• Brain
• CAcertInc
• Committee
• MeetingAgendasAndMinutes
• 2023-12-07

• To Brain CAcert Inc. - CAcert.org Members Association - General Meetings - To Brain CAcert Inc. Committee Meeting Agendas & Minutes - Board's Project Overview - Current Action Items - last meeting - next meeting

Constitutive Committee Meeting 2023-12-07 19:00 UTC

The meeting will take place at 19:00 UTC at https://meet.jit.si/cacert If you do not have audio channel, you may try in the IRC channel #board-meeting on the CAcert IRC network.

Please note: The time will remain the same in Europe, please check for other regions of the world due to daylight saving time.

Feel free to add a business item within the acceptance period of 48 hours or your question to the board below. Non-committee members: the committee may choose to convert any business proposed as a question in the questions section.

Agenda

Signs that appear in the agenda
Formulated motion on your topic. It will be put to the vote. Adjustments may be made before the vote. A motion must be submitted for resolutions!
Information for your attention. Does not need to be explained or discussed at the meeting. Purpose: Everyone is up to date. (max. 10 seconds) Discussion topic with or with no decision.

1. Preliminaries one
   1. Chair opens the Committee Meeting
   2. Who is making minutes?
2. Constitution

   1. Discussion, propositions

   2. President

   3. Vice president

   4. Treasurer

   5. Secretary

3. Preliminaries two

   1. Chair asks whether cacert-board-private or cacert-board maillist includes any items that need to be disclosed to Members.

   2. Accept minutes from 2. November 2023 "I move to accept the minutes of the committee meeting of 2nd of November 2023."

   3. Discuss minutes from AGM 11. November 2023

4. Elephant

   1. Propositions from 23. November 2023

   2. Further discussion

5. Business

   Acceptance of new business items no later than 48 hours before the start of the committee meeting!

   1. Infrastructure: Issues, intrventions (Dirk), rest do be skipt

      1. Critical/Hardware (Dirk): Signer and WebDB not reachable for now. Details see this blog post https://blog.cacert.org/2023/10/partially-restricted-operation-most-services-available/ (based on information given by JanDD in german)

      2. Signer - There are known issues with the signer. Some which need to be fixed and some that should not be fixed, as they aren't in line with how certificates should be used today (processes which have been incorrect for many years). Unfortunately, there are some old rules in CAcert documentation, specifically in the CPS, which seem to prohibit the necessary changes and improvements to the certificate creation and signing process. This means that the CPS, and perhaps other documentation needs to be rewritten, and some will require acceptance of the Policy group. A new version of documents need to be created and proposed, and when they are accepted, the necessary work on more correct processes can begin. A first draft has been created, and shared among Board and a few other active members.

         1. Start thinking about planning when to do things about new roots, so we are prepared several years in advance, as no certs should have a end-date after any root certificates. Also take a look at the old Escrow article. https://wiki.cacert.org/Roots/EscrowAndRecovery

      3. How is it going with implementing LetsEncrypt certificates on public facing services, instead of keeping them behind CAcert's "unknown" certificates?

   2. Finance team (Michael)

      1. Finance year 2022/23 ended on 30-06-2023. Finance Report: ready for the AGM (Michael)
      2. New ERP: Info: State of affairs (Frédéric D)

         1. If progress is not as expected: What is needed for the project to be completed successfully? Who from the board can support?

      3. Cause CAcert Inc. vs. PayPal Pte. Ltd. (Frédéric G./Etienne) (ClawbackAction)

   3. Education

      1. Discussion texts (board private)

   4. Mission & Future

      1. ??? Information about Wednesday conferences https://nextcloud.cacert.org/s/fnPyjC4X2MHbYBK

         1. ??? Do we need to change communication platform for the Wednesday meetings? Or are we happy with Jitsi, and regarding September as just unusually glitchy?

   5. OpenID Connect (Brian/Frédéric D)

      1. State of affairs openID project

      2. Report for RIPE: Report has been sent by the secretary. --> Has an update to be sent?

      3. Documentation (who?)

      4. Payment (1 done; 1 on hold, waiting for IBAN)

      5. PR (on hold: only if documentation is done)

         1. If progress is not as expected: What is needed for the project to be completed successfully? Who from the board can support?

   6. Remote Assurance (Brian)

      1. Creation of remote assurance sub committee (RASC) on the hold until Eva is available for the policy. Secretary got in touch wiht Eva on Oct. 12.

      2. If progress is not as expected: Should someone get in touch with Eva after FrOScon? Who?

   7. OrgAssurance

      1. Secretary got in touch with 10 Org Assurers. Goal 1: Reactivate training and supervision of candidates. Goal 2: maybe find a OrgA Of. To be continued in September.

