers

• 2010-08-04 Software-Assessment-Project: Call for Software Testers

  • A call for Software Testers has started, to build the new Software Testteam under the Software-Assessment-Project team
• 2010-08-01 Board promotes ATE's and co-Audits

  • On the last Board meeting, Board revisits the Audit Status.

  • One of the tasks is the co-Audit over Assurance program

  • Board formed a motion m20100801.3

    • Resolved, that in order to improve quality of assurances as a required step for audit, the board will promote ATE's and co-Audits.

2010 July Update

• 2010-07-30 root certificates under free license, RDL

• 2010-07-20 Daniel resigns from Board, Infrastructure Team Lead, Systems Admin (various)

• 2010-07-17 PracticeOnNames updated with the NL country variation Arbitration ruling of a20090618.12. The ruling was written February this year, but had not been pushed out yet to the community. This presents a more relaxed rule: "Abbreviations on givennames are allowed under some circumstances" regarding Dutch givennames.

• 2010-07-16 Faster Support Actions on requests by Assurers and Users on Name Change cases, DoB changes after events

  • In February this year, there was an interesting Arbitration case that relates to all assurers and members with name change and DoB problem requests. This Arbitration case a20100210.2 takes precedence if requested within 24 hours an error was made, or upto 7 days after a big event. As thus should allow to decrease the disputes queue, we need all the help from the community, that such errors are reported within the given timeframe. This is to simplify Support cases and to decrease the delay in Arbitration cases by reducing the cases in the queue. For details please read the Arbitration case a20100210.2 ruling.

• 2010-07-14 One Milestone in Software-Assessment-Project reached
  • Within the last week we’ve reached one milestone in our new Software-Assessment-Project. The team is working since November 2009 on a new Software Repository and a new Testserver. The Testserver needed a Testserver Mgmt System to set the environment for testing new Software and Patches for the Webdb system.
  • The long blocking factor was the Testserver Mgmt System. That is now installed and functional with basic functions:
    • Increase Assurance Points (to start testing as Assurer)
    • Setting special Flags (to start testing as i.e. Support-Engineer for SE patches)
  • The Testserver Mgmt System is buildt with the Zend Framework and is an addtl. instance on the Testserver.

  • The next step in deploying the new Software-Assessment Environment is to find the first Testers, who helps deploying the procedure on Documentation of current patches (see Software-Assessment: Current Tests)

  • The Software-Assessment-Project is an essential brick in the wall for the Audit as this blocks several Audit steps (Audit over Systems, CCA-Rollout, and others). An overview of the steps to an Audit-restart can be found on the Overview Projects Board Wiki page.

  • For further infos about the Software-Assessment-Project read Software-Assessment-Project Page

• 2010-07-10 Voting on Policy Group for p20100710 License root under Root Distribution License opened

• 2010-07-04 Ernestine resigns from Board and Treasurer

• 2010-07-03 Dominik George was appointed by board motion m20100625.1 to become Support-Engineer

2010 June Update

• 2010-06-26 Dirk Astrath was appointed by board motion m20100618.1 to become Software Assessor in the Software-Assessment team

• 2010-06-18 Arbitration case a20091126.2 "removal of in-active case managers and arbitrators procedure" has been ruled and closed after discussion in the Arbitration team meeting and voting for procedure to become official: vote result: 4 accepted (with one late vote). So this procedure fills the gap between inactive Case Managers and Arbitrators and the announcement to the DRO, who than reports to the board with an optional removal of a Case Manager and/or Arbitrator as outlined in the board motion m20091206.2 "Provision to remove arbitrators on advice of DRO"

• 2010-06-14 New Password Recovery w/ Assurance Procedure

  • A new Password Recovery w/ Assurance procedure has been established thru Arbitration case a20100407.1.

  • The procedure is outlined under Password Recovery with Assurance

• 2010-06-05 SP to DRAFT — marks the milestone in Policy!

  • This weekend, the Security Policy goes into DRAFT. We’ve battled and we’ve won: consensus has erupted in policy group. Not only do we get our Security Policy, but SP going to DRAFT marks a major milestone for CAcert:

  • We now have a complete set of policies for audit !

  • Read the full article on the Blog

2010 May Update

• 2010-05-16 Configuration Control Specification (CCS) voted to DRAFT by policy group p20100426

2010 April Update

• 2010-04-16 Javier Fernández Almirall was appointed by board motion m20100408.1 to become Support Engineer

• 2010-04-15 Approval of Mathieu Simon as CAcert Organization Assurer for Switzerland by board motion m20100407.1

2010 March Update

• 2010-03-30 New Roots task force offers SHA2 based roots/end user certificates for testing

• 2010-03-30 Software-Assessment Project telco 2010-03-30

  • GIT as the future Software Assessment repository passed test successful
  • Testserver needs Testserver Management System, action plans triggered to start a deployment

• 2010-03-27 Walter Güldenberg appointed as Events Team Leader

• 2010-03-26 Sysadmin team works out way forward for SNI, client certificate authentication and SSL renegotiation changes in browsers

