• Software
• Assessment
• 20110215-S-A-MiniTOP

• To Software Software - To Software-Assessment - Software/Assessment - To previous meeting - To next meeting

Minutes of the MiniTOP on the 2011-02-15

Setting

The MiniTOP will be held via telco 22:00 CET

Attendees: Martin, Dirk, Michael, Uli

Action items from last meeting

• Dirk: to review MTA sendmail function for/within php

• to SA's: review Bug# 910 (Board Link)

• to SA's: review Bug# 896

• SA team: recheck vienna hosting (response from Matthias Š, forwarded to SA project team)

Topics

• State Testserver Update
  • Current Patches on Testserver:

    • "Thawte" patch Bug# 827

    • Board Link patch Bug# 910

    • /locale/ cleanup Bug# 896

  • see action items
• ATE mailing script sending thru MTA ? (php send mail script)
  • see action items
• strategy plans ...
  • strategy for: Thawte patch, next steps

  • strategy for: "Certificates Class3" problem and "New Roots & Escrow"

  • strategy for: CCA Rollout
• Signer deployment (Andreas/Markus) (Update)
• Automated testing system (Andreas, Magu, MSchiffer) (Update)
• Serversystem CACERT2 online (Markus/Wytze)
  • dedicated to OS and applications upgrade tests
• next meeting: Tuesday, Feb 22, 2011 22:00

Minutes

• off-topic AGM related discussions
• (meeting starts around 22:45 CET)
• Action items from last meeting
  • Dirk: to review MTA sendmail function for/within php
    • no update
  • Reviews

    • to SA's: review Bug# 910 (Board Link)

    • to SA's: review Bug# 896

    • no SA picked up
  • SA team: recheck vienna hosting (response from Matthias Š, forwarded to SA project team)
    • Michael: will contact Matthias regarding technical questions
    • about contract details: should be handled by CAcert, members who offered sponsering to contact
    • question araises test1.cacert.at, hosted on go-now (funkfeuer network)
    • Andreas, Markus should contact Martin G regarding VM
    • Current State: Vienna Hosting

      • Sonance is building Vienna1 for Funkfeuer install

      • Vienna-2 is on the bench

    • Action Item: research for alternate hosting providers
      • Requirements:
        • dedicated machine/root server
        • VM based (eg ESX, XEN, etc)
        • IPs: 8 for test/repository server, +x for CAcert infrastructure hosting
• State Testserver Update
  • Current Patches on Testserver:

    • only tested Board Link patch Bug# 910

    • Michael to trigger Dirk for IE re-check
• ATE mailing script sending thru MTA ? (php send mail script)
  • no update
• strategy plans ...
  • strategy for: Thawte patch, next steps
    • Martin + Uli: to test and report several szenarios
      1. only add 15.php w/o link from 10.php
      2. contact individuals for reports
      3. 2nd add 10.php w/ link
      4. mailing to related ex-Thawte users + blog article + login message (?)

  • strategy for: "Certificates Class3" problem and "New Roots & Escrow"

    • Class3 are issued by Class3 root server based MD5
      1. do nothing
      2. class3 deactivate (no class3 issuing)
      3. build new class3 with sha1, sha256 or whatever
      4. new root keys (class1 + class3)

    • new roots is unrealistic, new roots & escrow questions are still open, especialy escrow method problems

    • do nothing ... is no option
    • deactivate - its difficult
    • generate new class3
      • can be generated on signer
      • how to handle 2 class3 root certs ?
      • signer has to handle crl's for 2 class3 roots (old + new) (via cron ?)
      • to contact people who knows about signer
  • strategy for: CCA Rollout
    • current state, nobody knows who accepted CCA
    • one point to check: new members after 2009-04-04 have accepted CCA by software check button
    • most people issued class3 certs
    • if we add new class3, people has to create new certs, so at this step members have to accept CCA
    • at login time CCA acceptance cannot be added as of code flaw problems
    • CCA acceptance requirement on
      1. join CAcert
      2. gpg/pgp keys
      3. email cert issuing
      4. server cert issuing
      5. assure someone
         • CCA acceptance for Assuree
         • CCA acceptance for Assurer
    • add CCA acceptance into a new table with method
      • userID, when, method
    • Orga's to exclude from first step
    • for testing to add CCA acceptance priority
      1. certs
      2. pgp keys
    • join
      • join date stored in user record
      • accounts after 2009-04-04 ... support view: add "account created after 2009-04-04"
      • no records exists
      • to handle records as not accepted CCA
      • acceptance by Auditor is auditors decision
    • CCA patches are written, needs update to current code
• General Reorg
  • CCA acceptance
  • Deleted Records cleanup
  • Fields with empty Method field
  • TTP reduce to 35 pts ?
• Signer deployment (Andreas/Markus) (Update)
  • nothing new
• Automated testing system (Andreas, Magu, MSchiffer) (Update)
  • nothing new
• Serversystem CACERT2 online (Markus/Wytze)
  • dedicated to OS and applications upgrade tests
• next meeting: Tuesday, Feb 22, 2011 22:00
• (meeting ends around 1:00 CET in the morning)

Action items:

• All: research for alternate hosting providers
• Martin + Uli: to test and report several szenarios regarding Thawte patch until Sun Feb 20th

• CategorySoftwareAssessment