This page is the wip of a text for the Executive's annual report for AGM.
wip: document preparation
publish to members
(put completed actions at next) See also AGM/Next for other work.
- How to include references? I started putting them at the bottom and then aborted because it fundamentally depends on the way document layout is done.
- How to refer to the names, especially in the controversial areas? Is there a desire to shorten them? We need a Name Standard so that it can be applied evenly.
- How is the signing block? Who puts their name to this document?
- What is the nature of document preparation? DOC, ODT, Pages, Latex, yawps? Who is a whiz at this stuff?
scanned all board motions.
scanned the public archive for entire FY08/09 board list traffic.
scan private archive - checked but all board traffic from FY08/09 into main archive now
ping the team leaders for comments / additions / reports. Done on AGM/TeamReports.
ping the directors of the board for comment / additions. Done by Mark.
incorporated list of audit reports
scan the Audit reports, reviewed them for missing items of note
reviewed committee / executive part; policy/arb; Systems; Community
turned into a report based on events / actions.
SGM minutes finished
review it / board
write an abstract
do not make changes
accepted by board:
The big project of the period was the moving of the critical systems to their final home in Ede, Netherlands. With planning stretching over 6 months and a dozen volunteers working to make it happen, the move went without a hitch and downtime of less than 24 hours. The new critical systems team then spent 6 months in working up to the initial audit steps. In other technical developments, two attempts to create new roots brought us closer, but not completely there. Also, the first big steps were taking in creating a large and active infrastructure team, and the first small steps in a software team. During the year, the policy group passed into DRAFT three key documents, being the Assurance Policy, the Security Policy and the long-awaited Certification Practice Statement (or CPS). With Assurance on a good policy footing, the audit reviewed much of the Assurance side across Europe, and started on systems. Unfortunately the audit work triggered a dramatic call on more resources than could be delivered, and audit terminated unsuccessfully in June 2009. This caused some rethinking by the community, and a new committee was installed in the July 2009 SGM, which team lead forward in building the human and system resources needed to meet the heavy audit demands.
From the Committee of CAcert, 201001xx
Hereby, the Committee of CAcert Inc presents its executive report to the members of Association, and by extension, to the entire Community of CAcert. This report is over the period 20080701 to 20090725, being the date where the previous report left off, up to and including the SGM of 2009.
Signed, all? one? CARS
The work of the entire community is broken up into 3 approximate areas: Systems, Governance, Community. These can be termed as such:
- Governance: Committee and Executive Work, Arbitration, Policy, Audit. This part approximates Brain.
Systems: Systems (critical, access and infrastructure), Software (php & BirdShack). This part approximates Technology, and is the parts most effected by Security Policy.
- Community: Support, Assurance, Events, Education, the broader teams.
This organisation is followed in this text, although note that no simple image covers all realities.
Historical note on Accuracy & Style
This executive report is a reconstruction of the activities of the Executive Committee of the period 20080701 to the SGM of 20090725, at which event the committee was removed by the Association.
This report draws from events and actions that were recorded in maillist archives, decision records and other sources. The sources were chosen as those that were or should have been visible to the committee. It thus presents a viewpoint as available to the then-committee, or as close as we can make it. There may be biases or blindspots in either their view or our view. The many teams of the Community were also invited to report, and their good work is attached. Note that their perspective is different, including that they were not constrained in period, and their reports may extend as far as 20100116.
As this report is prepared by the Committee appointed at that SGM, not by the committee that lived these events, the report is more of a listing of recorded events and actions than descriptive in nature. While the records and presented facts are believed to be correct, there may be some errors. Some statements of interpretation are made, and these may be less correct.
The members of the previous committee were given the opportunity to make a statement, but no statement was received by time of closing of contributions (20100116). The present committee feels that it is in the community's best interest to re-construct the events and present a fair record, as far as is reasonable. Errors & omissions can be dealt with by petition to the committee of 2010, or by filing under dispute resolution policy.