• 2010-03-26 Security Policy - Board vetos Security Policy Draft regarding point 9.1.4.2. Coverage - Board sighting conflicts with CAcert incorporated rules

• 2010-03-25 Ongoing update of CAcert Officers list

• 2010-03-24 First ATE in 2010 season: ATE-Sydney with 6 co-Audited Assurances and addtl. 14 interested Attendees

  • Discussions through email and irc about how to seed CAcert deserts. Plans for contacting Usergroups (existing IT related social networks)

  • mostly, area has many old SuperAssurers that will have faded away

• 2010-03-21 Board Meeting 2010-03-21 "Determine Root escrow and recovery mechanism" review ends with no consensus

• 2010-03-18 Rasika Dayarathna, our Privacy Officer, resigned due to lack of time. Looking forward to rejoining us later.

• 2010-03-14 Boards Projects Overview Page started deployment

  • with this page, Board and also Community can get a better overview over the running and upcoming projects regarding Audit

  • currently active areas/projects: 1.1 Software Assessment, 2.1 New Root, 7.1 Policy Group, 8.1 Assurance (co-Audit), 9.2 ATE's (planning)

• 2010-03-13 Board Members allowed to serve on arbitration team again

• 2010-03-06 Daniel Black gets appointed as Infrastructure Team Leader

• 2010-03-06 Efficiency gain - Policy Officer empowered to perform minor adjustments to policy

• 2010-03-06 CeBIT 2010 Big Assurance Event successful passed after 5 days with a team of about 8 to 12 and more Assurers. CAcert was one of the 15 projects on the booth at the Open Source Project Lounge sponsored by Linux New Media.

• 2010-03-03 Co-Audited Assurances Program finalized and starts at CeBIT 2010

2010 February Update

• 20100221 Markus Warg appointed to Software Assessment.

  • He is now the 2nd team member in a new team that will be formed under the "Repository Project" by Andreas Bäß
  • Also involved in this project is the Critical sysadmins team for building up the Servers and software for becoming testing and staging servers.
  • Also to train the system recovery from scratch
  • Also to prepare a proposed system upgrade

  • These are the first results from the Software MiniTOP Essen Dec 16th 2009

• 20100221 UlrichSchroeter appointed as Assurance Officer

  • Board accepts Sebastian's resignation as Assurance team leader, and thank him for steering the ship over the last year. Sebastian remains on the Assurance team! Board appoints Ulrich as team leader, formally Assurance Officer within the meaning of the Assurance Policy.

• 20100221 Michael Tänzer appointed as Support Officer

  • Board appointed Michael as support team leader and accepts Ian Grigg's resignation as support team leader.
  • (Formally, as Support Officer within Security Policy.)

• 20100213 Software MiniTOP Offenbach Feb 13th 2010

  • Current State of Repository Project

• 20100206 Assurance MiniTOP Brussels Feb 6th 2010 - on the Agenda were several topics

  • Assurance - Tasks for coming weeks.
    • Plan for Events.
    • Submit review to board.
    • new AO and EO to board.
    • prepare CeBIT.
    • finish Co-auditing Programme for 2010, in time for CeBIT.
  • CeBIT
  • Roles
  • Support
  • ABC interviews
  • Recruitment
  • Co-Audit
  • Defining the Co-Auditor
  • co-Audit Team
  • co-Audit preparation

• 20100201 p20100119 PoJAM to DRAFT resolved.

  • https://svn.cacert.org/CAcert/Policies/PolicyOnJuniorAssurersMembers.html

  • Now the Subpolicy is binding to Assurers for assuring minors and als minors to be Assurers.
  • This is the first policy in a series of subpolicys under AP, that cames back after all special assurance programs becomes frozen.

2010 January Update

• 20100130 AGM Annual Report 2008/2009

  • covers mid 2008 upto Jan 2010 activities

• 20100103 Board Meeting

  • Arbitration: Board passed the motion m20100103.2 the new DRO is Lambert Hofstra.

  • Support: Board passed the motions m20091224.3, m20091224.2, m20091224.1 that Wolfgang, Martin, and Michael be appointed as Support Engineers

  • AGM: The board has passed the motion m20100103.4] to set the date for January 30th 2010 at 21:00 UTC.

  • Memberships: We have 4 new Inc members: Martin Schulze, Wolfgang Kasulke, Millis Miller, Gero Treuner by Board motion m20100103.5

  • Software Assessment: As of board motion m20091220.2 there was request for ABC's. Topic concluded with no action, and no motion proposed. Progress is halted, strangely, the discussion ignored the previous motion

  • Domain Management, DNS + OCSP: DNS + OCSP moves to the critical team by board motions m20091231.1 and domain by m20100103.6

  • Assurance Plan for 2010 (ATE's):

    • February	Fosdem (Belgium) for ATE review and co-audit "test script" plan for 2010
      April	Europe I == NL, B, F, GB, (CH), A
      March-May	Australia == Canberra, Sydney, other big cities, if reachable
      May	Germany (2 weeks)
      June	Europe II == DK (Kopenhagen), S (Malmoe), E (Barcelona)

2009 December Update

• 20091221 NB: Resignation as Dispute Resolution Officer (DRO)

• Poll for AGM day (Fr,Sa,Su?) Inc Members, please vote!

