= Management Sub-Committee status of actions 20080403 =
== Pending action points: ==
=== Dispute Resolution ===
 * email list of case managers and arbitrators, no news
 * any cases?
  * case [[http://wiki.cacert.org/wiki/Arbitrations/a20071205.1|Jazbec]] has had final ruling. GR is case manager.
  * new case on name (Warnat). GR is case manager.
 * M-SC asked for CeBIT report, no feedback yet. No cases filed arising from CeBIT.
=== Assurance ===
=== Policy list work ===
 * '''teus''' chart is in wiki and svn tree. Wiki updated. Table updated. Need to chase person on the lead of an Office.
 * OA, M-SC has taken the lead for OA. Pending in AT 1, US 3, AU 1-2, CH 2, SE 1, IE 1, FR ?.
  * CH is stalled. Teus is chasing got ref from SC.
  * OA AT: sub-pol is in draft. p20080310 is recorded.
  * OA USA: GS, GM + RJ no reactions yet,
  * general COAP init by Sam?
  * AU COAP needs dns record discussion.
  * OA AU: voted on 2st of April.
  * OA IE. SJ initiated similar to OA AU, need extra vote from IE
   * SJ from Ireland
  * feature request for DNS control check?  '''evaldo''' to chase OAP (main one, not subpol):
  * countries/areas which have no OAs nor a subpol. Proposal to change OA Pol.
   * voted on 1st of April, added to Pol Decisions and svn tree.
   * give it 2 weeks for spelling/typos to appear in formal draft policy.
  * wiki on OA; SJ seems to get on with this.
 * how do we check who is an assurer?
  * now CATS passing-marks are in the database is easier
  * overall question still stands for the Assurance process
 * privacy/public status of the information in the certificates
  * cert numbers
  * name
  * DPA issue policy discussion: DoB drop request, no clear vote.
   * dropping the DOB ''and'' making all cert info as "public" means practically all DPA/PII data disappears.  Big win!
   * internal discussions with Sam, M-SC, Philipp on DPA
   * DoB on user initiative?
 * code-signing policy
  * TH made proposal to [policy] for basic claims plus optional claims (still to do)
  * code-signers enter into a contract
  * modeled after the Creative Commons concept
  * code signing: proposed signer agreement and signer statements/claims  Then policy write up
 * Dutch DPA authority statement that it is forbidden to copy passports
  * do all passports copies need to be dropped?
  * what about old Assurers?
  * some very early Assurances were "send photocopy to CAcert Inc" ... what to do?
  * board question is whether the board decides to unilaterally drop their copies and their requirements.
  * '''Teus''' announced this decision to policy list:.
   * need to announce to all Assurers to destroy
   * need a dispute filed to ask Arbitrator to order all passports copies to be destroyed.  (i) Assurers, (ii) CAcert Inc., (iii) support IMAP mailbox.
  * policy question is whether to delete and drop any and all requirements.  '''Teus'''.
  * priority is not high, but we need to progress the question
  * add a CATS question, when we have a result
  * related question:  Identity Numbers (passport numbers, identity card numbers) were and are being written down on CAPs.
 * Tverify ==> subpolicy for other CA's members.
  * Tverify needs subpol to be written, on ToDo.
 * TTP
  * need a subpolicy (propose a new policy) proposed
  * due to help request it is proposed. Discussion started.
 * Junior Assurer, below 18 years of age
  * need a subpolicy for Junior Assurer
  * there are about 30 or so...
  * 10 points allocatable only.
 * Senior Assurer, people who have reached 150 or beyond?
  * need to drag out the wip doco and think about it
 * php and wiki list to compile for text changes due to policies
  * new e-mail cert form request php id
  * new certificate request page text
  * translation is an issue
  * translingo is back but still a good idea to move to rosetta?
 * trial started for form fields in pdf/OpenOffice : trail on CAcert Inc. forms and COAP forms.
 * need PDF/OpenOffice signature features/tooling
=== CATS ===
 * 2nd sysadmin, has he been added yet?
  * '''Evaldo:''' Add Ted.
  * Evaldo is changing the test system, when changed, can bring in new sysadms
  * Current server goes down soon, new server is online.
  * Sonance requests one VM for DNS/mail failover.
