Committee Meeting 2013-06-23
The meeting will take place at 09:00 UTC in the IRC channel #board-meeting on the CAcert IRC network.
Committee Members: feel free to add a business within the acceptance period or your question to the board below. Others: add a question to the questions section.
Minutes author prepares the minutes from the last meeting
Minutes author prepares the action items. All action owners to update.
Minutes author puts motion m20130616.4 to accept the minutes
- Chair opens the Committee Meeting
- Who is making minutes?
Chair asks whether cacert-board-private maillist includes any items that need to be disclosed to Members.
Chair asks whether cacert-board maillist includes any business items that aren't on the agenda yet.
Chair introduces the URL of action items to the meeting, and asks for discussion.
Acceptance of Businesses 48 Hours before beginning of Committee Meeting latest!
Oophaga closing down (ongoing)
New Roots & Escrow project (recurring agenda topic until decision reached)
Business added by Your Name Comment: Replace "Business One" by Title of Business and add your Name
- et cetera
- Question Time
Questions from CAcert.org Community Members can be added until beginning of Committee Meeting! As well questions can be asked at "Question Time", without added Question here
Question One added by Your Name Comment: Replace "Question One" by Your Question and add your Name
- et cetera
- Agree on date of the next Committee Meeting
- Chair closes the Committee Meeting
Present: Michael, Peter, Tomáš, Werner
Meeting chaired by Werner.
1.2 Minutes from last meeting
Minutes accepted by motion m20130616.4.
1.3 Minutes taker
Minutes will be taken by Werner.
1.4 Disclosure of private communication
Nothing to disclose, some discussion about reasons.
1.5 Potential business items on cacert-board
No new business.
1.6 Action items
2.1 Oophaga closing down
Nothing new. The MoU waits for singning by the boards of CAcert and secure-u!.
2.2 New Roots & Escrow project
The references in the proposal are related to the "New Roots Task Force" Requirements https://wiki.cacert.org/Roots/EscrowAndRecovery#Requirements. We took the general and the policy based criteria into concern. The audit based criteria are obsolete since the DRC is no longer applicable: https://wiki.cacert.org/Roots/EscrowAndRecovery#Discussion.
Disaster Recovery planning suggests we need to be able to issue CRLs within 24 hours. But we might have a problem to fulfil z.7. when a bank is closed on weekends. A dedicated CRL cert is planned but not yet there. For the record: http://openssl.6102.n7.nabble.com/Offline-Root-CA-and-CRL-generation-td44324.html.
At the moment everybody is mostly happy with this vault-based escrow method, but some essential details must be resolved.
Recommendation from risk assessment: the risk of a compromised bank (a bank does not know what is in their vaults) in a political stable country is lower than the risk of loss of the key by a group of humans (each of them can loose the key and compromise the security of the CA). But there concerns arose how secure is a vault against a malicious bank clerk. The discussion came to no solution. Deferred to next meeting.
Next meeting will take place on Sunday 2013-07-07 09:00 UTC.