. '''To Software''' '''[[Software|Software]]''' - '''To Software-Assessment - ''' '''[[Software/Assessment|Software/Assessment]]''' - '''To [[Software/Assessment/20110607-S-A-MiniTOP|previous meeting]]''' - '''To [[Software/Assessment/20110621-S-A-MiniTOP|next meeting]]'''
----
= Minutes of the MiniTOP on the 2011-06-14 =
== Setting ==
The MiniTOP will be held via telco
* Workshop starts 21:00 CEST (Weak keys [[https://bugs.cacert.org/view.php?id=918|bug #918]] testing workshop)
* Meeting starts 22:00 CEST
Attendees:
== Topics ==
(skip to agenda)
new items in last meeting:
* modify/split: Michael, Dirk, Uli - prepare patches, update wiki and other sources with new class3 fingerprint
1. webdb
* /pages/index/3.php and 16.php to fix, also to add link to [[Roots/StateOverview|Roots/StateOverview]]
* see [[https://bugs.cacert.org/view.php?id=946|Bug #946]]
* capnew.php and coapnew.php to modify, removal project defered
1. wiki updates
1. svn updates
* Marcus: flyer update: no label, but 1/3 page of A4 page printout, to cut in 3 pieces to insert in each flyer (fixed within meeting)
* capnew.php doesn't work on cacert1.it-sls.de, pdf error message, added [[https://bugs.cacert.org/view.php?id=950|Bug #950]] (fixed within meeting)
* Alex, Michael, Dirk, Ted, Uli, Critical Team: Proposed Class3 Subroot Re-sign project Rollout Date: Thursday 2011-06-09 or Friday 2011-06-10
* modify: All - Arbitration case [[Arbitrations/a20110312.1|a20110312.1]] Weak keys, workshop session before next weeks meeting, starting 21:00 UTC
* Michael, Dirk, Ted: the [[https://bugs.cacert.org/view.php?id=948|Bug #948]] impact on mail delivery (non RFC-2821 compliance)
* Action items from last meeting '''[[Software/Assessment/ActionItems|Meeting Action Items]]'''
== Agenda ==
* strategy plans ...
1. strategy for: "Certificates Class3" problem
* Debriefing
* Patches and handling
* Press release preparation and distribution
* Timing
* Rollout coordination
* Documentation
1. next: strategy for "New Roots & Escrow"
* ...
* State Testserver Update, Current Patches on Testserver, current running Arbitrations:
* the list of unhandled patches
* Arbitration case [[Arbitrations/a20110312.1|a20110312.1]] Weak keys [[https://bugs.cacert.org/view.php?id=918|bug #918]]
* Arbitration case [[Arbitrations/a20110419.1|a20110419.1]] [[https://bugs.cacert.org/view.php?id=637|Bug #637]]: Weak Passwords
* "Thawte" patch [[https://bugs.cacert.org/view.php?id=827|Bug# 827]] Points-Count-Order-Change project
* Software Assessors Review 1
|| Michael, Dirk, Ted, Mawa || [[https://bugs.cacert.org/view.php?id=940|bug #940]] (outsource help pages to wiki) ||
|| Michael, Dirk, Ted, Mawa || [[https://bugs.cacert.org/view.php?id=943|bug #943]] (replace OA-admin text with OA-Assurer) ||
|| Michael, Dirk, Ted, Mawa || [[https://bugs.cacert.org/view.php?id=841|bug #841]] (cert login - check issuer source) ||
|| Dirk, Michael, Mawa || [[https://bugs.cacert.org/view.php?id=942|bug#942]] (CATS test) ||
|| Dirk || [[https://bugs.cacert.org/view.php?id=827|bug#827]] (Thawte patches, points order change) ||
* Software Assessors Review 2
|| Dirk, Ted, Mawa || the [[https://bugs.cacert.org/view.php?id=948|Bug #948]] (impact on mail delivery (non RFC-2821 compliance)) ||
* Testgroup: recruit new testers, update
* Software Testers - Workshop at Barcamp Karlsruhe ?
