To Brain CAcert Inc. - CAcert.org Members Association - To Brain CAcert Inc. Committee Meeting Agendas & Minutes - Board's Project Overview - Current Action Items - last meeting - next meeting
Committee Meeting 2013-03-10
The meeting will take place at 21:00 UTC in the IRC channel #board-meeting on the CAcert IRC network.
Committee Members: feel free to add a business within the acceptance period or your question to the board below. Others: add a question to the questions section.
Premeeting
Minutes author prepares the minutes from the last meeting
Minutes author prepares the action items. All action owners to update.
Agenda
- Preliminaries
- Chair opens the Committee Meeting
- Who is making minutes?
Chair asks whether cacert-board-private maillist includes any items that need to be disclosed to Members.
Chair asks whether cacert-board maillist includes any business items that aren't on the agenda yet.
Chair introduces the URL of action items to the meeting, and asks for discussion.
- Businesses
Acceptance of Businesses 48 Hours before beginning of Committee Meeting latest!
- Acceptance of late businesses
- Financial report (ongoing)
- Submission of the summary to OFT
- Extended version for the Association
Preparation of the SGM Werner
- Read-Only access to the online banking for treasurer Michael (ongoing)
New Roots & Escrow project - risk analyze finalized - Whatsup next? - added by UlrichSchroeter
- board to consider iang's Security Risk Analysis over the Root Key Escrow - paper
Decision is required which Escrow method CAcert shall use for the New Roots & Escrow project
- Background:
- last time the escrow topic has been placed before board it was in 2010
- Ian finalized in 2012 the risk analysis over Root Escrow ... that probably needs attention by board
to finalize with a board motion which escrow method shall be used in upcoming new roots & escrow project
Escrow And Recovery is the Escrow project entry page
see also Brain/CAcertInc/Committee/MeetingAgendasAndMinutes/20120127#Minutes top 2.2
- Previous Board discussions:
Board meeting 2010-03-21 top 2.1 Determine Root escrow and recovery mechanism
Board meeting 2010-04-03 agenda item 10 (reference to Policy Group discussions in mailing list cacert-root)
Other teams discussions: Software-Assessment project team meeting 2013-02-05
- we have
- risk analyze
- new roots procedure
- required steps?
- decision of Escrow method
- subroot under eg. org++
- cps changes?
- new roots?
- new signer?
- indirect crl's
- we have
Business added by Your Name Comment: Replace "Business One" by Title of Business and add your Name
Additional Inputs Comment: Replace "Additional Inputs"by Description of Business, Description of Reason-Why/Purpose, Additional Comments, Additional Documents, Additional Links, if useful for other Committee Members to prepare for Committee Meeting.
- et cetera
- Question Time
Questions from CAcert.org Community Members can be added until beginning of Committee Meeting! As well questions can be asked at "Question Time", without added Question here
- What about use of micropayment services like Flattr or Kachingle for funding; added by BenBE
Is there any progress on question of European Community or country foundations; added by Iang
- is this something to bring up at SGM?
Question One added by Your Name Comment: Replace "Question One" by Your Question and add your Name
- et cetera
- Closing
- Agree on date of the next Committee Meeting
- Chair closes the Committee Meeting
Minutes
1 Preliminaries
1.1 Opening
Present: Dirk, Michael, Tomáš, Werner
Meeting chaired by Werner.
1.2 Minutes from last meeting
Minutes from 2013-02-24 accepted in meeting by motion m20130322.1.
1.3 Minutes taker
Minutes will be taken by Tomáš.
1.4 Disclosure of private communication
Nothing to disclose.
1.5 Potential agenda items on cacert-board
No new issues identified on the mailing list.
1.5 Action Items
Financial report done, key persons update still pending (due to SGM preparation).
2 Business
2.1 Acceptance of late businesses
As the meeting page was prepared just before the meeting, all agenda items are late. Agenda unanimously accepted by m20130322.2.
2.2 Financial report
Kevin wrote 2013-02-26 that the report from AGM hasn't been sent to OFT yet. This means we do not have to request a change, only have to pay the AU$ 31 late submission fee for filing the SGM version.
Michael (Treasurer) had a phone call with ex-Treasurer Jeffery trying to figure out where the differences between the original and revised FR stem from. Conclusion is that the new report is valid and the "alpha" version approved by Board is the final summary to be submitted to SGM.
2.3 Preparation of the SGM
Meeting agenda page has been prepared by Ulrich & Michael. Tomáš will ask Mario to set VoteBot up.
Call was done by personalised e-mail this time, no problems encountered. Many members are not eligible to vote due to unpaid fees, Michael is preparing the accounting system to handle fee payment reminders automatically.
2.4 Read-Only access to the online banking for treasurer Michael
Direct access to bank statements would make Treasurer's life much easier. Some discussion ensued whether a motion is really necessary here as the Treasurer probably already has all the authority to get access. Motion that the treasurer gets read-only access to the online portal of the bank accounts where possible CARRIED.
2.5 New Roots & Escrow project
A long discussion about escrow methods took place with no clear conclusion. To be continued on mailing list as this needs wider discussion and more time. Main points from the meeting:
- The solution recommended by SRA (duplicate critical systems) is perceived by some to be prohibitively expensive in our current situation, both from monetary and manpower PoV.
- There seems to be a notion that we need a quick solution now and switch to the duplicate systems solution later on, after Audit and presumable increase in resources. There were some hints that browsers are going to ban MD5 even including the root, but no concrete evidence for this was shown.
- Combination of two Notaries/Bank safes is seen as a cost-effective alternative simple enough to implement. Using two third parties would eliminate possible single point of failure for recovery. The idea is to instruct the third party to allow access only to at least two persons from a predefined group of N (to enforce four eyes principle). The same people would also hold the passphrase needed to decrypt stored roots. Whether it's actually possible to set up such an access policy with a third party would need to be investigated.
3 Question time
3.1 Use of micropayment services like Flattr or Kachingle for funding
Possible use of micropayment support buttons for blog posts and the like was brought to Board's attention by BennyBaumann. This could make it very easy for people to donate small amounts. Good wiki pages, blog entries or even specific bugs/patches could be supported in this way. Attaching this to the news items on www.cacert.org is complicated by the fact webdb is critical, so the idea is to try it out somewhere non-crit first.
This will be handled in next meeting as a regular agenda item.
3.2 European foundations and the possibility of Inc move
Board doesn't know of any progress in the direction of moving the Association. Some possibilities were investigated by the Community and are documented at AssociationMove.
4 Closing
Next meeting will be on Sunday 2013-03-24 in accordance with the regular schedule.
Motions
m20130322.1: Accept the minutes from 2013-02-24 meeting
m20130322.2: Accept late business for 2013-03-10
m20130322.3: Read-only bank account access for Treasurer