• 20091220 Board Meeting

  • "process of software review" ends with the motion: m20091220.2, propose 4 people, and to request ABCs

  • Support is proceeding to bring in Triage people. 3 ABCs have been completed. Michael Taenzer, Martin Schultze, Wolfgang Kasulke are now complete, so t/l-support will probably propose them for Support Engineer.

  • Arbitration: "That, given m20090811.1, and today's informal information that some arbitrators are non-working, board requests an immediate update of the state and health of the Arbitration system from DRO, with a view to changing the roles and re-invigorating the process.". Motion m20091220.3 carried

  • Update on Finance: No Annual General Meeting schedule yet

• Minutes 20091216 Essen Software MiniTOP

  • Software, repository: Repository is up and going. Haven't got the test system, just the developer system. We expect to have everything together by end of January.

  • Birdshack doco

  • Root ceremony: In order to re-do this process, we have to do: planning, collection of the people, budget, hardware, and also to come up with a new concept for protection of the root. This latter is important, and the whole thing will need to be serious and documented for presentation to a new auditor.

• Hamburg Assurance mini-TOP 20091215 results with three new Special Assurance programs proposals

  • Policy On Junior Assurers / Members (2) (Discussion started 2009-12-20 in Policy Group)

  • TTP-assisted Assurance Policy (Discussion not yet started)

  • Policy for Nucleus (former Super-Assurance) (Discussion not yet started)

• 20091215 Confirmation received for a booth at the CEBIT 2010. CAcert get this sponsored booth from the Linux New Media (Cebit Open Source) (CEBIT Event Organisation)

• 20091211 Support Team declares reaching a milestone in clearing out the support Inbox. All that's left is the future!

• 20091205 Confirmation received for a booth at the FOSDEM 2010 6-7 Feb 2010, Brussels Belgium. (FOSDEM Event Organisation)

2009 November Update

• New Arbitrators makes their first steps in the Arbitration Team. The backlog of Arbitration cases increases rapidly, after the support blockage seems to be fixed.

• The first new Support Engineer starts working in the Support Team, also new people on the Triage team. As working on the backlog of the support mailbox, about 15 new disputes upto now forwarded to the Arbitrations Team to a total of 53 init (23)/running (30) cases. Some diputes filed originaly Jun 2009, Sep 2009

• The Draft CPS is now on the main site see on the Blog and the CPS on main Site.

• Assurances Program: As of Board motion m20090912.1 and finaly m20090914.2 also the assurances of underaged people (u18) were ceased. A workaround is to follow the PoJAM (WIP) procedure, but a dispute filing is allways possible.

• Policy group decide (p20091108) to make IDNs available everyone with some restrictions to minimize homograph risks.

• recruitment of Support Engineers
• relates to the Arbitration - Case Managers - Support discussion
• Support was identified as a bottleneck, now starting try #3 to get people in

• see also Board Meeting Agenda 2009-11-15

• and Board-Next-Meeting Sunday 2009-11-15 - 21:00 UTC - Input

• and Board-Next-Meeting Sunday 2009-11-15 - 21:00 UTC - Input - Reply

• and Board-Next-Meeting Sunday 2009-11-15 - 21:00 UTC - Input - another Reply

• IanG appointed as temporary Support Officer assisted by u60 see e.g. Support/Team

• (Non-Critical) Infrastructure Projects are advancing, Board has accepted to go for Vienna (Sonance) and Berne one is in preparation (contract needs to be made), the hardware in Berne is ready.

2009 October Update

• Ongoing discussion in arbitration mailing list and private discussion about arbitration blockage by the case managers/arbitrators team. Also top on the Agenda - Committee Meeting - 2009-11-15

  • Draft document for Case Managers
  • Proposals / Tools for Arbitrations enhancements:
    • Reminders
    • Reporting
    • Switch CCA / DRP acceptance to be the default instead of requesting it individualy in init mailing
• CARS - CAcert Assurer Reliable Statement

• now added to AssuranceHandbook2 CAcert Assurer Reliable Statement

• affects all Assurers
• relates also to Sysadmins, co-Auditors, usage in the Arbitration process, Events Mgmt

2009 September Update

• All Assurance Special Programs are frozen

  • 2009-09-14 As of Board motions m20090912.1 and finaly m20090914.2 these programs ceased immediately.

  • 2009-09-28 Tverify is now operating under the authority of board motion m20090928.1 (Run Tverify as-is until End Of Life 20091116) and under Assurance Policy. This latter means no issues of points over 50, and the earlier includes some restrictions.

Inputs & Thoughts

• YYYYMMDD-YourName

• Text / Your Statements, thoughts and e-mail snippets, Please

• YYYYMMDD-YourName

• Text / Your Statements, thoughts and e-mail snippets, Please

Category or Categories

CategoryCommunity
CategoryAssurance
CategoryPolicy
CategoryBoardMinutes