* CI app.test (Update)
* next meeting: Tuesday, June 21, 2011 22:00
== Minutes ==
=== Workshop Weak Keys ===
Attendees: Marcus, Michael, Uli, dirk
Weak keys testing
first test round is to disable patch on testserver to allow weak keys to add
1. generate 512 bit keys test (test [[http://bugs.cacert.org/view.php?id=918#c2034|bug #918 note #2034]])
a. openssl genrsa -out <your-server-name-domain.tld>.key 512
a. openssl req -new -key <your-server-name-domain.tld>.key -out <your-server-name-domain.tld>.csr
a. copy + paste to signing request
a. copy + paste signed pub key <your-server-name-domain.tld>-pub.key
a. test new pub key: openssl x509 -text -in <your-server-name-domain.tld>-pub.key -noout
* should result in:
* Subject Public Key Info:
* Public Key Algorithm: rsaEncryption
* RSA Public Key: (512 bit)
* Modulus (512 bit): ...
* Exponent: 65537 (0x10001)
2. generate exponent 3 key test (test [[http://bugs.cacert.org/view.php?id=918#c2036|bug #918 note #2036]])
a. openssl genrsa -aes256 -out <your-server-name-domain.tld>.key -3 1024
a. openssl req -new -key <your-server-name-domain.tld>.key -out <your-server-name-domain.tld>.csr
a. copy + paste to signing request
a. copy + paste signed pub key <your-server-name-domain.tld>-pub.key
a. test new pub key: openssl x509 -text -in <your-server-name-domain.tld>-pub.key -noout
* should result in:
* Subject Public Key Info:
* Public Key Algorithm: rsaEncryption
* RSA Public Key: (1024 bit)
* Modulus (1024 bit): ...
* Exponent: 3 (0x3)
3. OA server keys test
=== Meeting [22:35] ===
Attendees: Michael, Uli, dirk, mario, magu
* strategy plans ...
1. strategy for: "Certificates Class3" problem
* Debriefing
* Patches and handling
* Press release preparation and distribution
* Michael: has distros received notifications ?
* Timing
* Rollout coordination
* Documentation,
* dispute has been filed regarding notifications to Orgs, but not yet picked up
* no infos from Support yet
* some accounts under twitter - who ? magu ( .. 21 followers), dirk (cacert_me 63 followers) ...
* mailing lists: debian 12.6., http://www.elgonzo.net/index.php/tag/cacert/, http://osdir.com/ml/general/2011-06/msg20283.html, https://www.xing.com/net/sicherheit/feedback-biete-suche-tools-events-288/fwd-pressemitteilung-neue-signaturen-fur-cacert-class-3-subroot-zertifikat-anderungen-fur-nutzer-von-cacert-zertifikaten-37158796/
* reminder to heise ?
* linux community - posted
1. next: strategy for "New Roots & Escrow"
* idea: using indirect crl's ?
* 2 crl's needed, one valid, one invalid crl server
* policy group: define requirements
* multimember escrow method ?
* how does debian work ?
* secret sharing schema
* docu process [[http://ftp-master.debian.org/keys.html]]
* public mailing lists ? contacts ?
* dirk ? michael ? jandd ? alexander ? sven ? and other contacts (ftp team ?)
