Committee Meeting 2022-04-07

When will you hop into the nest with us?

The meeting will take place at 20:00 UTC in the IRC channel #board-meeting on the CAcert IRC network.

In some places the time was changed a few days ago. If this was the case in your time zone, please click on the linked time 20:00 UTC above to see the time in your local time.

Feel free to add a business item within the acceptance period of 48 hours or your question to the board below. Non-committee members: the committee may choose to convert any business proposed as a question in the questions section.

Agenda

Signs that appear in the agenda
<!> Formulated motion on your topic. It will be put to the vote. Adjustments may be made before the vote. A motion must be submitted for resolutions!
{i} Information for your attention. Does not need to be explained or discussed at the meeting. Purpose: Everyone is up to date.

  1. Preliminaries
    1. Chair opens the Committee Meeting
    2. Who is making minutes? ### (Writing minutes in real time)

    3. Chair asks whether cacert-board-private or cacert-board maillist includes any items that need to be disclosed to Members.

    4. Accept minutes from 3.3.2022 <!> "I move to accept the minutes of the committee meeting of 3rd of March 2022."

  2. Business

    Acceptance of new business items no later than 48 hours before the start of the committee meeting!

    1. Quick decisions
      1. xxxx <!> "I move that xxxx."

    2. Quick infos
      1. {i} CCA update has been initiated. (ad new IBAN in Feb, review in March, sent in spring after new firewall installed) XXX ANP. NACH ANTW D.A: XXX

      2. {i} Tax exemption: dossier is 99% compiled, expected to be finished in February.

    3. Finance team (Michael)

      1. New ERP: Info: State of affairs
    4. OpenID Connect (Brian) (integration / what is done / what will be done until end of year / Board asks whether there is anything that they can do to assist)

      1. At present, there is a need for people who are willing to edit and create appropriate documentation for various audiences.
    5. Future of secureU e.V. (Discussion)
      1. {i} Termination of Memorandum of Understanding (2013): As a member of the board of secure-u! e.V. Ted has been appointed to terminate the Memorandum of Understanding from June, 24th 2013, between CAcert Inc. and secure-u! e.V., according to the regulations for termination set in that memorandum. As secure-u! plan to terminate secure-u! e.V. in the near future, so they will not be able to fulfil this agreement any more. Work is in progress to minimise the impact of this termination to CAcert Inc. (The Secretary had confirmed to Ted that the committee of CAcert Inc. is aware of this.)

      2. {i} CAcert Critical Team Lead Dirk A has been designated by motion ended on 13th March 2022 Agent for the Board of CAcert, Inc. in the matter of transferring of all CAcert assets from Secure-U! to CAcert, Inc.

      3. ???? next step !!! XXX
    6. Background Check (Ted)

      1. {i} BGC for Gero and Peter is initated. (date searching for the first, waiting list the second)

      2. {i} BGC for Kim, Matthias and Sascha is initated. (adress transfered to BGCer)

      3. {i} new BGCer are possible; names of FD and ER transfered to BGCer

    7. New CSR software (Ted)

      1. Brian and Dirk have been looking at possible updates for this software. There appear to be two current options, one from Jan.
    8. Software reviews
      1. xxx (Brian)

      2. Wiki review of https://wiki.cacert.org/engagement // Please look at the wiki page and send suggestions for changes directly to the secretary by Sunday, 17 April. (Etienne)

    9. Remote Assurance (Brian)

      1. {i} Relance discussion in policy group https://lists.cacert.org/wws/arc/cacert-policy/2022-04/msg00000.html

      2. Create a remote assurance sub committee (RASC)
      3. Approach Software Development and the Critical Team
    10. Hardware renewal plan (Michael)
      1. Who is taking care of this project?
      2. Who will start to write a draft?
    11. Review landing page
      1. There is a new landing page for volunteers. To put as a link in e-mails, etc. to avoid that we will be overhelmed by e-mails... e.g. as a link in the CCA-Mail to 380 000 where we will also ask for help. We cannot answer 20000 e-mails. So we need a kind of self service entrance landing page for volunteers. https://wiki.cacert.org/engagement There was a homework for all board members until today: look at https://wiki.cacert.org/engagement - it will come again today. Having such a landing page is great, and yes, it might be fun to help out make it welcoming. There are many edits that some would make to that page.

  3. Question Time

    Questions from CAcert.org community members can be added until beginning of committee meeting! As well questions can be asked at "Question Time", without added question here.

