Committee Meeting 2010-04-18
The meeting will take place at 21:00 UTC in the IRC channel #board-meeting on the CAcert IRC network.
Feel free to add a business within the acceptance period or your question to the board below.
- Prepare minutes from last meeting
- Put motion to accept the minutes
- Summary of cacert-board-private list since 2010-04-03 and reason for privacy
- Update action items
Outstanding From 2010-02-02
contribute to discussion on Board/Community goals on board email list
Get automatic sending bit on the key persons list that I said I'd do ages ago.
waiting on Nick to deliver list
First payment received. Second paid 20100321 - received(?)
Pay Ian (old audit debt related)
Paid + received.
Westpac to change to a single signatory to sign payments in accordance with AGM rule change.
on hold, practically status quo tho
revisit more signatories once current mess is sorted out
Write up AGM minutes
Association rules on wiki
Outstanding From 2010-02-21
Find out from US bankers whats required to open an account
Prepare summary of payment options / investigation for association
progress - not complete
Propose Walter as Events Officer as out of band motion
added to agenda + m20100327.1 in progress
Triage personnel not covered by ABC - revisit on policy list
Keypersons list, finish the excel spreadsheet and emailing it out
discuss team leadership with access team
Contribute towards root escrow / recover discussion
Comment and discuss COI procedures
Outstanding From 2010-03-06
Board/Community Goals - get an overview
Board/Community Goals - come up with one or two items to look at and then to decide a priority and a timeline
Board/Community Goals - 6-12 month position statement
Status report of current projects
Status report of current officers
OTRS updates (clarity needed here)
Install Meetbot for next IRC meeting
Email list (members) about US banking options
Outstanding From 2010-03-21
Create dual signing server escrow method
Create motion for deciding on a escrow method
deferred - waiting for review. This action not decided properly
Review escrow methods and decide
Review second Oophaga letter
Lambert and Nick
Informal contact via email with Oophaga
Informal talks with Oophaga
Outstanding From 2010-04-03
prepare Oophaga final letter
Oophaga instigate informal contact
Lambert and Mario
propose to the Members list an opening statement on the implementation of Rule 23(B)
- Chair opens the Committee Meeting
- Who is making minutes?
Businesses Important Note: Acceptance of Businesses 48 Hours before beginning of Committee Meeting latest!
Organisation Assurance - added by Iang
- following on from last meeting
- motion to place account under SP;
- dispute filed to block OAs (if necessary)
Applying old SP to our critical teams - added by Mario Lipinski
- Since we have no SP for now, there are no rules for our critical teams, should we pass a motion to bind them to the old draft SP or do we just trust them?
Business added by Your Name Comment: Replace "Business One" by Title of Business and add your Name
Additional Inputs Comment: Replace "Additional Inputs"by Description of Business, Description of Reason-Why/Purpose, Additional Comments, Additional Documents, Additional Links, if useful for other Committee Members to prepare for Committee Meeting.
Meeting Schedule - added by Iang
- Saturdays and Sundays?
- one possibility is if we swap the hemispheres, and use European morning with Australian evening.
- et cetera
Question Time Important Note: Questions from CAcert.org Community Members can be added until beginning of Committee Meeting! As well questions can be asked at "Question Time", without added Question here
Question One added by Your Name Comment: Replace "Question One" by Your Question and add your Name
- et cetera
Confirm the next Committee Meeting: 2010-05-01 22:00 UTC.
- Chair closes the Committee Meeting
Minutes will be written once the meeting is finished.
21:02. Lambert asked Dan to chair the meeting. Dan opens the meeting.
Minutes. Dan asked if Ernie was taking the minutes, but no response seen.
Iang expressed a preferance to have the minutes agreed in the next meeting. Dan did not think it was worthwhile. Lambert said we discussed that minutes must be accepted before start of meeting However, we can already vote to accept before meetong starts. Dan had not read them in great detail. Iang thinks it is harder to proceed with the meeting without accepting the last minutes.
Dan comments that he wants to see the list of action points in the meeting, Iang does not see them as being part. Dan is frustrated at wasting 9 minutes.
2.1 Organisation Assurance
Iang enters notes:
At last meeting, we found that any Organisation Assurer can by some means or other take over the CAcert account and issue certs for the main domain.
This is a hole in the security architecture.