The terms committee and board are used interchangeably. The terms CAcert Inc. and the Association are used interchangeably. The term Member means a member of the Community, under the CCA, where unqualified, and a member of the Association or the committee where qualified.
The period started 20080701 with a committee consisting of 4 members: President Teus Hagen, vice-president Evaldo Gardenali, treasurer and public officer Robert Cruikshank, secretary Guillaume Romagny.
- The committee called and held the Annual General Meeting of CAcert association, 20081107 [x]. The Yearly Board Report [x] and yearly financial report [x] was presented to the members of the Association. A new committee was elected.
At the first meeting, 20081112, Positions on committee were announced [x] : President Teus Hagen, vice-president Evaldo Gardenali, treasurer and public officer Robert Cruikshank, secretary Guillaume Romagny, ordinary members Philipp Dunkel, Greg Stark and Alejandro Mery Pellegrini.
http://svn.cacert.org/CAcert/CAcert_Inc/General_Meetings/AGM-Nov2008/CAcertInc_Yr2008BoardReport.pdf CAcert AGM 2008 Board Report.
http://wiki.cacert.org/wiki/AGM20081107?action=AttachFile&do=view&target=CAcertBalanceSheet07-08.pdf CAcert Fin 2007/08 Balance sheet.
m20081112.1 positions announced.
Miscellaneous Committee Actions
- In early 2009 Board list was opened to the public, following the long-standing goal for more openness on committee deliberations .
- 20090517 Philipp Dunkel proposed the use of a vote tracking tool, which was then adopted for committee use. The tool remains in use. This tool uses client certificates, which contributes to CAcert's goal to use this form of authentication.
The following actions signify events and actions by the committee related to Audit project.
- In order to meet committee's responsibility to deliver reports for funding purposes, the President forwarded the Auditor's reports to community to NLnet Foundation, the provider of audit funding.
20081020 The second (of two) tranches of funding was paid by NLnet Foundation, and retainer of €3000 received by Auditor.
20081107 The AGM established the Audit as the priority of the committee with statement “we hold it as the primary objective for CAcert to enter Mozilla within 2009”
20081113 An invited paper by Ian Grigg was presented at Lisa. An Open Audit listed the story of the Audit of CAcert so far.
- Philipp Dunkel joined as Audit Liason.
20090119 Auditor announced to defer Organisation Assurance 20090119. Also suggested, an audit over Registration Authorities.
- 20090303-06 At CeBIT, Members created the ATE and co-auditing concept to address Audit concerns.
Security Policy was passed into DRAFT p20090327, which enabled start the audit over systems.
- 20090420 Committee reviews first draft of Management Assertion prepared by Philipp Dunkel and reviewed by Alejandro Mery. With some changes, this was approved as m20090519.1 [x].
20090515 Auditor sent list of issues to do with roots. mail. No response.
- 20090519 Greg Stark asked for general list of work items to meet audit requirements [x]. Auditor replied twice with a list [x].
- 20090521 Discussion on data protection led to proposal to move Access Engineers into Security Policy / CAcert and out of Oophaga. Proposal not formally commented on by committee, but written into Security Policy.
- 20090526 Finances was raised on board list by Philipp Dunkel, because of comments by Auditor that funds were low given long delays [x].
- 20090529 Committee was presented with checklist for Auditor's Visit #2 of systems review, including many requests for attention [x]. No comment by committee.
20090601 Auditor formally requested committee for comment on funding for Audit, which was now some 9 months behind schedule but on a fixed funding [x]. Treasurer responded with pie charts and PDFs (but PDFs were not readable) [x]. These were augmented with a readable transactions list that was clearly at odds with the Auditor's records, extract published at AuditBudget. A red flag was raised. Discussions led to informal agreement to move transactions not ever notified to Auditor off the audit budget and onto CAcert's general budget.
20090609 In order to deal with the delays of the Audit, committee considered a motion to pay additional retainer and expenses for audit. m20090609.1 Motion was not carried by the committee 20090612.
- President wrote to NLnet Foundation to inform them of the termination of the audit. This terminated the funding agreement, with two of four tranches paid.
