. '''To Software''' '''[[Software|Software]]''' - '''To Software-Assessment - ''' '''[[Software/Assessment|Software/Assessment]]''' - '''To [[Software/Assessment/20110628-S-A-MiniTOP|previous meeting]]''' - '''To [[Software/Assessment/20110712-S-A-MiniTOP|next meeting]]'''

----

= Minutes of the MiniTOP on the 2011-07-05 =

== Setting ==
The MiniTOP will be held via telco  22:00 CEST

Attendees: dirk, Uli, Michael, Marcus, Marc

== Topics ==

(skip to agenda)

Action items from last meeting '''[[Software/Assessment/ActionItems|Meeting Action Items]]'''



== Agenda ==
 * Software Assessors Patch Reviews - working session in meeting
  * Review 1: review, add to cacert-devel, transfer to testserver
   || Ted || [[https://bugs.cacert.org/view.php?id=940|bug #940]] (outsource help pages to wiki) ||
   || Mawa || [[https://bugs.cacert.org/view.php?id=943|bug #943]] (replace OA-admin text with  OA-Assurer) ||
   || Michael || [[https://bugs.cacert.org/view.php?id=841|bug #841]] (cert login - check issuer source) ||
  * Review 2: finish tests, bundle patch, send to critical team  ?
   || Dirk || the [[https://bugs.cacert.org/view.php?id=948|Bug #948]] (impact on mail delivery (non RFC-2821 compliance)) ||

 * strategy plans ... next: strategy for "New Roots & Escrow"
  1. idea: using indirect crl's ?
   * 2 crl's needed, one valid, one invalid crl server
   * more infos available ? who ?
    1. build testserver with special certs
    1. Magu, Michael to send instructions for test deployment
     * indirect CRL: RFC 5280 [[http://tools.ietf.org/html/rfc5280]] (chapter 5)
   * Magu: not avail, no update
   * other testers ?
   * Marcus: no, Marc: ?
   * some discussion about potential test environment, no result
   * Define requirements, Define a testszenario
  1. policy group: define requirements
   * multimember escrow method ?
    * needs risk analyze
    * potential candidates ?
     * Marcus to contact Thomas K
      * contacted benedikt, will take care about
      * will contact Thomas K
  1. how does debian work ?
   * defered to Froscon (end of Aug), CCCcamp (around Aug 10th)
 * State Testserver Update, Current Patches on Testserver, current running Arbitrations:
  * the list of unhandled patches
   1. Arbitration case [[Arbitrations/a20110312.1|a20110312.1]] Weak keys [[https://bugs.cacert.org/view.php?id=918|bug #918]]
    * mail to ted to continue with arb case, adding to thread on arb case
    * Next: script to bulk revoke weak keys, new [[https://bugs.cacert.org/view.php?id=954|bug #954]]
    * see action items, update ?
   1. Arbitration case [[Arbitrations/a20110419.1|a20110419.1]] [[https://bugs.cacert.org/view.php?id=637|Bug #637]]: Weak Passwords
    * Pwd text removed, but reject pwd doesn't work, pwd can be set to weak pwd
    * problem #1 at login, plz change, use old pwd works - fail
    * problem #2 at join
    * to include in ? checkpassword() in includes(general.php) ... add addtl. requirements there ?
    * current: clear password in source code
    * checkpassword() needs rewrite, but this is another issue, first we have to take care about the Fred pwd
    * dictionary is still active grep current-pwd share/userdict
     1. Fred... to add into checkpassword()
     1. checkpassword() to add into login procedure
    * pwd cannot be changed - new [[https://bugs.cacert.org/view.php?id=953|Bug# 953]] "After change of password change on account.php?id=14 does not meet requirements wrong redirect"
    * SE reset pwd procedure doesn't take care about weak pwd
    * Under testing: update
   1. "Thawte" patch [[https://bugs.cacert.org/view.php?id=827|Bug# 827]] Points-Count-Order-Change project
    * in testing
    * problems in counting found, missing points
    * new commit by dirk, forwarded by NEO
    * 80 pts counted, 100 countable ... problem
    * new commit by dirk, forwarded by NEO
    * pts problem seems to be solved, assurer challenge needed seems now to be ok
    * Under testing: update
    * Marc: thawte patch problem found 2147483647 assurance pts entered, 15.php displays 2147483647 pts
     * Arbitration: exists values in points? limit 0-150 pts ? or no arbitration ?  (discussion)
 * Annoying gpg bug
  || dirk, michael, uli || annoying [[http://bugs.cacert.org/view.php?id=911|bug #911]] (gpg expires 1970), activate gpg on testserver ? pickup upcoming weekend ? || {0} ||
 * Documentation
  * Bugs.cacert.org
   * discussion about states to define, redefine
   * bugs documentation I ([[Software/Assessment/Documentation/bugs|bugs handbook]])
   * bugs documentation II (to incorporate into the [[Software/Assessment/Documentation|Software-Update-Cycle]] procedure/documentation)
   * Review, Update
  * uli, marcus - Testserver + Software Testers - task based help - update
  * uli, marcus - testers how-to regarding testserver roots: live-cd ? how-to, 2nd profile add to [[Software/TestTeam/WelcomePack|Welcome Pack]] - update
 * CI (Update)
 * next meeting: Tuesday, July 12, 2011 22:00

