Team Reports 2011

Team Leaders are encouraged to present a report for their team.

Policy Group's Year of Conquest!


Significant Events

Future Work - Stuff we'll predict we'll do next year

By lack of a Policy Officer role (currently held by board) nobody seems to be responsible for coordination of Policys management (check policy states, reminder for voting from DRAFT to POLICY, WIP to DRAFT) and to manage a Policy repository migration plan.

Ulrich Schroeter

Audit Team Report 2011

Back in June 2009, the former Auditor leaves the Audit trail, to prepare CAcert's Community to become Audit Ready. The board of 2009 2nd half has redefined the goal:

Back in January 2010, the board decided a motion with a wider impact: Motion m20100117.3 "No new subroots on current root, plan for new root"

What does this means for CAcert - plan for new root ?

Based on the thoughts over the audit related tasks and projects that needs to be done before CAcert becomes Audit Ready a plan evolved and becomes published also under the requirement to present a prospective Audit view within the ATE presentations back in October 2010 with the blog post The Big Masterplan to become Audit Ready. In the meanwhile the plan has undergone some updates upto the current view:

The projects in detail:


Main policies work has been done by the Policy Group. Some minor work needs to be done like review of Policies in DRAFT state to state POLICY. Also a rework on the CAcert Community Agreement has been started and not yet finished. Another topic is a project within Software-Assessment project team to define and migrate to one single place of Policy Repository.


One of the main audit blocking factors is the CCA rollout project. This means, all members needs to be informed about the existence of the CAcert Community Agreement and the members have to accept this agreement.

The preparation is related to the Software-Assessment team, to add some modifications to the critical system, that acceptance to the CCA can be recorded either way. The 2nd topic, that all members can be contacted by a mass mailing.

By end of 2009, we had no working Software-Assessment area that fulfills audit requirements. So this project group has started their work back in December 2009.

Uli Software-Assessment is related also on a working Software test team. Once the Software-Assessment was build up, had defined a Software update cycle procedure, the software testing becomes more and more a topic to become the software patches tested before it will be applied over the critical system. A Software testteam has been build around August 2010. But activity in this area stalls. So this is a real audit blocker. This has been addressed to board that leads in the May and June 2011 Software Testers Reward Challenge to find more active testers.

ATE / Co-Audit

Assurer Training Events (ATE) is the Assurance area answer on the requirement to audit our Assurers regarding Audit over Assurance / Audit over RA (Registration Authority). Together with our former Auditor, the project to audit our Assurers so that it scales the assurers base results in the Co-Audit concept plan. Tested Senior-Assurers to be appointed as Co-auditors doing audits over assurers. The test results to be collected in the Casper system, that can be presented to our future Auditor. Together with the co-audit process to use the ATE concept to distribute an educational assurer training and information events to our assurers base.

The ATE series back in 2009 was the test that the co-audit concept scales over the assurers base. The ATE / co-audit series 2010/2011 that was started in spring 2010 at Cebit 2010 was the real co-audit collection for the Audit over RA. Currently we have about 4% of our Assurers tested. More to test.

From the ATE / co-audit series 2009 results we've expected to also find new resources for helping in the audit related projects and teams eg. Software-Assessment, Software-testteam, Software development BirdShack, Infrastructure sysadmins with experience in system migrations, experts with cryptografic background skills for the New Roots & Escrow project, people who can help on funding. Also people who can help in the existing teams: Support, Arbitration, Critical team. But this didn't worked as expected. In the ATE 2009 series we had mostly experienced- and senior-assurer attendees. In the ATE 2010/2011 we had more and more unexperienced or prospective assurers in our ATEs.

Infrastructure seperation

For the Audit over Systems (Audit over CA) one plan is to split the critical systems from the infrastructure systems, so an audit over the critical system becomes easier and a review over the infrastructure systems does not need to be done. This plan goes back into years 2008/2009, but had not been finished yet.

One of the plans is to move the non-critical systems out of BIT Ede, NL. So in the beginning 2010 the search for hosting providers had a focus. In June 2010 one hosting provider deal died 'caused by other issues. So in the 2nd half of 2010, the plan moves to first seperate the non-critical system from the critical system in the same rack to another hardware, later move the machine to another server room and probably then later to move out the machine from BIT Ede. This project leads on the documentation over systems - critical and non-critical. This has been started in March 2011 and finished in the meanwhile.

New Software / BirdShack

April 2009 review over Software at Software camp Innsbruck presented in the Audit Report 20090426 was:

The result was the New Software project BirdShack.

Since spring 2009 this project did not make much success. There is not much activity in this area. Late 2009, Software-Assessment decided to go a 2-way path, become the current software maintainable and work in parallele on the new software project BirdShack, so audit can pass either way.

No one picked up the task to push the BirdShack project yet. There are some ideas flewing around - eg. starting with software-camps to get developers around to start coding. But all did not happen yet.

CCA Rollout

One of the audit criterias of the written David Ross Criteria, the audit criteria that CAcert has confirmed to, that the CAcert Community Agreement needs to be disclosed to each member and accepted regarding the Riscs, Liablities and Obligations - in short, the R/L/O's needs to be rolled out over the community. Thats in short the CCA rollout.

This project depends on a working Software-Assessment group. The first milestone of this group was reached 2010-07-14 with a running testserver environment and a 2nd milestone reached at beginning October 2010 with a working software update cycle. Since than, several other issues prevents Software-Assessment to move forward with the CCA rollout. So this task is still on the working queue of Software-Assessment.


For running the New Roots & Escrow project and also to run the new Audit process, funding is needed either way. This has been neglected. Within the last 12 months no activity has been seen in this area. Activities to find people with experience in funding has been made on events and also ATEs but with no success. This topic needs some other channels to be enabled to get this running.

New Roots & Escrow

The last run new roots have been built was back in late 2008. Audit review in spring 2009 revealed a problem with the escrow process so these late 2008 built roots are named audit fail.

So this process has to be done again. But before starting with the create new roots process, CAcert has to work on the roots escrow project:

  1. select a escrow method that works for CAcert
  2. check the selected escrow method regaring risc management

The project page lists several potential escrow methods. Back in spring 2010, the escrow discussion was ongoing in the roots mailing list and ended with a presentation to the former board, but this process lacks a completed risc analysis.

Since than, there is some activity in the background, to move forward with this process. Also there are some activities in the Software-Assessment project team after the Class3 re-sign process (later more on this topic) had finished end of June 2011 his work. The topic that is in Software-Assessment project team workqueue is the CRL problem regarding new keys. This project is ongoing. Also the escrow risc analysis project is ongoing. Currently it seems that Software-Assessment project team becomes the working team for the overall New Roots & Escrow project. To coordinate the activities, to move forward with this project.

Audit over RA, Audit over CA

Since Audit has been stopped back in June 2009, there are still activities around to prepare the upcoming audit, but most of these activities are no longer centralized to one person. Tasks are pushed to the teams, to prepare their area to become audit ready.

Ian Most completion has been reached in the assurance area. Thoughts, if and how a divided audit can work leads to the definition of business areas:

This has been prepared by the former Auditor in the Audit until mid of 2009.

The advantage of a divided audit is:

  1. Audit over RA and Audit over CA is splittable and can be run individual, focus on RA, later focus on CA
  2. Audit funding for a seperated audit may become easier
  3. a finished Audit over RA probably can boost an Audit over CA

Audit over RA awaits the CCA rollout (see above), and some software fixes (preparations for CCA rollout). All other requirements for Audit over RA are in a good shape.


Audit next step is the CrowdIt disclosure system (read AGM - Audit Report 2010 - CrowdIt. CrowdIt, as a sort of wordplay on Crowd-Audit). CrowdIt is an emerging disclosure tool (based on the old DRC browser). This database needs to be filled with reports based on the Audit criterias the so called David Ross Criterias.