   8. Background Check
      1. done

         1. BGC for Gero: Interview happened (by Ted&Etienne), committee is waiting for the report (has to be sent by Gero).

      2. pipeline

         1. BGC for Brian: who (no board member in BGC team! (Egal/JanDD) Brian has to re-contact the two checkers at 01 sept 2023.

         2. BGC for Peter is initiated. (date searching; Interview by Ted&Egal)

         3. BGC for Matthias are initiated. (date searching started in August 2022)

         4. BGC for Sascha are initiated. (language: en or de)

   9. Any other business (board members forgot to ask the secretary to put it on the agenda)
   10. Telegram - do we need to change the communication channel to something else, to get all Board members to, at least, read the communication there, but preferably also participate?
   11. What's coming next? ???
6. Question Time

   Questions from CAcert.org community members can be added until beginning of committee meeting! As well questions can be asked at "Question Time", without added question here.

   1. "Users Requests, summarized." added by Aleš a) need for a distant assurance (no assurers, no TTP possibility in their country); b) need for the write access to our Wiki.

   2. "Question One." added by Your Name Comment: Replace "Question One" by your Question and add your name

      • ..

1. Closing

1. Propose a date of the next Committee Meeting: 7. Dec 2023 19:00 UTC
2. Agree on the following meeting dates: 4. Jan, 1. Feb, 7. March 2024, 19:00 UTC; 4. April, 2. May, 6. June, 4. July 2024 18:00 UTC (keep date free, can be changed if necessary)

1. To remember: Goals 2021/2022 (propositions by board 2020/2021) - Each goal needs a responsible person on the board who keeps an eye on it and reports regularly, keeps in touch with the responsible people. obsolete / started / waiting for available time

   • push OrgA (Guy)
   • expand PR (Alex cannot do this, wants to hand over)

   • delivering the OpenID Connect integration, for which CAcert is funded by the RIPE NCC.

   • expand background check

   • remote assurance, if accepted by the community;

   • simplify the certificate creation (this enables the start of various projects from the pipeline)
   • software development and testing
   • New CSR software

   • support SecureU (find an active board member for them in Germany)

2. Not to forget: Staffing the teams
   1. Applicants to the Infrastructure team
   2. Applicants to the Development team
   3. Applicant to the Critical team

1. Access to local systems for board members

1. Tasks assigned to Board Members and others

1. Software Team

   1. Issue 1502: Adapt the UI at CAcert.org to deal with the "keygen" feature having been removed in browsers

   2. Issue 1482: Limit validity period of new HTTPS certificates to one year

   3. Issue 1444: PHP - Brian

   4. Issue 1417: Keygen / new CSR software - Bernhard

2. Organisation Assurance
   1. How to relance OrgA? (Guy)
3. Grant applications

   1. Protopype Fund https://prototypefund.de/en/ (mail to SW Board only)

      1. The Prototype Fund is a project of the Open Knowledge Foundation Germany, funded by the Federal Ministry of Education and Research (BMBF). This is for residents of Germany only. We could create a group of people that work on a project for CAcert (with all support of the others in the background). It runs for two more years, every 6 month.
      2. Infra does not see any acute need at the moment, and does not have the capacity to provide qualified support.
      3. There are some ideas for software, but in infra's view there is still a lot of conceptual and preparatory work missing. What Infra could imagine is financing people to carry out a requirements analysis and write a requirements and test specification. This could then be used as a basis for a new implementation of the CAcert software (WebDB, Signer and perhaps other things like CATS). But these are just a few ideas of JanDD and he cannot currently recommend any people who would be suitable for this. Potential candidates would have to deal intensively with the existing software on the one hand and with the underlying policies on the other, and would have to identify a lot of missing information, ask for it and make assumptions for discussion. This requires very good analytical and communication skills and a high level of stamina.

1. Blockchain

   1. see here: https://wiki.cacert.org/Brain/CAcertInc/Committee/MeetingAgendasAndMinutes/2018-03-01/ideas#Blockchain (waiting for answer from IanG)

Minutes Committee meeting - 2023-12-07

Participants

Members of the Committee:

Present, by alphabetical order

Aleš Kastner

Brian McCullough

Étienne Ruedin

Frédéric Dumas

Frédéric Grither

Kim Nilsson

Absent or silent, by alphabetical order

none

Members of the CAcert community and other guests

Having been active during the meeting, by alphabetical order

none

1 Opening (first part)

From November 2023 to March 2024 inclusive, committee meetings will be held at 19:00 UTC.

Chair Brian opens the meeting at 19:30 UTC.

Frederic invites everyone to join the livepad on Nextcloud for collaborative note-taking of our minutes. Kim volunteered to write up the minutes of the meeting with anyone who wanted to take part on the notepad.

2 Constitution

Discussion and propositions on who can act as which role.