Since then, 2 things have been done. The account has been declared critical by m20100404.4, and therefore now under Security Policy (assuming its efficacy).
Secondly, I have filed dispute to have the account blocked in some fashion, following SP.
How it is to be blocked is an implementation detail as yet unknown.
What this leaves is 2 burning questions.
Firstly, we need a proper security response -- specialist advice, analysis, decisions, software patches, governance changes. We don't have that, at least not according to this case.
secondly, the dispute filed was an important one. under SP we need someone to deal with incidents and rule on any things outside the rules. This dispute did not get handled quickly, and as of the moment, it has no Arbitrator. This also suggests that Arbitration is in trouble.
Discussion. Ernie does not agree with blocking all organisation assurers. Mario asks which policies are applicable? Ernie says it is possible to exclude CAcert from the list. Dan asks whether we have software analysis, and can we make a decision without it?
It is confirmed that O-Admins cannot add/change domains, but Organisation Assurers can. Is the intent to block organisation assurance or Organisation Assurers? Iang says it is an implementation detail, unknown as yet.
Ernie states that it is possible to exclude CAcert Inc. Law comments even if cacert is just included from the overview list, I still can change the admin list by just exchanging parameters in the requests. Software has to deal with this issue.
Some discussion about what the board can do. Fact finding? Arbitrator? It is not clear, and nobody is asking for anything right now. Consensus that the board meeting is not the place for it. Opinions differ on whether this is a security hole or not. Ernie and Mario feel that it isn't a security hole, but Iang says he does not see an explanation of why it isn't.
Iang says Board should be looking at the absence of response. Some discussion on Arbitration, and why it is not picking up this case. Lambert said he'd check the Arbitation situation. The board was de facto organisation assurance officer at the moment. Lambert asked Mario to report on the issue to the board. Mario agrees, but declares a potential bias.
2.2 Applying Old SP to our critical teams
Agenda question was Since we have no SP for now, there are no rules for our critical teams, should we pass a motion to bind them to the old draft SP or do we just trust them?
21:37 Lambert reports that Wytze and team sees Security Policy as leading to all they do. Iang comments same for Support Team members. Some discussion as to whether it is binding, yes, on the critical teams. But not outside the critical teams. Have the teams agreed to a particular version? Iang states, to all versions, as a "position" to put to the Arbitrator. If there are more than one version, then a discussion might happen, but we can reasonably accept that risk.
Mario asks what harm a motion to make it binding over teams might do? Iang responds that it might raise a liability issue in a serious event. The situation is that the policy group creates the document, the teams follow the document (according to status) and the Arbitrators follow that trail. If the Board declares a version of the document to be "binding" this creates two views over the same document, and where they disagree, there will be an added confusion. But, Iang admits, that's also a small risk.
Dan summarises that there is not consensus that Board needs to enforce the SP (any more than already done). Team leaders need to inform their teams.
Editor's note: there is no point 2.3
2.4 Meeting Schedule
Agenda question: Saturdays or Sundays? Swap to European Morning?
Some discussion. Mario reports he is also in USA, Pacific side, until end of May. Iang comments that Nick has not been able to attend for a while, not likely to change.
Discussion about swapping to European morning. Ernie and Lambert do not like mornings in the week.
Consensus to defer this to the list. Dan agrees to coordinate.
Ulrich notifies of the DNSSEC community's work on escrow of root. They have a "Keyholders by Community Members" project:
The are searching for volunteers, but the price was high: have to fly to USA 4 times per year on own cost. There is a PR possibility here, but no easy way to participate. We can read their documentation to get their experience.
Consensus to organise the next meeting on list. Meeting closed.