This project had been introduced several times, but it still gets no notice from the community as required to move forward with the Audit preparations. This project needs an expert with experience of the Audit terms, who can translate these into practicle reporting steps. So here we did searching for consultancy at the ATEs but didn't found no one as yet.

What has happened to audit in the interim?

Two new risks have to be dealt with in the future.

  1. The affair leading to an SGM in February ??? 2011 created an environment in which a cooperative community-driven audit such as last time is no longer likely. Although the risk of financial misdealings and accusations of same was always present, it was considered to be an acceptable risk given that the audit was an open process and all involved were part of the community. Indeed, the first audit was the primary driver in creating the community based on open governance. As audit always included itself, it was a powerful mitigation for reducing any risk.

    Now however we will have to deal with the risk of financial misdealings, and any accusations of same, in the future audit. This likely tips the balance towards requiring a commercial audit with appropriate insurance, and away from a community auditor without any insurance. This has fundings implications.

  2. In the last 2 years, CABForum, a group of cooperating CAs, has written a document to standardise basic certificates called Baseline Requirements. This document is proposed to vendors of software as the minimum for all CA-signed certificates. This will likely be accepted by vendors, and will become an additional or replacement set of criteria to which we will have to comply.

    Many of the things in the document we already have under control. Some things we lack. By way of example, dditional audits, a high-risk customer monitoring program, HSMs and more are identified as obligatory. These will also have funding and resource implications.

Prospective View

  1. funding. How much can we allocate an auditor over Assurance? Costs? Brutally cheap -- sleeping on mattresses? Or hotels? Or?
  2. we need answers to these questions in order to ask -- simply discuss -- options for bringing an auditor in.

Audit is the primary mission of the community. In order to meet the needs of the community, we need answers to these questions. If the attention is not given, or if ambiguous or convenient answers are given to critical questions, then the mission is not served, and big changes will have to be made, including changing the strategic goal away from audit. Time is not an option, and the job has got more difficult over time.

Ian, Ulrich


Infrastructure Team Report 2011

Peter's question brought the balls rolling to review current systems and infrastructure documentation. This leads to a rework of the systems documentation that had been started by Daniel Black, the former Infrastructure teamleader and now finished by Mario and the team, with assistance by the Critical team with a complete systems definition and documentation, that can be found under the Systems Overview.

Jan The new infrastructure machine (Infra01) has been setup as LXC host by Jan with input and help from Mario. Jan created implemented Python code ( to easily setup new LXC containers and to deploy ReStructuredText documentation to MoinMoin wikis.

Jochim The first LXC container was the Subversion repository machine Svn ( that was also upgraded to Debian 6.0 Squeeze and got support for client certificate authentication and SNI. The move of SVN from Sun2 to Infra01 is documented at SystemAdministration/Systems/Svn/Setup and should give an idea for future moves of other instances.

Other containers that are on Infra01 now are Blog (, monitor (Nagios) and translations (

The other non-critical systems are still on Sun2 and need to be moved to Infra01. The help of the system's administrators is needed to accomplish this task. Some of these non-critical hosts are not upgraded to recent Debian versions yet.

Based on this documentation, the Infrastructure seperation project has been started with the move of non critical systems to a new infrastructure host.

Ulrich Schroeter, jandd

Arbitration Team Report 2010-2011

The year in Arbitration

Arbitration Management Software

Lambert At starting of FY period within Arbitration, the deployment of an Arbitration management system was a topic for several Arbitration team meetings. The introduction of OTRS as the Support's management system was not the favorite as management system for Arbitration. Despite the fact every Arbitrator was encoraged to apply for an OTRS account, only half of the Arbitrators followed the request. This didn't changed until end of the FY period.

In spring 2010 a new arbitration management system was proposed, but did not get finished to a preview state, so Arbitrators decided to use existing tools Wiki, Mailing lists and Email archive for Arbitration work. The wiki system was adjusted with a "private" part for arbitration case files, that can be included in the public files. With about half a year of experience Arbitrators can work on the cases like on a desktop. All informations present, but only those parts public that are considered public.

Hans The question of reliable storage of arbitration communications was answered with the arbitration-archives mailbox, that has to be cc'd in each Arbitration emailing so each mail is copied to the Arbitration email archive. So if a non-working arbitrator gets replaced by another arbitrator, and an inactive Case Manager gets replaced by a new Case Manager, the complete mailings can be requested from DRO, to open the archive for a specific case.

The wiki admins have been pushed for a system migration to client certs only write access. This would give abilities for Arbitration to finegrade the access permissions to arbitration files to arbitration participients. But this project stalls for over one year.

Arbitration Team Meetings

Martin Regular Arbitration team meetings, that were introduced back in January 2010 still continued over the year until around April 2011. At the end more and more Arbitration team meetings had been defered to the next meeting. The count of attendancies droped from meeting to meeting so in the end only two arbitrators meets together, to adjourn the meeting to the next meeting. The last meeting was scheduled for 2011-05-03 but nobody attended and the recuring meetings droped off.

The Team

One of the topics at the Arbitration team meetings that raised off the agenda again and again was the question:

Arbitration team did many thoughts but still ends in the same conclusion. It lacks resources. Resources of people with enough experience within CAcert. A related definition has been given thru Assurance team. That is the definition for Senior-Asssurer (definition Senior-Assurer in Assurance Handbook). Back in 2009 the run for new Arbitrators was bundled with the ATE series and we found about 8 new Arbitrators. So this was pushed to the Co-Audit team running the ATEs to add the Helping CAcert presentation to the ATE presentation collection with a note we're looking for Case Managers and Arbitrators.

We could not repeat the results in the ATE series of 2010/2011 in the run for new Arbitrators, as the attendencies structure back in 2009 with over 90% of Assurers, familiar with the CAcert structure was not similiar to the attendencies structure in the 2010/2011 ATE series. Many new faces, much more prospective Assurers less "old" experienced Assurers or Senior-Assurers that we expect has enough experience to pickup the task to become Case Managers and Arbitrators. So at the end, we did not get any new Case Manager / Arbitrator candidate to the Arbitration team. One gleam of hope we've received after the ATEs WDC and NY with 2 requests for application.

Another question that araises was about unresponsive arbitrators. At July 2010 we had about 15 Arbitrators on the Arbitratos list. So the first run to remove inactive Arbitrators was started that ends with a removal of 2 Arbitrators from the list of active Arbitrators. One other resigned by himself as of private issues so we now have 12 Arbitrators on the list (see Arbitration statistics table 3). The removal of inactive Arbitrators was backed up by 2 procedures, one defined by the Arbitration team and thru Arbitration "What to do with inactive arbitrators procedures" that was handled under Arbitration case a20091126.2 and by the Board Motion "Provision to remove arbitrators on advice of DRO" motion m20091206.2.

Precedent Cases

With the problem of increasing busy and inactive Arbitrators one answer often heard was:

This topic has been taken seriously. Over the year Arbitrators handled cases also under the view to bring the case to precedent so as a result we've at least doubled the precedent cases, where recuring issues can be handled by Support without further action by Arbitration.

The handled cases includes the now well known

procedures, that still gets support by the Assurance area and the Support area.

All other cases has a Name Change issue with small modifications, typo corrections, misleading join form resulting in name mismatch problems, that needs to be handled under Arbitration. Also special chars, UTF-8 incompatibility of our CAcert main website - problems that probably do not occur if the website has been updated to be fully UTF-8 aware to also handle diacritics in names. This needs to be addressed to the Critical team and the Software-Assessment team to prepare a UTF-8 migration plan for the overall critical system.

