Committee Meeting 2013-08-25
The meeting will take place at 20:00 UTC in the IRC channel #board-meeting on the CAcert IRC network.
Committee Members: feel free to add a business within the acceptance period or your question to the board below. Others: add a question to the questions section.
Minutes author prepares the minutes from the last meeting
Minutes author prepares the action items. All action owners to update.
Minutes author puts motion m201309xx.x to accept the minutes
- Chair opens the Committee Meeting
- Who is making minutes?
Chair asks whether cacert-board-private maillist includes any items that need to be disclosed to Members.
Chair asks whether cacert-board maillist includes any business items that aren't on the agenda yet.
Chair introduces the URL of action items to the meeting, and asks for discussion.
Acceptance of Businesses 48 Hours before beginning of Committee Meeting latest!
Oophaga closing down (ongoing)
New Roots & Escrow project (recurring agenda topic until decision reached)
New Are our root certificates stolen? discussion
- Is this something, Board has to react upon?
AGM preparation - Scheduling (recurring agenda topic until AGM scheduled)
TTP-assisted-assurance program - Nomination procedure
- Board shall rethink and decide about one of the following procedures to install:
- motion: that new TTP-assurers can be nominated by 2 TTP-assurance team members not limited to AO and OAO but probably accepted by them, placed before and accepted by board (similar to new CAcert Inc membership procedure)
- motion: that nominations and approval procedure for new TTP-assurers will be delegated to the TTP-assurance team, to AO and/or OAO, with notification to board that nomination has been accepted.
TTP-assurance program report by AO (WIP under AGM2013 team reports)
Accept new TTP-assurer Martin Gummi
- dependend on motion of previous agenda topic:
- motion: To accept new TTP-assurer Martin Gummi, nominated by OAO, seconded by AO
Proposal for enhanced notification text a20130810.1 intermediate ruling #2
I propose to the involved teams, to use an enhanced text for the scripted mailing text in relation to the blog post text published 2013-08-10
with a detailed explanation of the CCA 3.5 violation problem (-> CCA 3.5 violation explained) -and- b. detailed explanation of the "critical relation to our WoT services" used by 3 (out of 14) of the members we try to contact. A core explanation still exist under Discovery & Deliberations
- so that members gets explained, why we use this unusual way to contact our members. Why we use a secondary email address instead of a primary email address as stated by our own policies. Especially a common wide spread warning exist:
Don't react on email requests regarding your bank or credit card account. Don't click on links in such emails. Such emails often used for pishing.
- I've also received an idea from a community member, if we should make an offer to the effected users for an email address on our non-critical email infrastructure services. That I forward to board to consider. From Arbitration side, there is nothing that prevents such an offer (see also deliberations that results in section 4 of intermediate ruling #1)
Create a CAcert bank account in Germany
Late Business: Current state of Investigation on Are our root certificates stolen?
Business added by Your Name Comment: Replace "Business One" by Title of Business and add your Name
Additional Inputs Comment: Replace "Additional Inputs"by Description of Business, Description of Reason-Why/Purpose, Additional Comments, Additional Documents, Additional Links, if useful for other Committee Members to prepare for Committee Meeting.
- et cetera
- Question Time
Questions from CAcert.org Community Members can be added until beginning of Committee Meeting! As well questions can be asked at "Question Time", without added Question here
Question One added by Your Name Comment: Replace "Question One" by Your Question and add your Name
- et cetera
- Agree on date of the next Committee Meeting
- Chair closes the Committee Meeting
Present: Dirk, Michael, Werner
Meeting chaired by Werner.
1.2 Minutes from last meeting
Minutes accepted by motion m20130906.1.
1.3 Minutes taker
Minutes will be taken by Werner.
1.4 Disclosure of private communication
Nothing to disclose
1.5 Potential business items on cacert-board
No new business identified.
1.6 Action items
2.1 Oophaga closing down
The memorandum of understanding is finalized in paper and as a PDF. A press release was published in English, Dutch and German, Blog. Wytze will update the security manuals.
2.2 New Roots & Escrow project
Benedikt told, he set up a tool to control the project over (https://cacert.ylabs.eu/openppm/). They will grant all parties required (board, project team) access in the next days. They started to define the certificate content for the root certificate Contents. The motion to "Approve the new roots project charter" was carried m20130906.2. The planned funds required of 5100 € are not yet fully available, but we are confident to rise them. In short time only about 100 € are required for backup media. The main issue are travel costs.
2.3 AGM preparation - Scheduling
Michael is nearly ready with the Financial Report. The team leaders shall be called to prepare their reports too.
There is a problem to find enough member from Australia. As Werner heard from Jürgen Bruckner, in Austria there are good conditions to cretate an European association. But assumedly this will require a lot of time. Maybe EU parliament will soon allow the European Association. On the other side, an European cooperative society already exists and it may be advantageous regarding liabilities.
2.4 TTP-assisted-assurance program - Nomination procedure
The motion "The Assurance Officer and Organisation Assurance Officer may appoint TTP Assurers on their own" was carried m20130906.3.
2.5 Accept new TTP-assurer Martin Gummi
Martin was apponted by Assurance Officer and Organisation Assurance Officer.
2.6 Proposal for enhanced notification text a20130810.1 intermediate ruling #2
No issue for board, it can be settled at lower level.
2.7 Create a CAcert bank account in Germany
Since most member are in Germany and many in other parts of EU, this would be a good idea. But Sparkassen and Volksbanken and other institutes require a place of business in Germany. We are investigating further if big commercial banks will do. Pure donations can run over secure-u, but fees must go directly to a CAcert account.
2.8 Are our root certificates stolen?
Unfortunately, we cannot prove the statement wrong. However, there is a low chance that the keys are available on the black market - if so, someone would have used them the last 7-10 years. The 2003 certs are a business risk, since we do not know what happened with them between the creation and the move to Europe in 2008. We don't have found evidence that the keys are stolen; nevertheless, we don't have evidence they are not. Since the roots are located in Ede, everything is working under the the right control. Yet this is one more reason to advance the NR&E project.
"Does plans ideas exist? if we cannot get not enough AU board member candidates" was postponed.
Next meeting will be 2013-09-15 at 21:00 UTC.
m20130906.1: Accept the minutes of the meeting 2013-07-21
m20130906.2: Approve the new roots project charter
m20130906.3: AO and OAO appoint TTP Assurers