Lead-up to SGM
In the aftermath of the termination of the Audit, the following events and actions laid the scene for the SGM.
20090616 Members of the Committee reviewed the situation and attempted to lay blame. Teus Hagen sent private email to Philipp Dunkel blaming him for Audit failure. 1. Philipp Dunkel called a committee meeting, citing rule 12. Guillaume Romagny also withdrew his support for Philipp Dunkel and raised concerns about new applications for membership of the association "being rushed." Lack of confidence 20090624.
20090623 Final audit report to Community published.
20090624 Guillaume Romagny's comments caused some adverse response. Alejandro Mery stated that committee had decided to postpone new membership applications for the association. This caused more comment, including quoting rule 3.2.
20090621 Teus Hagen thanked Ian Grigg for efforts as Auditor. Ian Grigg responded with comment that he intended to join the Association. This caused adverse comment from Guillaume Romagny and Alejandro Mery. Nominations later posted by Association members.
20090623 Committee discussed whether a new Auditor was required ASAP. Added that 2 dominating issues for Committee were "lack of confidence in PD" and "linked" "termination of audit and funding." Appeal for no hurry in new memberships of Association.
20090624 Following some heated discussion, members of the Association called for an SGM on 20090724.
20090626 Following a private meeting, the Committee expressed lack of confidence in Philipp Dunkel. The transcript was requested, as well as public motion, by Philipp Dunkel. Motion was made m20090626.1 (but failed to pass). An Association member posted motion of "lack of confidence" in committee.
20090629 Nick Bebout starts membership drive. Several applications were received by secretary for membership of the Association.
20090701 Teus Hagen resigned from the committee. resignation letter.
20090708 The committee reshuffled: President VACANT, Acting President (VP) Evaldo Gardenali, Treasurer Robert Cruikshank, Secretary Greg Stark, ordinary members Alejandro Mery, Guillaume Romagny, Philipp Dunkel. m20090702.1
20090703 Following requests by members, the Special General Meeting was duly called for 20090725, 21:00 UTC. mail. Nominations were received, and discussions on the rule changes occurred.
The Special General Meeting 20090725
The Special General Meeting of 20090725 was duly held and chaired by vice-president Evaldo Gardenali. Minutes are to be approved at the AGM of this report. Highlights:
- The resignations of Teus Hagen and Philipp Dunkel were accepted, and both were thanked for their service.
- The large rule change was not carried by 75% majority required, and therefore failed.
- The motion of no confidence was carried by the majority, and the committee was removed.
A new committee was appointed under the casual vacancies rule: Nick Bebout, Mark Lipscombe, Ernestine Schwob, Philipp Dunkel, Guillaume Romagny, Andreas Buerki, Ian Grigg. A motion to accept the votes, as counted, was duly voted and carried.
The adjournment of the SGM marks the closing point in the period of this report. Further developments are remarked on in the Forward-Looking Statement, also for presentation to the pending AGM, but will be formally covered in the next year's annual report.
Following on from the prior year, the Security Manual was progressed throughout 2008. It followed these phases:
- 1st cut written by Pat Wilson after surveying industry practices and CAcert documentation.
- Reworked a little and filled out massively by Philipp Dunkel, Teus Hagen, Wytze van der Raay, Ian Grigg.
Philipp Dunkel introduced into the Board discussion a new Background Check policy for debate m20090203.2. Although taken through board in a narrow vote, this was eventually passed into the Security Policy/Manual.
- A late decision was taken to split it into a smaller Security Policy and larger Security Manual. This allowed a split in the document into harder principles under policy group control, and working practices under team leader control.
Security Policy was passed into DRAFT p20090327. This event gave the ability to start the audit over systems.
- CPS was gradually reworked throughout the year.
All information is verified. p20081016.
Checks over emails and domains were hotly debated. Auditor held the line that one single ping check was insufficient. Policy group proposed and voted on a two checks practice taken from a list of alternatives, into CPS. p20090105.1.