mYYYYMMDD.#: Motions from the meeting
[07:02am] Q: [07:02am] dan: dan declares meeting open now [07:02am] iang: my body has needs that don't submit to standards [07:03am] dan: Q asked me to chair [07:03am] Q: I've asked Dan to take the chair, since I am constantly sneezing and coughing [07:03am] Q: right [07:04am] dan: giong to leave accepting mintutes to out meeting motion [07:04am] hugi joined the chat room. [07:04am] dan: 3. taking minutes - ernie was volunteered last time - still possible? [07:05am] dan: 2.1 OA [07:05am] iang: i'm sorry, i don't understand that. some expressed last time that we preferred to have the minutes accepted in the meeting? [07:06am] dan: i'll need to reread. seems like a waste of time to me. any objections with minutes as written? [07:07am] dan: object on list if you do - out of band acceptance motion can be done. [07:07am] iang: it is just such an accepted part of meeting procedure that changing that should be taken with care ... i am not sure of the ramifications. [07:07am] Q: If I remember correctly, we discussed that minutes must be accepted before start of meeting [07:07am] Q: However, we can already vote to accept before meetong starts [07:08am] dan: i honestly haven't read them in great detail. [07:08am] iang: one ramification is that if the minutes are not accepted, it is hard to proceed with the next meeting (not that I can explain that in detail) [07:08am] iang: then, can we just move that the minutes of the last meeting be accepted? [07:09am] Q: second and aye [07:09am] iang: aye [07:09am] dan: naye [07:09am] law: aye [07:09am] ernie: aye [07:09am] iang: nb: here? [07:09am] dan: ok - motion to accept minutes [07:09am] Q: (question: mark and nick not here?) [07:10am] dan: naye from me so far as I don't see a list of action items from it [07:11am] dan: but i was going to look at that offline. [07:12am] iang: i'm unsure if the action items are part of the minutes or not ... i probably wasn't at the meeting where this was discussed [07:12am] dan: as ususal 9 minutes have been wasted so far in procedural shit so i'll get a motion done for the next three days - we'll accept the content for now and move on to2.1 [07:12am] iang: (which is why i did not copy them in) [07:12am] dan: more documenting from the meeting. [07:12am] dan: than carring them over [07:13am] dan: 2.1 OA - continueing from last meeting [07:14am] dan: iang: all yours - what about OA is it you wanted to decide on? [07:14am] iang: ok, my notes on the subject: [07:15am] iang: At last meeting, we found that any Organisation Assurer can by some means or other take over the CAcert account and issue certs for the main domain. [07:15am] iang: This is a hole in the security architecture. [07:15am] iang: Since then, 2 things have been done. The account has been declared critical by m20100404.4, and therefore now under Security Policy (assuming its efficacy). [07:15am] iang: https://community.cacert.org/board/motions.php?motion=m20100404.4 [07:15am] iang: Secondly, I have filed dispute to have the account blocked in some fashion, following SP. [07:15am] iang: https://wiki.cacert.org/Arbitrations/a20100404.1 [07:15am] iang: How it is to be blocked is an implementation detail as yet unknown. [07:15am] iang: What this leaves is 2 burning questions. [07:15am] iang: Firstly, we need a proper security response -- specialist advice, analysis, decisions, software patches, governance changes. We don't have that, at least not according to this case. [07:15am] iang: secondly, the dispute filed was an important one. under SP we need someone to deal with incidents and rule on any things outside the rules. This dispute did not get handled quickly, and as of the moment, it has no Arbitrator. This also suggests that Arbitration is in trouble. [07:15am] iang: (end) [07:15am] ernie: I don't agree to block all OA [07:16am] ernie: OA-assurer to be exact [07:16am] dan: so this is just CAcert's OA we're talking about [07:16am] law: so against which policies are the current procedures? I do not see any problems... [07:16am] ernie: you can also exclude cacert inc on the list, where the OA's fill in the assurances [07:17am] ernie: dan, I understand, that there are all OA-assurers should be blocked [07:18am] dan: if we don't have the software analysis etc can we actually make a decision? [07:18am] ernie: iang, from what you are speaking when you say "OA" [07:18am] iang: ernie: above i don't mention OA? [07:19am] ernie: iang, dispute filed to block OAs ..... [07:19am] Q: Ian, if I recall correctly, every OA can request for other organisations, right? So not just the OA for CAcert, but also others? [07:19am] ernie: Q, no - the OA-Admin cann't [07:20am] iang: Q: that is my understanding ... but I really don't know for sure. and there appears no way of figuring that out in any external policy sense [07:20am] iang: by OA