Committee Meeting 2013-08-25

The meeting will take place at 20:00 UTC in the IRC channel #board-meeting on the CAcert IRC network.

Committee Members: feel free to add a business within the acceptance period or your question to the board below. Others: add a question to the questions section.


  1. Minutes author prepares the minutes from the last meeting

  2. Minutes author prepares the action items. All action owners to update.

  3. Minutes author puts motion m201309xx.x to accept the minutes


  1. Preliminaries
    1. Chair opens the Committee Meeting
    2. Accept the minutes from the last meeting.

    3. Who is making minutes?
    4. Chair asks whether cacert-board-private maillist includes any items that need to be disclosed to Members.

    5. Chair asks whether cacert-board maillist includes any business items that aren't on the agenda yet.

    6. Chair introduces the URL of action items to the meeting, and asks for discussion.

  2. Businesses

    Acceptance of Businesses 48 Hours before beginning of Committee Meeting latest!

    1. Oophaga closing down (ongoing)

    2. New Roots & Escrow project (recurring agenda topic until decision reached)

    3. AGM preparation - Scheduling (recurring agenda topic until AGM scheduled)

    4. TTP-assisted-assurance program - Nomination procedure


      • Board shall rethink and decide about one of the following procedures to install:
        1. motion: that new TTP-assurers can be nominated by 2 TTP-assurance team members not limited to AO and OAO but probably accepted by them, placed before and accepted by board (similar to new CAcert Inc membership procedure)
        2. motion: that nominations and approval procedure for new TTP-assurers will be delegated to the TTP-assurance team, to AO and/or OAO, with notification to board that nomination has been accepted.
      • TTP-assurance program report by AO (WIP under AGM2013 team reports)

    5. Accept new TTP-assurer Martin Gummi

    6. Proposal for enhanced notification text a20130810.1 intermediate ruling #2

      • I propose to the involved teams, to use an enhanced text for the scripted mailing text in relation to the blog post text published 2013-08-10

        1. with a detailed explanation of the CCA 3.5 violation problem (-> CCA 3.5 violation explained) -and- b. detailed explanation of the "critical relation to our WoT services" used by 3 (out of 14) of the members we try to contact. A core explanation still exist under Discovery & Deliberations

      • so that members gets explained, why we use this unusual way to contact our members. Why we use a secondary email address instead of a primary email address as stated by our own policies. Especially a common wide spread warning exist:

        Don't react on email requests regarding your bank or credit card account. Don't click on links in such emails. Such emails often used for pishing.

      • I've also received an idea from a community member, if we should make an offer to the effected users for an email address on our non-critical email infrastructure services. That I forward to board to consider. From Arbitration side, there is nothing that prevents such an offer (see also deliberations that results in section 4 of intermediate ruling #1)

    7. Create a CAcert bank account in Germany

    8. Late Business: Current state of Investigation on Are our root certificates stolen?

    9. Business added by Your Name Comment: Replace "Business One" by Title of Business and add your Name

      • Additional Inputs Comment: Replace "Additional Inputs"by Description of Business, Description of Reason-Why/Purpose, Additional Comments, Additional Documents, Additional Links, if useful for other Committee Members to prepare for Committee Meeting.

    10. et cetera
  3. Question Time

    Questions from Community Members can be added until beginning of Committee Meeting! As well questions can be asked at "Question Time", without added Question here

    1. Question One added by Your Name Comment: Replace "Question One" by Your Question and add your Name

      • et cetera
  4. Closing
    1. Agree on date of the next Committee Meeting
    2. Chair closes the Committee Meeting


1 Preliminaries

1.1 Opening

Present: Dirk, Michael, Werner

Meeting chaired by Werner.

1.2 Minutes from last meeting

Minutes accepted by motion m20130906.1.

1.3 Minutes taker

Minutes will be taken by Werner.

1.4 Disclosure of private communication

Nothing to disclose

1.5 Potential business items on cacert-board

No new business identified.

1.6 Action items

No discussion.

2 Business

2.1 Oophaga closing down

The memorandum of understanding is finalized in paper and as a PDF. A press release was published in English, Dutch and German, Blog. Wytze will update the security manuals.

2.2 New Roots & Escrow project

Benedikt told, he set up a tool to control the project over ( They will grant all parties required (board, project team) access in the next days. They started to define the certificate content for the root certificate Contents. The motion to "Approve the new roots project charter" was carried m20130906.2. The planned funds required of 5100 € are not yet fully available, but we are confident to rise them. In short time only about 100 € are required for backup media. The main issue are travel costs.

2.3 AGM preparation - Scheduling

Michael is nearly ready with the Financial Report. The team leaders shall be called to prepare their reports too.

There is a problem to find enough member from Australia. As Werner heard from Jürgen Bruckner, in Austria there are good conditions to cretate an European association. But assumedly this will require a lot of time. Maybe EU parliament will soon allow the European Association. On the other side, an European cooperative society already exists and it may be advantageous regarding liabilities.

2.4 TTP-assisted-assurance program - Nomination procedure

The motion "The Assurance Officer and Organisation Assurance Officer may appoint TTP Assurers on their own" was carried m20130906.3.

2.5 Accept new TTP-assurer Martin Gummi

Martin was apponted by Assurance Officer and Organisation Assurance Officer.

2.6 Proposal for enhanced notification text a20130810.1 intermediate ruling #2

No issue for board, it can be settled at lower level.

2.7 Create a CAcert bank account in Germany

Since most member are in Germany and many in other parts of EU, this would be a good idea. But Sparkassen and Volksbanken and other institutes require a place of business in Germany. We are investigating further if big commercial banks will do. Pure donations can run over secure-u, but fees must go directly to a CAcert account.

2.8 Are our root certificates stolen?

Unfortunately, we cannot prove the statement wrong. However, there is a low chance that the keys are available on the black market - if so, someone would have used them the last 7-10 years. The 2003 certs are a business risk, since we do not know what happened with them between the creation and the move to Europe in 2008. We don't have found evidence that the keys are stolen; nevertheless, we don't have evidence they are not. Since the roots are located in Ede, everything is working under the the right control. Yet this is one more reason to advance the NR&E project.

3 Questions

"Does plans ideas exist? if we cannot get not enough AU board member candidates" was postponed.

4 Closing

Next meeting will be 2013-09-15 at 21:00 UTC.


Brain/CAcertInc/Committee/MeetingAgendasAndMinutes/20130825 (last edited 2013-09-15 22:32:21 by UlrichSchroeter)