== Minutes ==
 * Review 2: finish tests, bundle patch, send to critical team  ?
  || Dirk || the [[https://bugs.cacert.org/view.php?id=948|Bug #948]] (impact on mail delivery (non RFC-2821 compliance)) ||
  * Uli: new file to patch found: CommModule client.pl (dirk will check)
  * Marc, Marcus to test
 * Michael: TMS Batch Assurance implemented
 * Michael: Bugs tracker, added field/column reviewed by ...
 * strategy plans ... next: strategy for "New Roots & Escrow"
  1. policy group: define requirements
   * multimember escrow method ?
    * needs risk analyze
    * potential candidates ?
     * Marcus to contact Thomas K
      * contacted benedikt, will take care about
      * will contact Thomas K
     * Marcus in meeting with Benedikt, ok from Benedikt, B. needs some more details input, Uli to contact
  1. idea: using indirect crl's ?
   * 2 crl's needed, one valid, one invalid crl server
   * more infos available ? who ?
    1. build testserver with special certs
    1. Magu, Michael to send instructions for test deployment
     * indirect CRL: RFC 5280 [[http://tools.ietf.org/html/rfc5280]] (chapter 5)
   * Magu: not avail, no update
   * other testers ?
   * Marcus: no, Marc: ?
   * some discussion about potential test environment, no result
   * Define requirements, Define a testszenario
    * requirement:
     * webserver to deliver test crl's
     * openssl - create testCA incl. subCA + non-CA but allowed to create crl's
     * publish only subRoot + crl cert
     * publish public key of root
     * in certs  ocsp responder should be prevented or otherwise own ocsp responder has to be deployed
     * testCA and subCA doesn't publish crl's
     * subCA included: link to CRL-distribution-point -> non-CA crl distributor
     * in certs issued of subRoot has to include CRL-distribution-point that is identical with crl of subRoot
      * own crl-distribution-point for each subRoot
     * RootCA -> SubRoot-blub -> SubRoot-blub-certs -> crl-distribution-point is blub
     * crl needs extensions
     * RootCA -> A ->  C, SubCA -> B -> B, 2 crl distribution points B and C
     * client with software to test, browser, email client, acrobat (doc-signing), code-signing
     * what is the content of crl-distribution-point server cert?
      a. points to himself
      a. no distribution point
      a. rootCA creates one crl, that only is used for crl-signer
     * does one of the methods work ?
     * for testing: virtual server: apache + openssl
     * create certs -> manual openssl command
 * feature request by dirk: to add ntp to testserver image, pool.ntp.org
 * Working session:
  * Dirk: 
   || Dirk || the [[https://bugs.cacert.org/view.php?id=948|Bug #948]] (impact on mail delivery (non RFC-2821 compliance)) ||
  * Michael:
   || Michael || [[https://bugs.cacert.org/view.php?id=841|bug #841]] (cert login - check issuer source) ||
 * Documentation
  * Bugs.cacert.org
   * discussion about states to define, redefine
   * bugs documentation I ([[Software/Assessment/Documentation/bugs|bugs handbook]])
   * bugs documentation II (to incorporate into the [[Software/Assessment/Documentation|Software-Update-Cycle]] procedure/documentation)
   * Review, Update
  * Testserver Documentations
   * uli, marcus - Testserver + Software Testers - task based help - update
    * defered after discussion
   * uli, marcus - testers how-to regarding testserver roots: live-cd ? how-to, 2nd profile add to [[Software/TestTeam/WelcomePack|Welcome Pack]] - update
    * defered after discussion
   * general problem to spoon-feed the people with step by step documentations
 * Uli: Marcus, please re-test/check Bugs 921 + 942
 * topic .. 
  || dirk || DEV: [[Arbitrations/a20110312.1|a20110312.1]] [[https://bugs.cacert.org/view.php?id=918|bug#918]] Weak keys: /pages/account/..  4.php, 17.php  to combine ? (/includes/keygen.php) '''DEV''' || {-} ||
  * vbscript needs to be improved with select box key size and lower limit to 2048 (based on [[https://wiki.mozilla.org/CA:MD5and1024]])
  * Api CertEnroll (MS crypto provider)