I mean Organisation Assurance or Organisation Assurer [07:20am] iang: I don't think the O-Admin can add/change domains (from hearsay) [07:20am] law: Iang: Which of those? This is an important difference... [07:21am] law: O-Admin cannot add/change domains. [07:21am] iang: law:which of those in which question / context ? [07:21am] ernie: law, right [07:21am] law: Whether to block Organisation Assurence or Organisation Assurer is a huge difference. [07:21am] dan: from what said so far we don't even know what can/carn't be done. there's an abtration case to handle the fact finding and we can't make a decision without the facts [07:22am] iang: sure ... that is why I said "How it is to be blocked is an implementation detail as yet unknown." [07:22am] law: When the dicussions started I sent some mails pointing the details of the possibilities out. Did they also go to the board lists? [07:22am] iang: and also, the "first burning question" ... we don't know how to do this, and this itself is a worrying issue [07:22am] Q: So, I think I have to agree with Dan: we don't exactly know, so we cannot make a decision> [07:23am] ernie: but most of the problems you can solve, you exclude cacert inc on the list which OrgAssurer see [07:23am] iang: Q: I agree with that; we don't know enough. FTR, I'm not proposing any motion here, as I also don't know enough. [07:23am] Q: Iang: you also mention the arb case. [07:24am] Q: You mention Arb is in problems, because of the delay [07:24am] iang: ernie: is that something that can be done outside the Organisation Assurer's control? [07:24am] iang: Q: yes [07:24am] ernie: iang, what? [07:24am] Q: I think I agree here, Will talk to the arbs this week [07:25am] iang: ernie: you said " you exclude cacert inc on the list which OrgAssurer" ... how is this done? who is in control of this? [07:25am] ernie: iang, the list is a query - when you exclude cacert inc, nobody can change anything, because there are no access [07:25am] Q: Do we need an arbitrator to do fact finding, or can we do something ourselves? [07:25am] ernie: iang, and a name and domain could be onyl added once [07:26am] Q: (seems Ernie has already done some homework) [07:26am] iang: Q: for what it is worth ... i think it is the old case of too many disputes and too many slow disputes clogging the system. But that's just my external view [07:26am] dan: i see no problem with us doing fact finding - however a board meeting time is not the time for it [07:26am] law: This is a software change... But you cannot only change the query, you also have to block it when altering data [07:26am] Q: dan: correct. Can we assign someone from the board to create an overview? [07:26am] dan: iang: can we get a list of facts needed and request them out and send the summary to the board list? [07:27am] Q: aye [07:27am] ernie: law, but you can only add once, otherwise you will see an error-message [07:27am] Q: agree [07:27am] iang: well, i think that is the arbitrator's job. I don't want to double guess the arbitrator. [07:27am] Q: agree with dan, I mean, board meeting is not fact finding time [07:28am] law: ernie: even if cacert is just included from the overview list, I still can change the admin list by just exchanging parameters in the requests. [07:28am] Q: One remaining question, do we need arbitration to create an overview? [07:28am] iang: and I'm not the one to provide the facts; there is little doco about this area, and I'm not an OA so can't see into the system [07:28am] dan: ok - 2.1. Old SP to our critical teams - mario [07:28am] law: But this is an issue software team has to deal with... [07:29am] iang: Q: i don't think so. What we need is for Arb to decide on the question of security, and rule on the issue of shutting something down ... where something is all, some, or nothing. [07:29am] ernie: iang, how you can shut doen something, where you don't know how it really works [07:30am] law: Do we - as board - need to do investigation here? [07:30am] iang: what board should be looking at is that overall, when we hit this security issue, then the response has been poor. [07:30am] Q: iang: someone can do fact finding, that would take away work from the arbitrator? [07:30am] iang: we should be looking at the interaction between the many areas involved, and trying to make sure the big picture of security is working well. Here, this time, it isn't. [07:31am] iang: ernie: turn the question around; how can the board, under all its obligations, permit something to run when it is a security-critical feature, and it doesn't understand how it works (or cannot find out) ? [07:31am] iang: we have to think audit-minded: if we don't understand it (or cannot figure it out) then audit will simply fail it. [07:31am] dan: iang: its not the right time if I'm reading what Q, ernie, law and myself are syaing [07:32am] iang: dan: think about