One name change request case should be named seperately - the hyphen rule precedent case. CAcert is an international organisation and the different handling of hyphens in names in different countries was often the topic for new Arbitration cases. In Germany the local law defines: 2 names combined by a hyphen are considered to be one name (that cannot be split). The common law does not know such a hyphen rule. Its completely unknown. Transfering the German names with hyphens to Common law world systems hyphens in names mostly gets stripped. So the hyphen rule precedent case takes this into account, that CAcert defines his own rule here, to allow names with hyphen to be also handled as there was no hyphen between two names. In summary: the hyphen is either optional in names, no matter from which country the name comes from. So here CAcert has set an international standard.

Precedent cases (with ruled documentation under dispute file) handled in the period 2010-07-01 - 2011-06-30


Alexander P. Rules have been deployed and ruled thru Arbitration, that allows removal of inactive Arbitrators.

  1. The removal of inactive Arbitrators is proposed to DRO
  2. DRO tries to contact inactive Arbitrator and tries to find a solution
  3. -or- proposes the removal of inactive Arbitrators before Board, that handles the case thru a board motion


While working with arbitration cases and the backlog, new cases receives the arbitration queue thru OTRS - Supports ticketing system. But only half of the Arbitrators have followed the request to get an OTRS account, so the new cases are only handled by about 1-3 Case Managers/Arbitrators, to be moved out of the OTRS disputes queue into the Disputes mailing list so that new cases can be picked up and to be added to the Arbitration queue in the wiki. Until a Case Manager and Arbitrator is appointed to a case, the handling Arbitrator who moved the case from OTRS into the Arbitration queue is to be named the Initial Case Manager, with no authorization over a case. He only manages the transfer of new cases between the communication channels and to inform the dispute filing parties that the dispute filing has been received in Arbitration and to send information about the assigned case number. Later the Initial Case Manager gets replaced by the Case Manager who takes care about a case as Case Manager.

Sebastian By mid of Oct 2010, there was still about 30 open "Delete my Account" requests on the Arbitration queue. We've started a deployment of a standardized procedure for Arbitrators, that Arbitrators can walk thru in handling default "delete my account" requests that includes the results taken from the Arbitration team meeting back in January 2010 about the "Delete Accounts" topic. Further it includes the yet deployed "Delete Account procedure for Support-Engineers" that gets adjusted to manual steps in deleting accounts. Within a few working sessions and meetings the procedure had been deployed and added to the Arbitration lessons with two proposed workflows for Delete Account Requests. The procedure takes into account, that the given Dispute Resolution Policy (DRP) requires the acceptance of all arbitration participients before a case can be started, but in a delete account request case, a user has first to accept CCA to become CCA terminated in the ruling. So therefor the requirement to request for acceptance of CCA before the Arbitration case can start has been changed with a deadline procedure. The user receives a request if he accepts CCA and confirms the Delete Account request. If no response received within a 14 days period, the case starts without users confirmation to be considered an administrative delete account procedure w/o users confirmation. This allows the Arbitrator to continue delete account request cases without written confirmation by the user to block off the blocking issue in processing delete account cases.

End of Oct 2010 we started a run on bulk handling of 30 Delete Account cases, 3 sets of 10 cases each with a pair of a Case Manager and an Arbitrator. 3 Case Managers and 3 Arbitrators works on that run. Currently 23 cases are now closed and 7 of these 30 cases are still running.



Delete Account Cases - Part II

Decreasing Arbitration Backlog

Uli Since starting with the ATE series back in spring 2009, Arbitration built up an Arbitration backlog that didn't get rid yet. Two forced pushes have been started to drop the backlog. Also one run to prevent increasing of the backlog again:

By end of June 2011 the overall backlog could be droped from 80 to 62 cases.

One more problem discovered relates to Arbitration backlog and Logging capabilities on critical system. Logging is limited to a range of 6-12 months, so Arbitrators has to assume, that after 6 months evidence gathering thru logfiles is impossible. This pushes Arbitration to handle open cases before a 6 months deadline.

Arbitration future prospects


Arbitration Statistics

Statistics by Year (FY)

Statistics period July 2010 - June 2011

Long term statistics 2008 - 2011


Software-Assessment-Project Team Report 2010-2011

By end of 2009, CAcert had no working Software-Assessment team, or better, the team was a one person team that doesn't fulfilled audit requirements. So this project group has started their work back in December 2009.

Markus The ambitious plans that were made at the Essen Software miniTOP mid Dec 2009, to deploy a testserver environment similiar to the production system the Critical team has deployed around January / February 2010. But this was the starting point of the real hard stuff work. It tooks about half a year, until the system was up and running, so software testers could use this system for testing.

The milestones

In July 2010 the Software-Assessment project team announced their 1st milestone reached with the running testserver-management-system - short TMS. This was the starting point that patches could be tested without root console access to the testserver, so every community member can help on software testing by using the TMS to set their environment for testing on the testserver.

The second milestone was reached 3 months later beginning October 2010 with the first passed Software-Update-Cycle. A simple patch for testing the Software-Update-Cycle, tested on the testserver, reviewed by 2 Software-Assessors and forwarded to the Critical team for implementation including documentation under

The "Thawte" patch

Dirk Next on Software-Assessment project team workqueue was the "Thawte patch". November 16th 2010 was the by end of 2009 announced expiry date for Thawte transfered assurance and experience points. The problem with current implementation of Assurance points and Experience points is, that the Assurance- and Experience points are hardcoded into the database. So updates (eg. revoke assurance, removal of points) cannot be handled easily without alter the database. So therefor the developers decided for a plan to turn the points counting order first, last assurances counts. By removal of Thawte points users can receive updates by new assurances and also with experience points. So the patch was proposed to be in at least two steps:

The November 16th deadline passed without further activities - Software-Assessment hasn't finished the "Thawte" patches.

Until today the step 1 patch didn't it onto production. By end of June 2011 we now have an updated patch on the testserver under testing that revealed another problem in the "old" software points assignment procedure, that needs a fix first. So all to say here: the "Thawte" and "turn-Points-order" patch is still under testing and the "Thawte" project is still delayed.

Software testing

Software-Assessment is related also on a working Software test team. Once the Software-Assessment was build up, once Software-Assessment has defined a Software update cycle procedure, the software testing becomes a topic to test the software patches before it becomes applied over the critical system.

A Software testteam has been build around August 2010 for either test the testserver and the testserver-management-system. If the testserver is usable for testing, if the testserver is comparable to the production system. After finishing these tests, it tooks a while to bring in the first real patch - the "Thawte" patch. The deployment of the "Thawte" patch was defered week by week. In the meanwhile the Software-Assessors added other patches to the testserver for testing.

But activity in the software testing area stalls. The "Thawte" patch was EasterEgg2011 probably a hard big bang, so the testers was swamped. So we've added easier patches to the testserver. But again, no response from the testers. With regular announcements to the Software testers, no one patch becomes tested. At eastern 2011 we've started the Software-Testing Easter Egg Challenge also to find more active testers. But 0 response so far.

This situation is a real audit blocker. So this has been addressed to board that leads in the May and June 2011 Software Testers Reward Challenge to find more active testers. But the May results finishes with 3 reported tests by 2 software testers and June finished with 3 well known to the community software testers with a total of 5 reports by 6-9 still running added bug fixes to the testserver. The Software-Testers Reward Challenge was announced thru CAcert's blog, CAcert's wiki and also in the CAcert's public general mailing list. These channels did not bring one more software testers into the team.

Some ideas that are not new flying around to start with Software camps for Software development and also Software testing. Bring in as many developers and users into a camp for starting hacking. So this is a plan for the next period.

Class3 Re-sign project

The Class3 Re-sign project evolved to a great success story for the Software-Assessment project team and so also to other teams with fresh ideas and resources.