    1. "Question One." added by Your Name Comment: Replace "Question One" by your Question and add your name

      • ..
    2. Closing
      1. Agree on date of the next Committee Meeting: 5. Mai 2022
      2. Agree on the following meeting dates: 2022, 2. June 2022, 7. July 2022, 7. Aug. 2022 (keep date free, can be changed if necessary)
    3. To remember: Goals 2021/2022 (propositions by board 2020/2021) - Each goal needs a responsible person on the board who keeps an eye on it and reports regularly, keeps in touch with the responsible people.
      • push OrgA (Guy)
      • expand PR (Alex cannot do this, wants to hand over)
      • support SecureU (find an active board member for them in Germany)
      • expand background check
      • simplify the certificate creation (this enables the start of various projects from the pipeline)
      • remote assurance, if accepted by the community;
      • software development and testing
      • delivering the OpenID Connect integration, for which CAcert is funded by the RIPE NCC.
    4. Not to forget: Staffing the teams
      1. Applicants to the Infrastructure team
      2. Applicants to the Development team
      3. Applicant to the Critical team
    5. Access to local systems for board members

Person

Board-Private

Committee Archive

Wiki

Nextcloud

Brian

(./)

(./)

(./)

(./)

Etienne

(./)

(./)

(./)

(./)

Frédéric

(./)

(./)

(./)

Admin

Kim

(./)

(./)

<!>

?

Michael

(./)

(./)

<!>

?

Sascha

(./)

(./)

(./)

Admin

Wacław

<!>

(./)

<!>

?

1. Tasks assigned to Board Members and others

Person

Task

Deadline

Other People Involved

Notes

Brian

Contact QA/QC Volunteers

10 January 2022

Gero Treuner, Peter Nunn, others?

To begin work, they do not need ABC.

Brian

bla

2022

xxx

xx.

Brian

bla

2022

xxx

xx.


  1. Software Team
    1. Issue 1502: Adapt the UI at CAcert.org to deal with the "keygen" feature having been removed in browsers

    2. Issue 1482: Limit validity period of new HTTPS certificates to one year

    3. Issue 1444: PHP - Brian

    4. Issue 1417: Keygen / new CSR software - Bernhard

  2. Organisation Assurance
    1. How to relance OrgA? (Guy)
  3. Grant applications
    1. Protopype Fund https://prototypefund.de/en/ (mail to SW Board only)

      1. The Prototype Fund is a project of the Open Knowledge Foundation Germany, funded by the Federal Ministry of Education and Research (BMBF). This is for residents of Germany only. We could create a group of people that work on a project for CAcert (with all support of the others in the background). It runs for two more years, every 6 month.
      2. Infra does not see any acute need at the moment, and does not have the capacity to provide qualified support.
      3. There are some ideas for software, but in infra's view there is still a lot of conceptual and preparatory work missing. What Infra could imagine is financing people to carry out a requirements analysis and write a requirements and test specification. This could then be used as a basis for a new implementation of the CAcert software (WebDB, Signer and perhaps other things like CATS). But these are just a few ideas of JanDD and he cannot currently recommend any people who would be suitable for this. Potential candidates would have to deal intensively with the existing software on the one hand and with the underlying policies on the other, and would have to identify a lot of missing information, ask for it and make assumptions for discussion. This requires very good analytical and communication skills and a high level of stamina.
  1. Blockchain
    1. see here: https://wiki.cacert.org/Brain/CAcertInc/Committee/MeetingAgendasAndMinutes/2018-03-01/ideas#Blockchain (waiting for answer from IanG)

Minutes

Present

Members of the Committee:

Present, by alphabetical order

Brian McCullough

Etienne Ruedin

Frédéric Dumas

Kim Nilsson

Absent or silent, by alphabetical order

Michael Richardson

Sascha Ternes

Members of the CAcert community and other guests

Having been active during the meeting, by alphabetical order

Dirk Astrath

Committee meeting - 2022-04-07

1.1 Opening

Our chair, Brian McCullough, opened the meeting at 20:15 UTC.

Agenda: https://wiki.cacert.org/Brain/CAcertInc/Committee/MeetingAgendasAndMinutes/2022-04-07

1.4 Acceptance of minutes

Motion to accept minutes from 03.03.2022

Votes: 3 Ayes, no Naye, 1 Abstain

2.1 Quick decisions - none

2.2 CCA & tax exemtion

Etienne explains that the CCA update procedure is still on the way. He commits to deliver an update in May. And the same about exemption tax, for us to fulfil a grant application.

2.3 Finance Team - CRM/ERP - NextERP

Frederic recalls that he committed to deploying a test version of NextERP on the test server lent by Brent, that he has to do it still. He is a bottleneck in that matter. he apologizes for that. He has set himself the goal of delivering a test ERP with its documentation to Jan before Dirk's journey to BIT in May.

2.4 OpenID Connect

Brian asks for help in writing documentation about the work he has done. Etienne offered to write an email calling for help from CAcert members.

2.5 Secure-U

Dirk explains that Michael will be in Europe around 13 May, to sign the contract with BIT on behalf of CAcert, replacing Secure-u. Brian would not consider the vote he had called for, giving Dirk a mandate to organize the transfer of the Secure-u contract to CAcert, as only two committee members voted yes.