  * can over the same in return
 * Bernhard has reported: ''for those interested in such things here is a current status of CATS:''
  * 341 different certificates have passed tests (ask Sourcerer how many different users, I'd guess more than 300)
  * Since CeBIT (about 100 tests on CeBIT saturday!) there have been 5-10 passed tests per day
  * I have created about 150 documents for passing the test, including 27 printed ones
  * The passed results are already imported into the CAcert database
  * User interface for viewing passed tests is in code review
  * Admin interface and other related code changes are in (slow) progress
  * The great majority (>90%) of users who have requested a document have been german speaking (DE/AT/CH). Only about 5 non european Assurers (judging from email adresses)...
 * need to mention that the Assurers will be chopped off
  * Teus: how many Assurers have 150 points?  Ask Philipp.
  * how many Assurers are active today?  In the last 6 months?
  * if number of active Assurers (last year) is N, then 25% should have it before we impose a deadline.
  * Ted to chase PR?  Ask Ted whether he can ask Greg + Henrik to generate some PR?
 * Challenge-passed
  * report over to core system, status of that?
  * '''iang''' to chase:
  * implementaton of Challenger-passed mark into the database is pending?
  * teus reminded Philipp. No action yet seen.
  * assurer mark for challenge passed assurers
  * ask sysadmins for this http://bugs.cacert.org/view.php?id=499 is progressing: Current status:
   * Import interface (CATS->CAcert DB): In code review
   * User interface (showing passed tests in CAcert account): Coding with low intensity
   * Admin interface (modifying results): pending
=== Other ===
 * Assurance promulgation plan
  * main web page has been updated
  * logo is in
  * housestyle adoption is pending, johan says he has access to test system.
 * teus wants metadata on the page for the policies.
  * on the todo list
 * Changes
  * Principles should be somewhere too
  * these are recorded as task on RolloutCommunityAgreement
=== Systems work ===
 * new team members
  * Evaldo to present list
  * several prospects for non-critical servers, positive
  * [[CharlieGarrison]]
  * Nagy (hungarian)
  * Matthijs M
  * ishbir
  * Jacob S
  * amessina
  * premrara
  * kim H
  * shaun L.
  * thomas w (association member) salzburg
  * Sam J (CISSP, SAGE[-AU,-IE], Google Apps)
 * questions (however brief) for 20080326
 * proposal for new non-critical members for 26th...
 * Philipp has initiated task list on wiki
 * establish good cooperation between PG and EG (trial TH)
 * seem no cooperation between PG and EG on this. Teus asked PG.
 * agreement on 29th by M-SC+pg
 * Cachaca project drafted: to be decide:
  * need speed.
  * philipp is back from link protocol
   * need to assess amount of time he has available
  * NL team will need 2 people in sysadm team to meet dual control criteria
  * request for costs is implied
 * preparations in Brazil, in "production with test systems"
  * had got close, but disks got reallocated
  * starting again, but this time with documentation
  * doco not yet published
  * should be part of the security manual
 * remote work? how to do the reboot remotely?
  * prepare the kvm before flight?
 * Plan proposed to board???
  * M-SC decision is to build the team to move the system to Netherlands.
  * Evaldo is to start that team.
  * Philipp is providing the software to Evaldo.
  * incorporate tonight's changes, circulate plan, and then send plan to board.  '''iang'''
== Admin ==
 * Funding
  * from Audit Project?
  * AtC funding needed?
 * NL move
  * USB link installed, serial line was also requested by PG. Status?
 * chase status of more admins failed with PG.
 * create systems committee
  * Evaldo compiles req list '''For systems sub-committee? We said it is not exactly needed'''
  * need closed group nomination policy?
  * bounce back ideas and create a proposal to board: '''all'''
 * link
  * serial not on Suns
  * Spare Tunix firewalls PC has them
  * or use USB, or use Ethernet, device nodes available?
 * software
  * decision taken by board sw to go to EG
  * familiarisation with sw is started
  * Some pieces are already sent, missing many pieces still, but probably able to create a working set with the available data already
  * Virtual machine with signer is installed, missing OpenSSL profiles
  * Virtual machine with web application is in progress, missing some bits and pieces
 * Support team
  * new member was discussed (problems: not assurered, possible conflict of interest with his work)
  * notify ggr + rob of situation: done, Member not invited.