Etienne proposed Brian continue as President. Brian proposed FrédéricD (FD) who gracefully denied. Brian proposes FrédéricG (FG) for Treasurer. FG is interested, but hopes for support from the rest of the board. FG tells about CAcert's messy (financial) history and lack of proper accounting software. FD and FG will investigate choice of best software for Treasurer. Brian proposes Kim as VP, which Kim is OK with. Brian also suggests Etienne continues as Secretary, who is ready for that. Brian also accepts continuing as President. FD asks Brian to explain an accusation that had been made of FD's conduct. Both Brian and Michael had dismissed it as not serious and irrelevant. Brian forwards the incoming email and FD's response to the rest of the board.

Vote

Brian moved that the nominations proposed in the previous discussion be accepted. The motion was seconded by Kim

Result of the vote:

• Aye: 6
• Naye: 0
• Abstain: 0

The following appointments were approved unanimously:

President - Brian McCullough

Vice president - Kim Nilsson

Treasurer - Frédéric Grither

Secretary - Étienne Ruedin

Board members - Aleš Kastner, Frédéric Dumas

3 Elephant - and related discussion.

FD explains that one primary organisational change which is necessary is that when change or improvements are necessary, that they are implemented as soon as possible, and not allow them to be postponed or delayed forever and perhaps even lost forever.

FD - Strong leadership ("Dictatorship" in the sense it had in antiquity; all power was temporarily handed over to someone capable of guiding society through moments of existential crisis) is needed to force things forward. Sometimes people don't have time to give to CAcert, and then monetary indemnification may be necessary, to make sure it happens and isn't prioritised for lack of time/reward.

Brian - Pushing change that may affect thousands is hard without proper QA first, and CAcert is sorely lacking testers.

FD - The only way "forward" is either to stop, completely, ending, abandoning CAcert, or ignoring some of the restrictions to make real change.

Aleš - Some of the processes carried out by CAcert are very sensitive, and it would be better to identify and treat the least sensitive of them separately and apply strong leadership to them.

Kim - Kim sees the update of the Certification Practice Statement in a much less restrictive way as one of the responses to the need to reform the way CAcert operates.

Etienne - Suggests we try to pair up in review teams, so there is always two reviewers (often a requirement) which will allow Software/Critical team to implement suggested changes.

Kim - Ignoring the rules may be necessary to make sure CAcert stays afloat/running.

FD - Frédéric explains that we need to change our behaviour before we change our internal rules. This is what Philip Dunkel reminded us: faced with a critical situation, we can take decisions that go against our rules, make those decisions public, and as long as we are not challenged before the Arbitration Board, we behave in the right way.

Aleš - I propose the essential is to keep private keys safe, user accounts safe, and have a rigid rule only how to generate certs, from what data, what patterns and so on...

Brian - It's not possible to ignore all rules, as our technical team relies on them, and we risk alienating/lose them. You would like us to ask our technical teams to work to less restrictive standards before the corresponding rules are amended. If we were to move in that direction, I would not be the right person to implement it, and would have to resign as President.

It was then necessary for Brian to leave the meeting and return to his day job.

Here we decided to go back to complete some parts of the formal agenda so as to not forget them.

FD - The critical malfunction to which the infrastructure has been subjected for the past two months is perhaps an opportunity, the pretext we needed to abandon the old service for issuing certificates for TLS, email and code signing. We could write off all of CAcert's technology debt, and relaunch a new application dedicated solely to OpenID, with other policies, CPS. Perhaps the CACert name is currently the only real asset.

Etienne - CAcert board exists only to do what the CACert community wants, so to change this, we would have to get acceptance from the community to drop features (server, S/MIME & coding certs), not so much for pushing forward with new ideas (OpenID).

4 Formal matters (opening second part)

No urgent messages in the discussion lists that require immediate discussion.

Minutes

The minutes of the meeting held on 2 November are submitted to the members of the committee for approval:

Result of the vote:

• Aye: 4
• Naye: 0
• Abstain: 1

The minutes of the 2 Nov meeting are accepted.

The minutes of the meeting held on 23 November are submitted to the members of the committee for approval:

Result of the vote:

• Aye: 4
• Naye: 0
• Abstain: 1

The minutes of the 23 Nov meeting are accepted.

5 Infrastructure

Étienne reports that Dirk and Michaela have not yet decided when they will return to the Ede datacentre.

Question Time

No further questions were raised.

Closing

Chair / Kim closes the meeting at 20:30 UTC.

Date of the next meeting

Following the tradition or the first Thursday of the month, the next meeting will be held on Thursday January 4, 2024 at 19:00 UTC

Motions

• https://motion.cacert.org/motions/m20231207.1 (Constitution)

• https://motion.cacert.org/motions/m20231207.2 (Minutes November meeting)

• https://motion.cacert.org/motions/m20231207.3 (Minutes Elephant meeting)

Actions

• CategoryBoardMinutes