Arbitration 20090524 Arbitration list checked for activity by DRO. motion m20090524.2.
Disaster Recovery and Data Protection
- 20081222 Rasika, Philipp D, Philipp G and Iang met in Vienna. A basic Disaster Recovery plan was created, using the CISA format. Data protection was also discussed, and Rasika was asked to prepare a cross-country comparison (NL, GB, SE).
200903xx Board discussed in two meetings the data protection project. This discussion was caused by remarks of frustration by Philipp Dunkel. The result was a motion to mandate Teus Hagen to investigate and negotiate the situation m20090330.1, and a cooling off period of 6 weeks for Philipp Dunkel. Although it was claimed to be resolved, good relationships were never restored, which fed into the summer events.
2.1 Critical Systems
Board passed series of motions (m20080901.1, m20080903.1, m20080903.2) that set the scene for the move to Netherlands. These decisions were based on the "May Plan of 20080625" which laid out people, actions, budget (euros 5200). Updated 20090901.
- 20080930. Vienna data operations were shut down. The team in Vienna secured backups and drove the disks to Netherlands. Philipp Guering, Matthias Gassner, Matthias Subik, Iang. Henrik H reported to community:
From 29.September 2008 till 4.October 2008, the mission-critical systems of CAcert.org will be moving from the current location in Austria to the new location in the Netherlands.
These servers are moved to meet the requirement of the audit for improvement and inclusion with the mainstream browsers and other vendors. The Netherlands location is planned to host the servers in a full dual control and 4 eyes environment, at both physical and logical levels. As an audit requirement, this is essential for balancing the security of certificates. Furthermore, all non-critical systems like the blog and the wiki are already hosted in the Netherlands. This location in the Netherlands does fully comply to the audit criteria for secure hosting.
20081001 The newly-formed critical systems team in the Netherlands received the disks from the Vienna transport team and got the servers up and running by approximately 12:00 that day. Wytze van der Raay & Mendel Mobach, with Hans Verbeek providing Access Engineeer. Philipp Guering as consultant. This marked a significant improvement in providing physical security and dual control over most levels of access to the systems.
20091028 Board appointed Wytze van der Raay and Mendel Mobach as critical system administrators for CAcert. Motion m20081006.1
- 20090228. Old drives were destroyed in a workshop at Garnisongasse 7, an art/tech place. Destruction was done by disassembly, power-scoring and breakup of the platters.
20090308 critical systems team reviewed the Security Policy. Although still WIP, it was decided to push it through, and organise the first audit visit over this document. Reviews also conducted by Teus Hagen and Philipp Dunkel.
- 20090418 Plan for First visit for systems review announced for 20090504-06.
20090515 Stefan Kooman was appointed to critical systems administration team. m20090515.1 marking the first use of the new Security Policy approach to Arbitrated Background Check.
- 20090628 Signing server failed, possibly due to earlier air conditioning failure and consequent over-heating. Oophaga pursued and financed a replacement with diligence.
20080903 Board passes motion (m20080903.3) to authorise new roots, and later m20081008.1.
20080913. Roots/NewRootsTaskForce was created to research and design the content of new roots.
- 20081028. Guillaume Romagny and Teus Hagen created new roots in Netherlands. Auditor was in attendance. This attempt failed.
- 20081128. Guillaume and Teus again met and created new roots. This attempt worked. Teus reported to board 20081129:
The Root Key generation and subroot keys (2 + 2 spare for later) have been generated and installed on the signing server successfully in a full ceremony prepared by Guillaume/Teus, audited by Ian, at 1 am at Moboch Ssystem location, installed by Wytze/Mendel/Rudi Engelbertink (CAcert crit team and Oophaga) at BIT i n Holland.
The subroot keys will now be tested and evaluated. Philipp will look into that and is asked to report.
After that on board decision the sub root keys will be activated. Some thoughts of the constraints for this will be discussed on the policy email list as well.