how long you want to wait for a security hole to be cleared up [07:32am] iang: it's been 2 weeks .... and only now are we seeing a positive response on this from the OAs [07:32am] law: there is definetively no security hole [07:32am] dan: arbitation was our fast reqponse but I can't see a clear statment there is one. [07:32am] Q: dan: we cannot solve it here, but we can make a decision how to go forward. Either assign someone to do fact finding, or wait for arbitration. [07:32am] ernie: iang, you don't know how orga-assurance work [07:33am] dan: ok - 2.1. Old SP to our critical teams - mario [07:33am] iang: ernie: exactly. [07:33am] ernie: law, agree [07:33am] ernie: iang, but you are claiming a security hole - first you must know how it works [07:33am] iang: that is why i filed dispute, because there was an *apparent* security hole, and nobody rushing to explain why there is not one. [07:33am] dan: ok - 2.1. Old SP to our critical teams - mario [07:33am] law: and iang you have received feedback from ernie and me on this... [07:33am] iang: dan, please hold on. [07:33am] dan: 2.1 [07:33am] dan: 2.2 [07:33am] iang: law, i do not believe ernie's comment has been seen by me at least [07:34am] Q: I move we assign someone to create an overview (Law might be best suited) to be sent to the arbitrator. [07:35am] Q: And leave it there and move to the next subject [07:35am] iang: and, it's just a comment. what we need is confirmation from the organisation assurance officer and documentation that this is the case. otherwise we're in the dark. [07:36am] iang: ok, i agree. I'll add it to the agenda for next meeting and we can pick it up there. [07:36am] law: iang: Organisation Assurance Officer is board... [07:36am] iang: correct. and we as board don't know. [07:36am] Q: I'll put some more pressure on arbitration to pick this up [07:37am] iang: Q: thanks [07:37am] Q: (I guess that's all we can do right now) [07:37am] Q: 2.2? [07:37am] dan: please [07:37am] ernie: agree to continue with net item [07:38am] law: OK. I can do some investigations and summarize to board. But as I already declared my position I might be biased. [07:38am] iang: thanks [07:38am] iang: agreed to move on [07:39am] Q: Regarding 2.2: I talked to Wytze last week (regarding Oophaga letter) and he mentioned that at the moment they still see SP as leading to all they do [07:39am] Q: (they= system admins) [07:40am] law: Thats good to hear. So my question is more if we want to rely on all teams doing so or to glue this into concrete. [07:40am] • dan still happy to rely [07:41am] iang: all support team members have agreed to SP, as far as i can recall, in email. [07:41am] Q: I guess your proposal to create a motion is a good step, formalisation of status quo [07:41am] ernie: my understanding is, as long we don't have a new one, the old one is valid [07:41am] Q: motion to include *all* critical teams [07:41am] iang: so the issue of "non-binding" is more to others outside the teams [07:41am] law: ernie: policy group voted to take it back to WiP, so it is not binding from my understanding. [07:42am] Q: law: I guess you're right: not officially binding for everyone, however, if you have agreed to SP, you are bound [07:42am] iang: the thing is ... there are some other reasons why we have to get the critical roles to agree individually to the SP ... so this was put in place a while ago ... and represents an equally valid "binding" status on them. But only them. [07:43am] law: So what is if I agreed to SP and there is no SP? Is the old one binding? And what if there is a new SP? [07:43am] Q: so, question: do we *need* this motion, or is every member of the critical teams already bound? [07:43am] dan: or do they need to be? [07:43am] iang: there is a document, and it is well known where it is. what is the question is the status, not the document [07:43am] Q: law: newer version ovverrules the old one [07:44am] iang: where there might be a question is if someone proposes an alternate SP into the policy group ... or circulates a new SP-bis amongst the security teams. but that hasn't happened, and i see no reason to guess that it will happen. [07:44am] iang: so before an arbitrator, i suspect that it would be clear which document we are talking about [07:44am] law: What I see it, either they agree to follow the current version of the SP. Or they agree to one spcific version. [07:44am] Q: iang: what do you mena? Motion was to declare current SP (in WIP) binding to critical teams. [07:45am] iang: Q: in the absence of that motion, the teams (hopefull) have already accepted SP as their agreed document. In all versions. [07:46am] Q: iang: ok, is more version. [07:46am] iang: or, in the presence of two versions that disagree, there might be a discussion. But this is something that we can reasonably accept at the time [07:46am] iang: yes, in all