 * annoying [[http://bugs.cacert.org/view.php?id=911|bug #911]]
 || dirk, michael, uli || annoying [[http://bugs.cacert.org/view.php?id=911|bug #911]] (gpg expires 1970), activate gpg on testserver ? pickup upcoming weekend ? || {0} ||
  * [[https://lists.cacert.org/wws/arc/cacert-devel/2011-06/msg00012.html]]
  * [[https://lists.cacert.org/wws/arc/cacert-devel/2011-06/msg00013.html]]
   a. the key is ok
   a. display on gpg list in webdb displays wrong date 
  * to increase priority of this bug, to fix displaying gpg key date in list as too many reports receives support
 * review finished, transfered to testserver
  * [[https://bugs.cacert.org/view.php?id=841|bug #841]] (cert login - check issuer source) {g}
 * State Testserver Update, Current Patches on Testserver, current running Arbitrations:
  * the list of unhandled patches
   1. Arbitration case [[Arbitrations/a20110312.1|a20110312.1]] Weak keys [[https://bugs.cacert.org/view.php?id=918|bug #918]]
    * mail to ted to continue with arb case, adding to thread on arb case
    * Next: script to bulk revoke weak keys, new [[https://bugs.cacert.org/view.php?id=954|bug #954]]
    * see action items, update ?
    * on mailing the $reason had not been added into the mail, nor the specified wiki links, that were created for this mailing (see [[https://lists.cacert.org/wws/arc/cacert-support/2011-06/msg00072.html]])

==== Fixed Action Items since last or within meeting ====
 || Uli || add to testers portal, push testers on [[https://bugs.cacert.org/view.php?id=942|bug#942]] and [[https://bugs.cacert.org/view.php?id=948|Bug #948]] || {g} ||
 || uli, marcus || Testserver + Software Testers - task based help || {b} ||
 || uli, marcus || testers how-to regarding testserver roots: live-cd ? how-to, 2nd profile add to [[Software/TestTeam/WelcomePack|Welcome Pack]] || {b} ||
 || Michael || [[https://bugs.cacert.org/view.php?id=943|bug #943]] (replace OA-admin text with OA-Assurer), Uli: transfered to testers portal || {g} ||
 || Michael || DEV: [[SystemAdministration/Systems/ca-mgr1-test|TMS]] function (Batch Assurances)  '''DEV'''  || {g} ||
 || Michael || [[https://bugs.cacert.org/view.php?id=841|bug #841]] (cert login - check issuer source) || {g} ||
 || Marcus, Uli || 2. next: strategy for "New Roots & Escrow" - multimember escrow method risk analyze<<BR>>contact potential candidates for doing a risk analyze || {g} ||

----

==== Action Items New ====
Action items: '''[[Software/Assessment/ActionItems|Meeting Action Items]]'''
<<Include(Software/Assessment/ActionItems)>>  

----
 . CategorySoftwareAssessment