 * admin team: Daniel, Ted, Michael ???
 * check OCSP/CRL distr systems (Philipp request)
  * not clear what check is required
  * outline of concerns by Evaldo to M-SC:
   * '''a CRL distribution point that is NOT UP TO DATE is a big denial of service on revocation (unable to properly revoke and send the message out)'''
   * '''a bogus OCSP server can declare legitimate certs revoked, and vice versa'''
   * '''Even if we decide to remove a DNS entry for the bad servers, DNS caching might hurt us'''
  * '''PG asked for status'''.
  * iang to talk to Pete S
  * are these critical systems?
   * nothing much on them
   * DOS for revocation checking
   * certificate could be used for a social engineering attack
  * teus chase philipp with questions. Done.
  * OCSP/CRL usage stats: 5000 p/mnth (PG)
  * outage stats OCSP routing: 25 mins/mnth (98% uptime) (PG)
 * getting sources up and available
  * good to get the board to finalise the licence under which the source code is to be issued.
  * agreed that CAcert is to own the full rights, as per the FSFE tfr agreement
  * proposal to board to be written up on that basis '''iang'''
  * '''iang''' to review GPL[23] again :(
=== House Style ===
 * new logo is in
 * web style has not been incorporated ... (promised first week Febr) to be incorporated.
 * No action caused ripple effect for events. New request on 13th of March with one week to results.No success.
 * request for access on test system by Johan. Also on 13 March email to support.  '''evaldo''' to chase. Done.
 * advertisement handling (teus: status unknown)
 * cert button (teus: status unknown)
 * advertisements in wiki pages does not mix well with style (SJ).
=== wiki ===
 * wiki pages update in progress by M-SC (teus)
  * more people to help for doco
  * now in svn: Doc Policy work-in-progress, early stage, not near to DRAFT
=== Audit ===
 * workplan for audit work and preparations.
  * MoU with Ian is in place.
  * start real/formal audit requires '''NL move + dual control'''
  * preparations
   * policy Assurance Policy
   * press release
  * rollout plan: policy progress
  * where we are now, write statement of where we are
  * look at the report sent to board in around January.
  * rewrite this for up to date comments, plus the needs in the MoU.
   * add bullet that MoU is now in effect, has ramifications
  * timeline, operations.
  * defer discussion until we have had a chance to review the MoU.
  * look for MoU and get it to the SVN.
 * security manual. Is on wiki. Seems Pat need better help. Chase PG.
 * NLnet-MoU
  * need announcement press release, but defer this until after agreement with auditor is reached
  * RC received first 9K
  * documents now on website
 * real audit can only restart when systems are completely moved to NL Need date (Cachaca project and/or PG last trial; GP seems to be stalled on serial/link protocol.
 * need link from main web site to audit pages.
== Committee meetings ==
 * AGM and board minutes need (board) review
  * iang has now read the minutes, '''and will review them again!'''
== Assurance Events ==
 * Need CeBIT report (Teus asked twice Jurgen/Mario)
=== CAcert Associations ===
 * Policy on Foundations and Associations: to be updated
  * introduce it to the policy list
 * secure-u commitments, still pending, still under negotiation
 * for example, funding earmarked for CAcert should be controlled by CAcert (board notice?)
 * if local funding is raised locally how to get properly in control of CAcert?
 * finances for meetings
 * non-profit issue raised
  * needs a change of CAcert Inc. by-laws
 * SGM called on 4th April for Association
  * needs reminder on 1st of April.
  * mail has gone out to members of the Association
  * within 3 weeks so it is enough notice to change the rules
  * is in hand
 * board asked M-SC to do the preparations for the AGM
  * date: 20081107 23:00 MET.
 * two new applications for membership: PG (nominated?) and SJ (ready to go).
=== PR / Marketing ===
 * flyers/CAP/COAP, CCA printouts, sources Teus: they are in the svn tree now. Try out for form fields. OOo generates OK PDF. OOo signing OK. PDF signing only from commercial packages.
 * presentations in svn tree (inclusive some old ones).
 * teus restructured svn tree (from flat to some hierarchy)
 * overview of events in wiki needs update. MS!
=== M-SC finances ===
 * finances for meeting travel
 * equipment funding?
== end of action points ==