Back in January 2010 (see also Audit team report), the board decided a motion with a wider impact: Motion m20100117.3 "No new subroots on current root, plan for new root". From this plan evolved the Big Masterplan to become Audit Ready including the New Roots & Escrow project. Some thoughts was, to pass the New Roots project till end of 2010 or beginning 2011.

The Policy group activities stopped mid 2010. The Audit team is too small to pickup such task. Next time this becomes a topic was January 2011, with another withdrawn board motion m20110212.1 "Discontinue issuing certificates from Class 3 root". This motion can be seen as a starting signal to put this topic to the recuring Software-Assessment project team meetings to the agenda.

Mozilla's announcement Dates for Phasing out MD5-based signatures and 1024-bit moduli has set a deadline to June 30th 2011. One of the Software-Assessment project team topics on the teams tasks was to get the signer up and running on the testserver machine. Andreas Bäß and Markus Warg who worked since spring 2010 on this project gets support by the new Software-Assessor Michael Tänzer so at the end Markus and Michael got the signer up and running. Also to name the Critical team here, who did a backup of the current two running scripts on the production server on their between Christmas and New Year maintenance visit. Andreas created a testRoot and testSubRoot. So the testteam could begin testing with client and server certificates on the testserver.

In April Michael presented an idea for a smooth Class3 upgrade procedure in the Software-Assessment project team meeting. A call to the Software Testteam goes unheard. So the project team scheduled a workshop sesson close before the next starting May Board meeting. Within this 3 hours workshop sesson Michael deployed the Class3 subroot Re-sign procedure. 3 other project team members started testing with the new Re-signed class3 Test-subroot that revealed, that no problems occures. This was the signal to present the Class3 Subroot Re-sign procedure to the Board to push forward this project.

Board decided in their 2011-05-15 meeting with the motion m20110515.2 that CAcert upgrades their class-3 subroot. As current PR officers seat is vacant, this role currently is held by the Board. So Board asks the community to assist in the preparation of a press release with the board motion m20110515.3.

The task to write a press release has been picked up by Alexander Bahlo, who also helped in the past to write the Call for Papers for event applications like Cebit 2010, Linuxtag Berlin, BLIT Potsdam, Fosdem 2010 and Fosdem 2011 and much more. With experience in this area, we found a longterm member to assist this project from the Public Relations side.

The Software-Assessment project team meeting moved to the Class3 subroot Re-sign project meetings. The meetings are running thru a telco server that is provided by the Dutch CAcert Assurer Kees van Eeten.

A timetable has been deployed. The procedure has been sent to the Critical team. The press release has been prepared. A working page for the text updates (Class3 fingerprint updates) and a list for press release distribution has been prepared, so on the day X, all was prepared to push the Class3 Re-sign project. Some patches was prepared by the Software-Assessors and also sent to the Critical team for applying to the critical system at the GO.

At May 23th 2011 the Critical team executed the Class3 subroot Re-sign procedure, so the new subroot was present for the GO.

A Support FAQ page has been prepared to support Support about user questions.

Alexander B. At June 5th Board gaves the GO for distribution with the motion m20110605.2 approval of press release, blog post and members notifications.

The proposed rollout day was set for the period between 2011-06-15 - 2011-06-20. A request for translations of press release was sent out to the community so at the rollout day we have a German - Dutch - French - Spanish - Russian translation of the English press release. A dispute filing has been started for mailing Organisations under the Organisation Assurance program, that contacts can be informed about changes that effects Organisations (Class3 subroot software rollout within Organisations, update of webservers under Organisations control)

Based on the upcoming holidays, the rollout day has been altered. The final date set: Friday, June 10th 2011.

The coordinated replace of the new re-signed Class3 subroot, the replace of the affected software by the Critical team, the press release distribution, the blog post by the PR group, the changes of the wiki pages, documents within the SVN, the mailing in the mailing lists by the Software-Assessment project team members started Friday afternoon June 10th 2011.

Until today we did not receive any major nor minor problem reports regarding the Class3 Subroot Re-Sign. The started dispute file is currently running. The ruling will not help for the Class3 Re-sign information as the deadline did pass, but for the upcoming New Roots & Escrow project a precedent ruling will help. Also to fill the gap in communication within Organisation Assurance area to contact all assured Organisations.

Summary: The successful finished Class3 Subroot Re-sign project can be seen as a test for the upcoming New Roots & Escrow project rollout. The project team identified the key areas that needs to be contacted. The documentation of this project is also an instruction list for the New Roots rollout.

Thanks to all the members who helped to get this project running and that we've finished successfuly.

Weak Keys / Weak Passwords Arbitration cases

March 11th CAcert received an email from a member reporting a security issue, with the announcement, to publish a weak keys problem soon, giving CAcert the chance to prepare and install fixes on their systems. This case has been refered to Arbitration to be handled under:

The Arbitrator works hand in hand with Software-Assessment and the Critical team. This case can be seen as a project with involvement by several CAcert teams too. The weak keys problem resulting in revocation of a couple of certificates, that falls under one of the following criterias:

  1. Cause: Small Key Size
  2. Cause: Exponent is too small
  3. Cause: Debian Vulnerability

Details can be found under the wiki page WeakKeys.

A roadmap of further actions has been deployed. First issue was to find the weak certificates/keys, notify their owners and then revoke them. The second issue was to modify the software that weak keys are not accepted any more in the future.

Ted The process in handling these problems started with a global systems check over all CAcert issued certificates with

affected certificates. This Arbitration case has been finished with a final ruling in July 2011. The complete process has been disclosed by the Arbitration file.

A second security issue effects weak passphrases that were used to secure user accounts. The problem started with the bug report that users using the sample password "Fred Smith" from the enter password pages. This case als has been refered to Arbitration:

The roadmap was similar to the Weak keys issue roadmap, first to identify the effected count of accounts and a second step to fix the issues.

A fix has been implemented August 1st, 2011 but the arbitration case is not yet closed. So details will be disclosed later by closing the arbitration case under the arbitration file.

Each of these "Weak" issues affected 3 bug numbers each:

Software-Assessment and Software Testteam works thru hand in hand with Arbitration and the Critical team. The weak keys issue could be handled with the Testserver built including the activated test signer. The impact of these 2 security issues was on a broder basis, not only fixing a bug, but also doing investigations and deep system analyses on the critical systems data that needs assistance from Arbitration to get the issues fixed. So these 2 cases can be also seen as a success story of CAcert teams shared project work.

Testserver deployment / Disaster Recovery test

The testserver deployment can be read as the step towards Audit in the Systems area regarding disaster recovery.

The testserver that was deployed by the Critical team back around January 2010, did undergo the Software-Assessment project team and Software Testteam test in July, August 2010.

The problems found:

The signer deployment tooks about 9 months to finish. This was less a problem of a disaster recovery szenario, but a problem of the testserver host, as the running server was up and running and the signer needs to be virtualized to a VM environment and to communicate with the testserver.

Later on, the test signer was also up and running, one more problem has been identified:

Summary: On a complete database restore after a disaster issue, the missing data is already available. On a system buildup from scratch without restore of the "critical data", at least 4 tables needs to be pre-filled that a system can be used from scratch in production. No further problems found.

The testserver host has also become a test platform for OS upgrade and application upgrade tests by the Critical team with a second testserver.

Root access to the testserver machines is limited to the Critical team and the appointed Software-Assessors. This is about to keep the testserver in a state that is as equal as the production system. A VM image of the running testserver cacert1 has been copied for download and local usage by software developers at April 21st 2011.

Currently the testserver host, that also helds the central new software repository under git is hosted in Frankfurt in a server room. The plans here are to move the machine to a new hosting provider. Here the team works together with the (non-critical) Infrastructure team to find a new hosting provider so the non-critical machines and the testserver machine can be moved on to one or two machines in the new hosting provider server room.