* dnssec has distributed last year
* State Testserver Update, Current Patches on Testserver, current running Arbitrations:
* Michael added new states in mantis
* the list of unhandled patches
* Arbitration case [[Arbitrations/a20110312.1|a20110312.1]] Weak keys [[https://bugs.cacert.org/view.php?id=918|bug #918]]
* test running
* Arbitration case [[Arbitrations/a20110419.1|a20110419.1]] [[https://bugs.cacert.org/view.php?id=637|Bug #637]]: Weak Passwords
* needs rework
* "Thawte" patch [[https://bugs.cacert.org/view.php?id=827|Bug# 827]] Points-Count-Order-Change project
* problems with network setup ... fixed within session, 15.php package uploaded
* Software Assessors Review 1
|| Michael, Dirk, Ted, Mawa || [[https://bugs.cacert.org/view.php?id=940|bug #940]] (outsource help pages to wiki) ||
|| Michael, Dirk, Ted, Mawa || [[https://bugs.cacert.org/view.php?id=943|bug #943]] (replace OA-admin text with OA-Assurer) ||
|| Michael, Dirk, Ted, Mawa || [[https://bugs.cacert.org/view.php?id=841|bug #841]] (cert login - check issuer source) ||
|| Dirk, Michael, Mawa || [[https://bugs.cacert.org/view.php?id=942|bug#942]] (CATS test) ||
|| Dirk || [[https://bugs.cacert.org/view.php?id=827|bug#827]] (Thawte patches, points order change) ||
* Software Assessors Review 2
|| Dirk, Michael, Mawa || the [[https://bugs.cacert.org/view.php?id=948|Bug #948]] (impact on mail delivery (non RFC-2821 compliance)) ||
* Testgroup: recruit new testers, update
* Software Testers - Workshop at Barcamp Karlsruhe ?
* Idea: push patches to production for testing
* testing with deadline (eg 2 weeks?), after which patch will be pushed to production
* annoying [[http://bugs.cacert.org/view.php?id=911|bug #911]] (gpg expires 1970)
* gpg on testserver not active
* pickup upcoming weekend (dirk, michael, uli)
* CI app.test (Update)
* Hudson, integrated in eclipse
* silenium good for creating
* upcomung new release announced, old revision not under full maintenance eg ff4 not supported
* next meeting: Tuesday, June 21, 2011 22:00
* git over http: [[http://git-cacert.it-sls.de/cgi-bin/gitweb.cgi]]
* Testserver + Software Testers - task based help:
* '''Emails will not be send to your email address, use testserver management system instead'''
* how to create admin account?
* how to add new user?
* how to assure an account?
* where to find email?
==== Fixed Action Items since last Meeting ====
|| Michael, Dirk, Ted, Uli || prepare patches, update wiki and other sources with new class3 fingerprint<<BR>>1. (Dirk, Ted) webdb: [[https://bugs.cacert.org/view.php?id=946|Bug #946]] '''REVIEW 2'''<<BR>>2. (Uli) wiki updates<<BR>>3. (Uli) svn updates || {g} <<BR>> {g} <<BR>> {g} <<BR>> {g} ||
|| Alex, Michael, Dirk, Ted, Uli, Critical Team || Proposed Class3 Subroot Re-sign project Rollout Date: Thursday 2011-06-09 or Friday 2011-06-10 || {g} ||
|| Marcus || flyer update: no label, but 1/3 page of A4 page printout, to cut in 3 pieces to insert in each flyer (fixed within meeting) || {g} ||
|| Dirk, Michael || capnew.php doesn't work on cacert1.it-sls.de, pdf error message, added [[https://bugs.cacert.org/view.php?id=950|Bug #950]] (fixed within meeting) || {g} ||
|| All, Testers || Arbitration case [[Arbitrations/a20110312.1|a20110312.1]] Weak keys, reviewed by Ted, needs testing !!! Urgent<<BR>>workshop session before next weeks meeting, starting 21:00 UTC [[https://bugs.cacert.org/view.php?id=918|Bug #918]] '''TESTING''' || {g} ||
----
==== Action Items New ====
1. dirk ? michael ? jandd ? alexander ? sven ? - next strategy for "New Roots & Escrow" - get in contact with debian group
1. dirk, michael, uli - annoying [[http://bugs.cacert.org/view.php?id=911|bug #911]] (gpg expires 1970), activate gpg on testserver ? pickup upcoming weekend ?
1. uli, marcus - Testserver + Software Testers - task based help
Action items: '''[[Software/Assessment/ActionItems|Meeting Action Items]]'''
<<Include(Software/Assessment/ActionItems)>>
----
. CategorySoftwareAssessment