versions. Or at least this is what I would suggest to the Arbitrator, following CCA [07:47am] law: What harm would it cause to do this motion? [07:47am] Q: ok, I move we declare the current SP (date april 18, 2010) binding for all members of the critical teams [07:47am] iang: the harm is that it might raise a liability in a serious snafu [07:47am] Q: until a new version goes to draft [07:48am] Q: iang: please explain? [07:48am] iang: what you might want to do is follow the style ... and ask the team leaders to ensure that all members of teams have agreed to the current SP (or the pre-veto one) ... as their binding document [07:49am] iang: at the moment, the organisation of CAcert is clear: policy sets up the document, teams agree to that document according to the status, and follow on. An Arbitrator can follow that trail. [07:50am] iang: it is part of the Arbitrator's job to understand which versions are in place, and part of the parties' role to state which versions ... so there might be a version issue in place. [07:51am] iang: as I see it, right now, the issue is entirely workable for the teams, as long as nothing goes wrong *AND* the thing that goes wrong is not related to a variation in documents. [07:51am] iang: so that is constrained to the two issues: board-under-ABC and application engineer. [07:51am] iang: so these are small issues. [07:51am] iang: and I suggest we "accept these risks" [07:52am] iang: however, the possibility exists that if the board also declares a version as being binding, this creates a possibility for the member to be confused as to the team's versions and the policy group's versions. [07:52am] iang: well, that's probably also small, as long as we can agree on that version. [07:53am] law: If I understand this right, anyone could start a new WiP SP which would also be binding to the critical teams... [07:54am] dan: can I try to summarise by saying that I don't think there is a large agreement that we need to enforce the SP to be binding [07:54am] dan: fair? [07:54am] iang: i agree with that summary [07:55am] Q: I can live with that, given Iang's explanation. [07:55am] dan: 2.4 - meeting shedule [07:55am] dan: i'm generally in favour of swapping to EU morning and AU evening [07:56am] Q: So, I guess the team leaders have to inform the mem bers of the teams. [07:56am] iang: Q: yes [07:57am] Q: Dan, I think we have people from EU, Nick from US, and you and Ian from AU. What time zone are you in? [07:57am] Q: (for me to understand how early I would have to get up) [07:57am] dan: AU (UTC+10) [07:57am] dan: 7am start today [07:58am] iang: it is 08:00 here at the moment; I think it is 8 hours ahead of current European continental time [07:58am] iang: we haven't seen Nick for many meetings ... [07:58am] law: I am also for some more weeks US, pacific [07:59am] iang: and I suspect that he won't be able to change that situation in the future (but that's just my speculation) [07:59am] iang: law: how many weeks? <2 or >2 ? [07:59am] law: till end of may [08:00am] law: so two more meetings [08:01am] iang: what is your time difference from european time? [08:01am] ernie: I don't like very much the morning our time, if it is during the week I have no time [08:01am] law: see http://www.timeanddate.com/worldclock/meetingtime.html?month=4&day=18&year=2010&p1=0&p2=791&p3=971&p4=240 [08:01am] law: whould be UTC-7 now [08:03am] ernie: could we discuss on mailinglist everybody could mention pref times [08:03am] iang: so european 7am or 8am would work for pacific time? [08:03am] Q: Hmm, I agree we have to spread the burden, I guess European time 08.00 is acceptable for all? [08:03am] Q: iang: ah, yes [08:03am] iang: i don't see a consensus in switching over ... so i'm not opposed to deferring [08:04am] ernie: Q, depends on day - week-end or working-day [08:04am] Q: but I'd like that just in the weekend, cannot commit to 08.00 during weekdays [08:04am] Q: (and I don;'t really *like* getting up at 8 in the weekend...) [08:04am] iang: [08:05am] dan: can understand. lets defer and if we can't find a tool that can put everyone's availabilty down then post out the link. [08:05am] law: Depends on the day. Sunday would be OK, Saturday I probably will usually not make it because of other appointments [08:05am] dan: can't -> can [08:05am] law: But european 9am or 10am would be also doable for me. [08:06am] Q: good [08:06am] Q: ok, who will coordinate? [08:06am] dan: i will [08:06am] Q: good [08:06am] Q: Next? [08:07am] dan: skipping quickly to 4.1 - lets leave that as is until otherwise decided [08:07am] dan: 3. questions? [08:07am] u601: I have one question [08:07am] u601: did you realize, that DNSSEC currently works on the same problem as CAcert ... about Root Escrow ... [08:07am] u601: Keyholders by Community Members [08:07am] u601: http://www.root-dnssec.org/tcr/ [08:07am] u601: http://www.root-dnssec.org/documentation/ [08:07am] u601: http://www.root-dnssec.org/wp-content/uploads/2010/04/ICANN-TCR-Proposal-20100408.pdf [08:07am] u601: ??? [08:08am] iang: i saw that post ... i haven't had time to work through it [08:08am] iang: did they come up with a solution? [08:08am] dan: in answer to your question - yes saw it. haven't read it. [08:08am] Q: Haven't seen it, but I will. [08:08am] ernie: u601, saw it and read it [08:08am] u601: they have docs written, policys ... they'll searching 21 people right now till end of april [08:09am] ernie: u601, they are searching volunteers, which are already in this business familar [08:09am] dan: which is the same problem we have - choosing the people - its not really technical [08:09am] u601: the main problem: people interested in, have to be available for 4 times a year to fly to US [08:09am] law: have seen you post, but not read the links yet. [08:09am] iang: you mentioned that they are asking for people and perhaps we should propose. I don't think we are in a position to easily support that [08:10am] iang: u601: do they provide the costs? [08:10am] ernie: iang, NO [08:10am] u601: the procedure contains one problem, that the keyholders have to come 4 times to the check by request [08:10am] iang: ok, so the only reasonable option i see is larger companies with people involved in RFC work .. those guys follow the conferences around [08:10am] ernie: u601, but what is the asset for cacert - we have our own problems [08:11am] law: to check = to maintain integrity? [08:11am] ernie: iang, these companies will pay the expenses for the people - is usual in such cases [08:11am] u601: asset for CAcert, send one ... get infos ... sharing the problem solutions [08:11am] ernie: u601, but this will not bring us forward - sorry [08:12am] ernie: u601, the infos you can also have without to be directly involved [08:12am] dan: u601: this isn't a proposal that can work for us. [08:12am] Q: ernie: I think you're right [08:12am] u601: like other cross-community projects, yes we can probably ... [08:12am] iang: i would see the asset as a signal that we participate in something similar as what we do ... so if our methods are attacked, it automatically criticises their methods [08:12am] dan: we've all still got actions to review and accept escrow problem.s [08:12am] dan: solutions [08:12am] iang: but as we can't pay those costs, I don't see it happening [08:12am] Q: iang: agree [08:12am] ernie: iang, but if somebody is doing, it is his own decision, has nothing directly to do with us [08:13am] dan: any other questions? [08:13am] u601: who we have in the US ? [08:13am] iang: ernie: certainly i wouldn't stand in the way of a person wanting to do it [08:13am] iang: and would indeed encourage it ... we just don't have anyone to hand [08:13am] u601: can we encourage someone ? [08:14am] iang: u601: typically, in the USA, we can find people to do things like this, but they generally expect costs to be paid. this is unlike Europe. [08:14am] Q: iang: also, US is bigger than western Europe [08:15am] iang: Q: and the flights work better [08:15am] u601: 4 times 99 USD its better than 4000 Euro ! [08:16am] u601: its not only sharing the informations, its also a PR push [08:16am] dan: i think there are no more questiosn therefore meeting closed [08:16am] law: I don't understand why CAcert should take part in the DNSSEC root escrow.... We could read their documents and learn from them, but for more I do not see a reason.... [08:17am] ernie: law, agree [08:17am] u601: PR !!! get more resources for our problem! [08:17am] law: next meeting discussed off list? [08:17am] u601: more experts [08:17am] iang: law: i can see the reasons .. but the primary reason is to learn, and I think the docs should explain it. elsewise, I think it is quite risky to spend money on the hope we might learn [08:17am] ernie: u601, sorry, but same people will not work also for us [08:18am] Q: law: it's not that we should take part, I guess it's more to show our problem is not unique, and we might be able to learn from DNSSEC [08:18am] iang: u601: true ... plausible ... perhaps there is a mailing list that we can hang out on ... and pick them up just by talking? [08:18am] u601: cacert-root ? [08:19am] iang: no, i mean if the DNSSEC people have a mailing list where they discuss their equivalent issues [08:19am] dan: law: yes next meeting off list [08:19am] dan: bye all [08:20am] Q: bya [08:20am] Q: bye [08:20am] iang: saturday 1st, what time? for next meeting? [08:20am] iang: oh, you want to organise that on the mailing list. ok [08:22am] LH left the chat room. (Quit: Leaving.) [08:22am] Q left the chat room. (Quit: Leaving.) [08:25am] ernie: bye
Original meeting transcript in SVN Comment: Replace in original .txt file YYYYMMDD by the real date of the meeting and after that cancel this comment.