Projects in the Software-Assessment project team pipeline

The tasks for the Software-Assessment project team has moved to also taking the leadership in projects that are system related. This has been shown in the Class3 Re-sign project as such a project first needs team building that didn't happen if no one picksup such a task. The Software-Assessment project team is a working team not limited to the Software-Assessors tasks. Its more a communication platform that allows pickup of projects and their deployment. Especialy if multiple teams has to work together (eg Class3 Re-sign project -> Software-Assessment, Board, Critical Team, PR).

The recuring Software-Assessment project team meetings are a fixed schedule, seldom defered. Its open to all who can assist with their experience either way to bring the projects forward that are on the task list:

Policy and Arbitration ruling based Software fixes

Since the Software-Assessment project team starts working the task was focused on the "Thawte" patch. As this patch did not make such progress as expected, other issues evolved like the Weak Keys problem, Weak Password problem. In 2010 two Assurance subpolicies has been voted to DRAFT by Policy group. Several Arbitration rulings results in new bug reports, that Software-Assessment needs to take care about.

Marcus In the meanwhile Software-Assessment deployed a parallele handling of new patches handling, so the the "Thawte" patch no longer blocks other essential bug fixes.

Next in the work queue:

CCA rollout

CCA rollout is the audit project to inform all members about existance of a CAcert Community Agreement and to request the acceptance from the members. Before a CCA rollout can be started, it requires system design adjustments, so that CCA acceptance can be auditable documented.

A couple of patches have been applied to the old testserver back in mid 2009, and have been removed late 2009 as no testing did happen.

In the meanwhile with the Class3 Re-sign project experience the CCA rollout can be seen as an individual project not limited to Software-Assessment only, but also to other CAcert groups and teams (audit team, board, arbitration, policy group, infrastructure, critical team, support). This project requires a mailing to the members, that needs approval by board and or arbitration to be handled under Critical team and/or Support. The members that cannot be reached by the mailing and also not responding members will result in an unknown count of administrative account removals that needs handling thru Arbitration and Support. This needs to be prepared before the CCA rollout can start with either Arbitration precedent ruling or a similiar prepared procedure, that handles such cases efficiently.

So probably Software-Assessment project team has to pickup the project leader role for this project, to make progress with this audit blocker project.

New Roots & Escrow

The next big audit related task is the New Roots & Escrow project.

Software-Assessment project team picked up the task relating the question how sufficiently the New Roots project can handle CRL's. This is based on the last discussion results in the roots mailing list regarding multi-member escrow method.

The New Roots & Escrow project can be split in three working areas:

  1. New roots ceremony creation
    • this has been tested back in late 2008, the procedure works and can be repeated
  2. Find a CRL handling procedure and mechanism with the new roots
    • To set the Root offline, CRL handling requires a sub infrastructure for CRLs. A potential solution can be the indirect CRL handling as defined under RFC 5280. This needs testing first before this can be implemented
  3. Find a proper Roots Escrow method, that works for CAcert and CAcerts limited resources.
    • The Escrow project is not realy a Software-Assessment project. There is some progress here by some individuals, but infos receives Software-Assessment project team, so that coordination of the sub projects will probably result in a project team leader role for Software-Assessment project team in the future.

Martin The CRL project is currently under Software-Assessment project team recuring meetings topic, a test lab scenario has been defined but needs further testing.

Automated Software Testing

Automated Software Testing is a topic of Continous Integration (CI), a method in software development.

Automated Software Testing is a topic that has been on the agenda for Software-Assessment project since the team starts working. But sadly, did not get that much support as expected. So the Software-Assessment project team still continues searching for experts in this area. With the skills and experience to deploy an automated software testing environment that can be used to automate CAcert's software testing.

The Software-Assessors team

Starting July 2010 there were 3 Software-Assessors appointed: Philipp, Markus, Dirk.

By starting the active period for software updates, Software-Assessment project teams comes along, that we need more active Software-Assessors, especialy if one of the Software-Assessor is also an active developer.

This leads in the proposed new Software-Assessor Michael, who had passed his ABC in role as Support-Engineer. Michael accepted his move from Support to Software-Assessment. This process finished with Michaels nomination to become Software-Assessor.

But again, in early 2011, the team is running low on active Software-Assessors again. So Software-Assessment project team searched for candidates to become Software-Assessor. Ted accepted his nomination. After passing his ABC board nominated Ted as 5th Software-Assessor March 2011 with board motion m20110307.1

The Software-Testteam

In the Software-Assessment project deployment, the building of an independent, but Software-Assessment related Software Testteam has been started, to seperate the Software testing from the development and deployment process. An additional independent instance within the deployment process, that checks and tests the proposed fixes before they are deployed to the production system.

Uli In the meanwhile the Software-Testteam identified a couple of critical system issues related to proposed bug fixes. To give an example:

Without a running software testteam this problem probably hasn't identified yet and could lead to improper assurance points allocations. But as said, this issue has been fixed.

Without a deployed automated software testing system, the software tests have to be made manualy. This needs resources. But there is no requirement, that software testers have to be Software-Assessors. So therefor everybody can help in the software testteam. Everybody who joined CAcert by creating an account thru the join page. Software testing is similiar to the working with the production website - except: documentation. Every test step to document in a report, that becomes part of the software deployment process.

A first software test team has been build mid 2010. By starting with continous software patches the software testers were all gone. The Software testteam did not get any new member by the Software Testers Reward Challenge so now the team is working with 2 main software testers and about 2-3 addtl. supporters. An overview of the current Software-Testteam can be found on the wiki page Software Test Team and availability.

Software-Assessment Documentation

The Software-Assessment project team documents their activities under the wiki page Software/Assessment including their weekly meetings with agendas and minutes.

The central documentation database is the mantis bugtracker The bugtracker is also the documentation site for the software tests reports.

The bugtracker has been customized by the Software-Assessors so the system now allows the listing of reviewed bugs. The system will be used to report new bugs, to document the roadmap for a patch, the review states by Software Assessors, the software testing reports and the deployment to the critical system. So this system will be used by at least 5 groups/teams:

  1. users/members reporting bugs
  2. software developers picking up new bugs for development
  3. Software-Assessors reviewing the patches
  4. Software-Testteam to test and report the patches testing
  5. the critical team, to document the system implementation

The process of Software-Updates has been documented under the wiki page Software/Assessment/Documentation and the documentation for the bugtracker under the bugtracker documentation. Both can be used now for a review of the Security Policy and the Security Manual regarding Software-Assessment.


07/2010 - 06/2011

07/2011 - today

Software-Assessment stats 2010-2011


Michael The work of Software-Assessment project team that has started back in Dec 2009 was first focused on the big patches: "Thawte patch", "CCA rollout". The focus moved in the first half of 2011 to a parallele work, adding more patches into the working queue, to be handled by Software-Assessors and Software-Testers. With the deployed update process, that allows parallel processing of patches, the team becomes active in the 2nd quarter of 2011. The result can be seen also by statistics with a couple of patches fixed starting June 2011, July, August 2011. All these patches added into the queue as a side effect of the Software Testers Reward Challenge. So we have now about continously 10 patches in parallele in the pipeline.

A second side effect of the parallele processing of patches allows a fast processing of emergency patches, to bypass the bundles of patches in the pipeline. So one more of the open topics in the Software-Assessment project tasks can be closed now. The 3rd milestone "Build + Document Emergency Patches Path".