20090101 Over the new year period, MD5 came under a cloud due to attacks. Investigations led to the conclusion that as CAcert certificates had server-side nonces in them, they were not (as) vulnerable. However MD5 has to be replaced in time, but this proves hard because most software was not ready. m20090109.1.
20090515 Auditor reports issues with new roots, however board was unable to respond.
- 20090422 Board approved m20090422.1 the scoping of new systems to meet (non-critical) infrastructure needs by Daniel Black (email sysadm). Daniel and Greg Stark negotiated with a hosting provider but without success.
20090508 Progress was slow, and full access was requested to the (non-critical) infrastructure systems. This was accepted as m20090524.1.
20090701 A call for new systems administrators went out. mail. Many responded and the new team was built.
- 20090303-06 A preliminary review of software by Auditor and programmers Philipp Dunkel and Mario Lipinski at CeBIT led to disquieting results. Plans were laid for a better review.
- 20090418 Review team met for one week near Innsbruck. Attendees: Philipp Dunkel, Mario Lipinski, Alejandro Mery, Auditor.
- During the remaining part of the period, Birdshack development was stalled primarily due to events of summer.
- Mario Lipinski created a basic selector for incoming REST calls.
- Philipp Dunkel created a deamon for Signing Server communications.
Dirk Astrath led a spririted effort to deliver a patch to solve the CCA rollout problem was started. This comprehensive patch was too big the Software Team's limited capabilities.
20090205 After being background checked, Alexandro Mery was appointed by Board as a new Support Engineer. motion m20090205.1.
20090324 Problems surfaced with Support over lack of tools.
- Support suffered little attention throughout the period, probably due to Audit pressure to place critical systems and then software at the top of the board's priorities. At Innsbruck, 20090418, Alexandro Mery briefed companions on difficulties, but this did not in the event change priorities of attention.
20090612 Alexandro Mery created a maillist as a staging or handling place for disputes. This list helped a stalled and hidden process.
- 20090125 Ted, Education Officer, reported on one year of CATS operation of the Assurer Challenge: 5000 tests taken, with around 2800 passes, resulting in 1375 "certified" Assurers as of that date. Now also available in German!
- Assurance Handbook received some progress throughout the year from many people, but primarily Bernhard Froelich.
- Bernhard Froelich started a process of Assurer Training Event which was picked up by Ulrich Schroeter and others.
20090405 A long standing request to turn off non-CATS-challenged Assurers was installed into the system. 1656 Assurers at that point. m20090408.1. Board immediately approved a mailout to effected ex-Assurers.
p20080712.1 Assurance Policy was voted to DRAFT. With Assurance Policy heading into DRAFT and then POLICY mode, there was much work to do in rolling this out. Although listed in part/detail on the wiki, progress was initially slow.
- CAP form was redesigned by Teus Hagen to include new Assurance Policy points, and a host of other improvements. This caused to be hard to fully integrate and implement, and after much hard work, was fully implemented.
Auditor attended CeBIT and personally reviewed several Assurers by being assured. Ulrich Schroeter independently developed this process into a formalised co-auditing procedure.
At CeBIT 2009, Sebastian Küppers took over the Assurance Officer role. mail.
20090516 The entire Assurance Team met in Munich for a miniTOP on Assurance, where the 1st audit review over Assurance was presented, including statistics and forward tasks for improvement. Minutes written and reported.
20090527 Greg Stark was appointed as Organisation Assurance Officer. m20090527.1
At CeBIT 2009, Ulrich Schroeter was handed the Events portfolio, after two years of service by Mario Lipinski. mail.
- Ulrich Schroeter then led an ad hoc team to take the ATE process initiated by Education across Germany. The ATE programme was improved and rebuilt many times.
- Innsbruck software meeting did an ATE at Innsbruck. Auditor did Prague, Budapest, Paris, London in an 8-cities Spring Tour across Europe (including Innsbruck and Munich, and non-ATE events in Vienna and Ede).
Client certificates were enabled for the CAcert blog. announcement. This made it much easier for many to write blog posts and comments, and reduced spam to nothing.
(end of report)