2.6 Background Check

Etienne says that after emailing with Ted: BGC for Gero and Peter is initated. (date searching for the first, waiting list the second). Also, BGC for Kim, Matthias and Sascha is initated. (adress transfered to BGCer). Maybe new BGCer are possible; names of FD and ER transfered to BGCer.

Frédéric apologises for promising to organise the meetings for everyone and not having done so yet. He understands that Bernhard started to organise a planning of meetings. He undertakes to assist him.

2.7 CSR / OCSP

Regarding the update of our CSR software, we could consider deploying code written by Jan, in a production context in a professional environment. This would probably require changes to our root certificates. Dirk explains that Jan wrote an ocsp-resolver for a customer some time ago, which could be adapted to CAcert, and that Brian has received the git-link to this code.

Brian says he has been looking into the code, and trying to understand the missing pieces. He seems to have issues getting his emails delivered. Dirk suggests Brian talk to Jan about this, so work isn't being done unnecessarily.

Dirk mentions that Jan did some progress regarding OCSP-server in the last ~10 days ... and detected some issues in CAcert's root, class3 and issued certificates, which may cause issues on an OCSP-server following strictly the RFCxxxx. So we may need to resign class1 and class3 (and change signer-coding/setting) at some time. New OCSP-software needs to be ready at some time in summer (after all other critical-changes are done), afterwards we should think about new signer-software/hardware.

2.8 Software reviews

2.8.1 Work on new CSR software.

Brian talked about this during 2.7.

2.8.2 New landing wiki page - also 2.11

This new welcome page for newcomers was written by Etienne. Etienne emailed and reminded everyone to review the landing page https://wiki.cacert.org/engagement, before April 17. Kim considers the page to be informative, educational and a bit funny; however, he repeats that he cannot contribute as he does not have editing rights to the wiki.

Kim has copied the current content of the landing page to a Nextcloud doc. Checked with Etienne that it works as a simple way to suggest changes to the real landing page. Here is the work document. https://nextcloud.cacert.org/apps/files/?dir=/CAcert%20board/Work%20products&openfile=5961

2.9 - Remote Assurance

Brian explained that he had again invited the Policy Group to move forward on the evolution of our remote identity verification rules.

https://lists.cacert.org/wws/arc/cacert-policy/2022-04/msg00000.html

Kim and Dirk discuss how there are risks and difficulties when performing Remote Assurances, which we all envisaged from the beginning. Kim also said that there were both positive and negative feedback from the Policy Group. Some (read: one person) doesn't want Remote Assurances at all, while others just want it to be as uncomplicated as possible. Some people raise the risk of having their identity document, presented to the camera, recorded without their knowledge, i.e. raise the question of trust in the telecommunication link and in the operator (the assurer) at its end.

Brian envisages writing a version of the "modified" Policy paragraphs, and post that to Policy Group.

2.10 Hardware renewal plan

The committee will take time to discuss the equipment renewal proposal, brought forward by Michael, when he is present.

Dirk plans to replace the broken alix-board (10/100) to apu-board (1 Gbps) for firewall fw02 within the next two weeks, and perhaps the second firewall next time he visits Bit in May

Frederic proposes to go with Dirk to Ede at BIT in May, to mount an extra processor and its cooler on the server Brent gave us, which is now running as Infra03.

Dirk proposes to take advantage of Michael's presence in Europe in May, to visit BIT together.

3 Questions

3.1 Dirk, Kim and Frédéric proposed to move the time of the monthly committee meetings back to 17:30 or 18:00 UTC, in order to avoid its members located in Europe finishing the meeting at midnight local time. Brian had no objection. A consensus was reached for 18:00, as long as it was convenient for Michael too, who was absent today to confirm the new time.

Europeans wanted the meeting to start earlier... so let's try 18:00 UTC and see if that suits everyone in practice.

3.2 It is recalled that the time of our informal Wednesday meetings is 13:30 UTC. The communication channel is https://meet.jit.si/cacert

3.3 Kim definitely has access to Nextcloud. Pretty sure Michael does too. Neither has edit access to the wiki.

4 Closing

Our chair, Brian McCullough, ended the meeting at 22:08 UTC.

Next meeting

The committee schedules its next meeting for the 5th of May, 2022, at 18:00 UTC.

Logfile

Logfile from meeting 2022-02-03

Motions

Actions

Who

Status

Action

Minutemaker

wip

prepare Agenda and Minutes for the next meeting

Brian

Software meeting

every 2 month

Secretary

bank

accounts, contact with treasurer


Brain/CAcertInc/Committee/MeetingAgendasAndMinutes/2022-04-07 (last edited 2022-04-07 23:03:35 by EtienneRuedin)