Ulrich Schroeter, Dirk Astrath, Michael Taenzer, Bernhard Froehlich, Martin Gummi, Marcus Maengel, Alexander Bahlo, Marc-Oliver Hofmann

Critical System Administrator Team Report July 2010 - June 2011

Webdb server

No major changes were made to the hardware infrastructure for the CAcert servers in the past reporting period. A major software upgrade step was the switch of the webdb server from the no longer supported Debian "Etch" release to the Debian "Lenny" (oldstable) release in December 2010. The second part of this upgrade (applying the same changes to the chroot environment in which the webserver runs) is still due, and is slated for the summer of 2011.

DNS service

Wytze The DNS service has been raised to a new level of security by adding DNSSEC-based signatures to the CAcert zone files, and installing the OpenDNSSEC software from NLnet Labs to manage the DNS signing keys and signing process. Due to the lack of support for the DNSSEC protocol at, which has served CAcert for many years, we had to say goodbye to them. Fortunately we have been able to find four external DNS (slave) servers with full support for DNSSEC in addition to our own (master) server. With SNS@ISC PB Anycast service among these, CAcert's DNS availability is now better than ever before.

OCSP and CRL service

The OCSP and CRL services were migrated in mid-June 2011 from the shared infrastructure server sun2 to the fully critical-admin controlled server sun4. Much effort has been spent on configuring and patching the OCSP server software (from the OpenCA project) to raise the reliability of the service to an acceptable standard. By switching to the openca-ocspd-1.9.0 software base with a significant number of local patches we have achieved this goal. The service can now essentially run unattended without a recurring need for manual restarts etc. In addition the propagation delay of updates to the certificate revocation lists has been reduced.

Backup service

The boxbackup server was upgraded and reconfigured to provide real-time mirroring of all backed up data over two disk drives. Critical services running on the sun4 server have also been reconfigured with real-time mirroring of their data.

On-site visits

The log of visits to the hosting facility shows the following "on site" activities:

Interesting to note is that the number of visits (5) was considerably smaller than in the previous year (8), and only two of them could be labelled emergency visits.


All other (i.e. most!) system administration work has been performed remotely. Issues directly affecting the operation of the webdb server continue to be logged to the mailing list (archived at ) with headings like "configuration change webdb server", "security upgrades webdb server" or " checkin notification". This logging is now also used for changes to all other services like DNS, OCSP etc. under critical-admin management.

Interaction with infrastructure services

Mendel In the previous reporting year it was hoped that the manageability and auditability of the critical systems could be improved by moving all (non-critical) infrastructure services out of the current hosting center to elsewhere in 2010. This does not seem realistic anymore. Instead, an effort has been started to setup sun1 as a new infrastructure server, with a more modern and better configured software base, and easily separatable from the critical systems. The critical-admin team has set up the base server and handed it over to the infrastructure team at the start of 2011. Since then the svn and blog services have been migrated successfully to this new setup. Unfortunately, the goal of freeing up sun2 entirely by mid-2011 has not been reached. It is important though that the remaining migration work is sped up, since we need this hardware soon for migration of the critical webdb server which is still running on rather old and aging hardware.

Cooperation with Software Assessment Team

We continued to support the Software Assessment Team by maintaining a test server (on a virtual machine) which looks as closely as possible to the production webdb server. Signing capability was added to this test facility. A second test server has been set up for preparing the Etch -> Lenny upgrade described above. Besides creating a usable test environment, this also served to strengthen our capability for (re-)building a new webdb server from scratch, documenting many hitherto obscure aspects of the current production server (which is essentially inherited from its original author, quirks included). The patch process developed by the Software Assessment Team has resulted in a number of successful patch updates to the production server.

Team change

Unfortunately, we had to say goodbye to Stefan Kooman as member of the critical sysadmin team. He has started on June 1, 2011 in a new job as Unix Engineer with BIT, the hoster of CAcert's equipment. Due to CAcert's security policy this role is not compatible with a critical sysadmin position. We want to thank Stefan for his contributions over the past two years, and we are also happy that we don't loose him completely, as he has recently joined the Oophaga Access Engineer team! As a side-effect of this team change, all critical passwords (root, grub, file system encrytion etc.) have been changed at the end of May 2011 to ensure that they are only available to the current team members. This change was a good security exercise in itself.


Plans for the coming year include:

Wytze van der Raay, Mendel Mobach, Stefan Kooman (until June 2011)

Education Team Report

Management of CATS and the Assurer Challenge

The CATS user interface has been translated to several new languages: spanisch, french and dutch. Since review of a second native speaker is missing the new languages are still not installed on the productive system.

Also translation of the Assurer Challenge test to french and spanish have been started, but are still in work. Dutch translation did not make progress since last year's report.

Ted A new kind of test, the Triage Challenge has been created by the support team using the CATS platform.

The long standing bug when tying CATS with a class 3 certificate has been tracked down and fixed.

During 2010 (numbers only available per calendar year), 166 PDF certificates and 20 printed certificates for passed Assurer Challenges have been issued.

Some statistics for the time July 2010 to June 2011:

Supporting ATEs

ATEs have been supported, by providing access to the SVN repository to store presentations updated by the Event Team and by doing some review of those documents.

Consolidation of training documentation

The WiKi page Brain/EducationTraining has been updated to link training and education documents provided by the different teams.

Prospects for the next year

Not many differences compared to last year:


Events Team Report 2010-2011

In the FY 2009-2010 we had 52 Assurance Events in total, 4 of them were announced as ATEs.

2011: in total 36 Assurance Events takes place with 16 Event reports received (44%).

2010: in total 45 Assurance Events takes place with 10 Event reports received (20-25%).

Walter Assurance Events by Countries:

Event Reports

Dominik The Events Reports problem did make some progress. Starting Audit over Assurance back in Spring 2009, Auditor requested to bring in an Event report for each passed event with a statement from the Events Organizer, that all assurances conducted by Assurance Policy. The ongoing reminders results in a double of events reports received related to the count of assurance events. But the quantity needs further increase.

Event reports are not just for fun. Event reports will help CAcert in passing a future audit as the event reports delivers evidences in the assurance area that assurances given followed the policys. If there is some more info written in an events report this may help also other event organizers in organizing an event. But the main topic is a statement by the event organizer what he has done to prepare the event to become an event that followed AP.

Cross Community Work

Dirk The cross community work that was started in Autumn 2009 continues in last period. A couple of ATEs were sponsored by other groups or rooms were made available. At events CAcert works together with OpenOffice, OpenSource-Treffen and Sidux. secure-u has become a sponsor for the Germany ATEs.

With the relation to other OpenSource groups we can share the work on booths, we can bundle the resources. E.g. if we have not enough Assurers for a booth we built a network of Assurers at an event like Linuxtag or shared our booth with other groups eg OpenOffice at Fosdem.

Support on Events

Peter Support from the Community for Events did shrink. This also can be read in the count of events (-33%) against previous period. The "human resources problem" that we discover this year has also been discovered in the events area. The "big events" Cebit and Linuxtag Berlin has shown a big problem in activate the assurer base. Without a booth we've managed this years Cebit with an alternate plan to be available at the fairground at noon for an hour with some assurers. The Wednesday and Saturday meetup we've met around 40 assurees (back in 2009 this was the count of assurances in half of a day by an assurer) so an estimate of less then 10% of assurances compared to 2009 or 2010 were given. Linuxtag day #1 started without any CAcert attendance, so an emergency call with a scripted mailing activated at least enough assurers for the day #2 and upcoming days.

Events scripted mailing

With the Arbitration precedents case a20090525.1 "Event officer request recurrent notification to assurers near the location of the following ATEs" a scripted maiiling procedure has been implemented back in spring 2009 that assists Event Organizers to contact Assurers near their location. This scripted mailing has been used several times:

for event organizing or for event announcement.

A total of 16 mailings with 14245 recipients (approx 890 recipients per mailing) within the last period.

The overall result was a success as Event Organizers found assistance by Assurers or people comes to the Events.

Push AP to Community

Joost The push of AP into the Community could be concluded as a big success, since started early 2009 and can be seen as finished. At all bigger and smaller events Assurance now were conducted by AP. Assurers takes care about the Assurance statement, to not only check identities, also to check the Assurees to be bound to CCA and also bound into Arbitration. The training to our new assurers still continues.


ATE / co-Audit Team Report 2010-2011

Joost Co-audit team season 2010/2011 work started back in February 2010 at Fosdem Bruexelles with the co-audit definitions and finalize at Cebit 2010 so the co-audit season was launched at Cebit 2010. Since than

did happen with

ATE tours

Board supported ATE's in Australia mainly to find new board member candidates for the CAcert Inc, to fulfill the new Australien Associaton Act, that requires 3 Australien directors. So this also helps the ATE team to push ATE's in Australia and doing co-audits in Australia.

Ted Secure-u voted in their December 2010 AGM to support CAcert's ATE tour for Germany.

An ATE Tokyo has been prepared and a presentation has been held by Peter Yuill dated 2011-03-05, but the later discussion it has been downgraded to a regular assurance event and the 3 educated assurances given to be seen as a training for doing co-audits for the new prospective co-auditor candidate Peter Yuill. It has been shown, that most of the attendees only wants to receive assurances.

ATEs that did happen in a series of more planned ATEs

  1. The Australien ATE tour that started with ATE-Sydney 2010-03-24 continued with
    • ATE Canberra (2010-10-12) (*)
    • ATE Melbourne (2010-12-16) (*)
    • ATE Brisbane (2011-01-24) (*)


  1. Germany ATE's
    • ATE Essen (2010-09-25)
    • ATE Aachen (2010-10-04)
    • ATE Hamburg (2010-11-05)
    • ATE Muenchen (2011-04-02)
    • ATE Bonn (2011-06-08)
  2. ATE USA tour
    • ATE Washington (2011-06-18)
    • ATE New York (2011-06-19)

ATE presentations

Mario There were some plans to rework the ATE presentations that have been used back in the ATE 2009 tours and the beginning 2010 ATE tour. From Assurance Officer there were a couple of new topics received that needs to be added to the existing ATE presentations and also to update the Audit presentations. In a series of ATEs the presentations gets updated step by step upto current last state v4.6-Bonn. The presentations are available in English and German language and are located in the SVN

Co-Auditors documentation

A wiki page has been created to document the co-auditors team and their work. This can be found under:

Co-Audit Season 2010-2011

Co-Audits were pushed for Germany, Australia and the USA.

A co-Audit for Japan that was planned close before the Japan disaster did not happen in a way as expected, so it was downgraded thereafter to a regular assurance event.

Report on 2010 142 coaudits in series 2010


Report on 2010 / by country 142 coaudits in series 2010 / with categories by country

Co-Audit Budget

Board has funded ATEs in the AU for the search for new Inc members that may become potential board member candidates to fulfill the Association Act requirements of at least 3 board directors to be NSW AU citizens. So this run's side effect was, that it also supported the ATE tour for AU.

A second sponsoring has been pushed by the Germany Association Secure-u with their December 2010 motion, to actively support ATEs in Germany. So at least the ATE Munich did happen.


The ATE's with $0 costs was paid for the rides and/or accommodation by the individual co-auditors and speakers. There is no overview for their effective costs present. As an example: ATE Hamburg - 3 co-auditors traveled around 500 + 150 + 250 km's with travel expenses of approx 200 Euro. The room was sponsored by a local group. Approx. effective costs may vary from $50 upto $200 per near local ATE but may break the $500 barrier for long distance ATE's. eg. The planned ATE Tokyo (that has been downgraded to a regular assurance event) costs included at least a long distance flight and also accommodation, but hadn't been presented to the community.

Uli An optimistic approx rating over the effective costs for the above listed ATEs is approx $3.000, only $1.290 (43%) had been refunded, the rest was paid by the co-auditors, speakers and event organizers.

Co-Audit Summary and Analyse

The result is more than the Audit 2009 score in error rates. With about 37% error rate in missing CCA agreement checks and about 47, thats nearby a 50% error rate in any data checking on the CAP form (upto 3 errors tested) the overall result shows, that Assurance and Education area has a lot more to do, to train our Assurers, to educate them, to check more on at details. CCA agreement check error rate decreases once the Assurers attended an ATE. Non yet ATE attended assurers are more likely fail on the CCA agreement check. Also some relationship in ATE attendance and decreased error rate in data checking can be seen in the co-audits by country overview, that also lists the count of ATE attendance (2nd most right column).

As in the 2009 ATE series many old 35 pts assurers attended ATEs, in count of experienced- and senior assurers attended less the scheduled ATEs. We've more fresh new assurers on our ATEs (this also happened at ATE Tokyo, were from 16 attendees only 3 attendees had assurer state).

The co-audits in Belgium, France and the Netherlands were checks on the fly without an ATE (only 20%-50% attended an ATE yet).

Alexander B. The high error rate for France can be argued with the language barrier. Most of the essential documents are written in plain English and with the well known resentiment with English language by native speaking French people - this can also be seen in CAcert's community activity by French members, the few that are active in the community are also understand English quite well, Arbitrations with French members often needs translation into French - one outcome maybe a translation campaign for the essential docs like the CCA translation project. But this needs resources by the local communities.

The other path to adjust the results is to push more on ATEs, not only in the well seeded countries, also in the less well seeded ones.


Assurance Team Report 2010-2011

The Assurance Team report covers the time starting mid 2010, where the co-audit season was opened.

Subpolicies work

TTP-assisted-assurance program

TTP-assisted-assurance policy has been voted to Draft 2010-09-13 by policy group vote p20100913. The following deployment that is needed to bring this policy start working started slowly and continues slowly: Documentation has started under TTP in the wiki. The deployment has been splitted into several tasks:

One of the blockers is the ongoing discussion: "What is a by CAcert acceptable TTP?" and the 2nd essential blocker - the system implementation. As long the bugs bug #863, bug #864 and bug #888 are not fixed as long the TTP assisted assurance program cannot go online. The bug fixes is under the Software-Assessment project team task and is still in the work queue.

Find informations about acceptable TTPs for each country relates to the OA area, so therefor OA area is also involved into the TTP assisted assurance program deployment.

In current report period 0 TTP-assisted-assurances were made.

PoJAM assurances

The assurance subpolicy PoJAM has been voted to DRAFT 2010-01-19 in p20100119. PoJAM has been deployed with documentations in the wiki under PoJAM and with a section in the Assurance Handbook A parental kit has been deployed with an additional parental consent form that looks similiar to a CAP form that can be used by a Junior member to present the assurer in an assurance.

The topic "PoJAM" has been added to the ATE presentations to train our assurers.

Despite the fact PoJAM has now been deployed in practice, several reports received Assurance officer that this special assurance program has been used in practice, but there is no exact count of PoJAM assurances done available.

No reports received about Junior assurers until now.

From a couple of assurances from several events by different assurers the response is that this special assurance program works in practice. We've observed some Junior members at events who came with the signed parental consent form and we've also discovered that the assurers followed the procedure outlined in the documentation and presented in the ATE presentations. So to summarize: PoJAM has been deployed and is still working at least for the members part. My recommendation to policy group is to vote PoJAM to Policy.

The expectations to push the CAcert assurances program into schools and to encourage new young members hasn't been fulfilled right now. In the meanwhile there are some issues that moves this topic to organisation assurance area to do an OrgAssurance with schools and handle all assurances under the Organisation Assurance program.

Assurance: A Wider Purpose

Uli The Assurance program that follows AP has been advanced by AP to check also for the acceptance of the CAcert Community Agreement. the Assurance Policy therefor includes "A Wider Purpose!"

But this is not the only one issue.

The advanced "Assurance" also enhances CAcert Support by adding verification in a Password Recovery process or Name change after marriage. These processes have been ruled thru arbitration that assurers may assist Support in standard support issues by doing an assurance and gathering additional facts. This has been named "evidence gathering".

These cases have been announced thru blog and have been added to the ATE presentations.

Advancing Rules and Practices, Documentation

We have received several new updates on name issues that were documented under the PracticeOnNames that now has been incorporated under the Assurance Handbook.

A seashift has been reached by the new Hyphen-rule ruled by arbitration that simplifies the international handling of hyphens in names. Instead of handle each local hyphen rule individualy CAcert now has an international standard that assurers can follow:

In short: CAcert can not enforce every aspects of national laws and customs.

The 2009 Audit spotted a problem area in assurances with dates. 50% error rate in assuring dates has been picked up by the Assurance team, the Co-auditors team and the Education team, to find procedures to shrink this error rate. Within the ATE series of 2009 the training has discovered a decreased error rate down to approx 20% error rate. The 2010/2011 ATE series with a 3rd check on dates results in a reduction below 10% The result can be counted in reduced Arbitration cases with this issue regarding false DoB issues and also discovered in the latest co-audits.

This issue also shows the quality of service control mechanism that co-audits helps to make our services better, identifying problem areas, put these issues to the aganda of the Assurance, Co-audit and Education team, find a solution and rollout the solution in the ATE series.

Now, 2 years after AP has been rolled out to the community we observing an increase of country variations. One country variation that we've received thru a bug report is bug #920

that clashes with current system implementation (system checks and requires both: givenname + surname)

With the Assurance event Tokyo beginning March 2011 an increase of non-EU seeding can be seen but its far behind the expectations. The TTP assisted assurance might be an option here, but this program is behind the schedule.

Assurer Training

Changes in the Assurance area has been announced thru blog posts and has been documented in Assurance Handbook.

ATE presentations have been updated with the new topics. The ATE presentations can be read in the SVN under that follows a revision number.

New assurers gets trained by experienced assurers thru the "educated assurance" program. This program is not new, but gets named and documented: Assurance/Procedures/EducatedAssurance

The question wether educated assurances follows the co-audited assurances -or- the co-audited assurances follows educated assurances cannot be answered exactly, as educated assurances has been made before co-audited assurances started in spring 2009 and the wider purpose check in assurances started with AP and the AP rollout, but to conclude: the process is now documented by following our Principles of the Community

This concept has also found its way into the TTP assisted assurance subpolicy thru the TOPUP process. This process had been tested once thru a remote interview in a prospective co-auditors training.

Individual Assurances followed AP

From all the received events reports all assurances given followed Assurance Policy. All problem issues that have been reported in assurances had been transfered into arbitration.

So from AO's point of view, the Assurance Program follows all given policys. The AP rollout can be declared as finished so far.

Organisation-Assurance (Part 1)

OA administrative

The Organisation-Assurance program was in a mess starting mid of 2010. A few working Organisation Assurers worked under their existing policys but seeding new countries stalled. One question that blocked the OA's was the policy definition that new OAs needs a supervised training from 2 existing OAs before they might become OA. A request to become OA for Belgium started the discussion if the supervising OA must be from the country where the request comes from, or if other experienced OAs can supervise the prospective OA. The process to pass new Organisation Assurers can be answered in short:

  1. a prospective Organisation Assurer needs training thru 2 supervised Organisation assurances before he can be nominated by board motion
  2. the two supervising OAs does not need to be from the same country as the prospective OA. This means: all OAs also from other countries can do the supervising OA

Seeding Organisation Assurance in not yet seeded countries needs some more time as in this process also a OA country specific deployment needs to be started. This process may result in a new country specific OA subpolicy, but this process doesn't block any prospective Organisation Assurers in becoming OA in a new country.

By mid of 2010 the responsibility for the Organisation Assurance area was unclear. By default: all vacant officers roles are held by board. Organisation Assurance policy defines under 2.1 the "Assurance Officer" to be responsible for the OA program. In discussions with the Organisation Assurers an Organisation-Assurance-Officer has been proposed. So this open question was unhandled until May 2011.

Despite the fact this question was open till May 2011 AP referes under 0.3. Related Documentation - See also Organisation Assurance Policy (OAP) so that OA area is to be read that it is under AP control. In the discussion between Board, Organisation Assurers and Assurance Officer the Organisation Assurance Officers role has been defined to be responsible for the Organisation Assurance area. If this position is vacant it is filled temporarely by the Assurance Officer. This process finished in the nomination of Marcus Maengel as Organisation Assurance Officer with board motion m20110501.4

OA documentation

Starting with OA documentation review, I've discovered that there are several OA policy revisions around. The OA policy located under the main policy repository that is has been updated to The policy decision p20080401.1 referes to the SVN revision to be the official OA POLICY that clashes with current revision under This needs to be handled by the new appointed OAO Marcus Maengel.


Organisation Assurance Report (Part 2)

Statistics by 2011-06-30




Jul 2010 to
June 2011

Running on

















































Grand Total




In the last reporting period, three new Organisation Assurers were appointed by the board: Andreas Albrecht, Andreas Bäß, and Marcus Mängel. Marcus Mängel was appointed as Organisation Assurer Officer in May.

12 organisations were successfully assured, 10 assurances were ongoing by the end of the period.

In June was a telephone conference of the German Organisation Assurers as preparation for a larger meeting in the next period to see how the organisation assurance can be managed in the future and assist to develop bootstrapping strategies in other countries.

As the Organisation Assurers should support the development of the TTP programme, there were many discussions with the Assurance Officer and Organisation Assurers to start the bootstrap for the US. It is aimed to finish the process during the next period so that the TTP programme can be enrolled step by step to CAcert deserts.

CARS Marcus Mängel (Organisation Assurance Officer)

Support Team

Michael Joost The Support Team basically continued it's stabilised operations as reported in the beginning of the year


We had some more new additions to the Triage team, namely Fabian Knopf (who is now on the road to SE), Richard Trabing and Marc-Oliver Hofmann. Former Triage Team member Marcus Mängel has been appointed as Support Engineer and has done quite some work since then.

Team Meetings were held less often than we would have hoped for but posed a good opportunity to talk about issues that weren't immediate enough to be discussed on the mailing list but nevertheless needed discussion. The last meeting took place just a few days ago at the FrOSCon (in real life, yay).

As my personal focus has been shifting towards software development lately, I have sought to hand over team leadership of the Support Team. Joost Steijlen has volunteered to take over but that has not happened yet due to real life intervention. We hope to get this sorted out soon.



Our experience with the Password Recovery with Assurance has been very good. So good that on the last meeting the whole team expressed that we want to get rid of the old password reset procedure in favour of this more secure and overall improved procedure. The lost password questions will still be available but the procedure that was triggered when those failed, which involved relying on PayPal, some other dark magic, smoke and mirrors will be fully replaced by the Password Recovery with Assurance which relies on our network of Assurers to re-authenticate the user.

Since the end of last year the Support Engineers have handled 512 tickets. In addition to that there were more than 2738 emails classified as spam, 8051 non-delivery notices, out of office notices etc. (most of them handled automatically) and 639 tickets otherwise already handled by the Triage team. Unfortunately there were also some cases where things went wrong but the reaction was always very quick and transparent so not much harm was done.

We managed to keep response times pretty low. Most often under 24 hours until the users got the first reply.

The Todo List

Marcus Here's a short review of the items of last report's todo list:


Future to-do items will be determined by the upcoming Support Team Leader.

Michael Tänzer Support Team Leader

Spirit Team Report

AGM/TeamReports/2011 (last edited 2011-11-28 02:39:01 by UlrichSchroeter)