• Brain
• CAcertInc
• Committee
• MeetingAgendasAndMinutes
• 2024-01-04

• To Brain CAcert Inc. - CAcert.org Members Association - General Meetings - To Brain CAcert Inc. Committee Meeting Agendas & Minutes - Board's Project Overview - Current Action Items - last meeting - next meeting

Committee Meeting 2024-01-04 19:00 UTC

The meeting will take place at 19:00 UTC at https://meet.jit.si/cacert If you do not have audio channel, you may try in the IRC channel #board-meeting on the CAcert IRC network.

Feel free to add a business item within the acceptance period of 48 hours or your question to the board below. Non-committee members: the committee may choose to convert any business proposed as a question in the questions section.

Agenda

Signs that appear in the agenda
Formulated motion on your topic. It will be put to the vote. Adjustments may be made before the vote. A motion must be submitted for resolutions!
Information for your attention. Does not need to be explained or discussed at the meeting. Purpose: Everyone is up to date. (max. 10 seconds) Discussion topic with or with no decision.

1. Preliminaries one
   1. Chair opens the Committee Meeting
   2. Who is making minutes?

   3. Chair asks whether cacert-board-private or cacert-board maillist includes any items that need to be disclosed to Members.

   4. Accept minutes from 7. December 2023 "I move to accept the minutes of the committee meeting of 7th of December 2023."

2. Elephant

   1. Further discussion

3. Business

   1. Focus 2024
      - Finishing ongoing tasks in groups
      - Strengthening cooperation

   2. Setting priorities for the first part of the year (discussion, decision)

      1. OpenID, Elephant, ERP
      2. Big Mail, Paypal, Backgroundcheck

      3. OrgaA, Tax exemption
         
         Following the priorities, some of the following topics have to be moved back in time. They will be picked up a soon as another has been completed:

   3. OpenID
      issue: alpha or beta version available
      who: Brian, +?
      what help needed:
      next step:

   4. ERP
      issue: install, following plan
      who: ?, +?
      what help needed:
      next step:

   5. Big Mail
      issue: review and sending
      who: Etienne, Dirk
      what help needed: none
      next step: review

   6. Elephant (Mission & Future)
      issue: keep in mind; organisational improvements
      who: ?, +?
      what help needed:
      next step:

   7. OrgA
      issue: reactivate and create group
      who: ?, +?
      what help needed:
      next step:

   8. Paypal
      issue: get the money (when, the 180 days are over?) (ClawbackAction)
      who: Frédéric G, Etienne, +?
      what help needed:
      next step:

   9. Class 1 / Class 3
      issue: singer issues: repair or change the policy
      who: ?, +?
      what help needed:
      next step:
      There are known issues with the signer. Some which need to be fixed and some that should not be fixed, as they aren't in line with how certificates should be used today (processes which have been incorrect for many years). Unfortunately, there are some old rules in CAcert documentation, specifically in the CPS, which seem to prohibit the necessary changes and improvements to the certificate creation and signing process. This means that the CPS, and perhaps other documentation needs to be rewritten, and some will require acceptance of the Policy group. A new version of documents need to be created and proposed, and when they are accepted, the necessary work on more correct processes can begin. A first draft has been created, and shared among Board and a few other active members.

   10. Infrastructure: Issues, interventions (Dirk), rest do be skipt

       1. Start thinking about planning when to do things about new roots, so we are prepared several years in advance, as no certs should have a end-date after any root certificates. Also take a look at the old Escrow article. https://wiki.cacert.org/Roots/EscrowAndRecovery

       1. How is it going with implementing LetsEncrypt certificates on public facing services, instead of keeping them behind CAcert's "unknown" certificates?

   11. Dissolution of CACert Inc (Association), (by FG)<<BR>Reasons in favour: ...
       Reasons against: Community agreement, ...

   12. Education

       1. Discussion texts (board private)

4. on hold (for later this year)

   1. Remote Assurance (Brian)

      1. Creation of remote assurance sub committee (RASC) on the hold until Eva is available for the policy. Secretary got in touch with Eva on Oct. 12.
         "Users Requests, summarized." added by Aleš a) need for a distant assurance (no assurers, no TTP possibility in their country); b) need for the write access to our Wiki.

   2. Background Check
      1. done

         1. BGC for Gero: Interview happened (by Ted&Etienne), committee is waiting for the report (has to be sent by Gero).

      2. pipeline

         1. BGC for Brian: who (no board member in BGC team! (Egal/JanDD) Brian has to re-contact the two checkers at 01 sept 2023.

         2. BGC for Peter is initiated. (date searching; Interview by Ted&Egal)

         3. BGC for Matthias are initiated. (date searching started in August 2022)

         4. BGC for Sascha are initiated. (language: en or de)

   3. Any other business (board members forgot to ask the secretary to put it on the agenda)
   4. What's coming next? ???
5. Question Time

   Questions from CAcert.org community members can be added until beginning of committee meeting! As well questions can be asked at "Question Time", without added question here.

   1. Would it be possible to make an Interim Measure? I have prepared the text of proposals. added by Aleš Kastner

   2. "Question One." added by Your Name Comment: Replace "Question One" by your Question and add your name

1. Closing

1. Propose a date of the next Committee Meeting: 1. Feb 2024 19:00 UTC
2. Agree on the following meeting dates: 1. Feb, 7. March 2024, 19:00 UTC; 4. April, 2. May, 6. June, 4. July 2024 18:00 UTC (keep date free, can be changed if necessary)

1. To remember: Goals 2021/2022 (propositions by board 2020/2021) - Each goal needs a responsible person on the board who keeps an eye on it and reports regularly, keeps in touch with the responsible people. obsolete / started / waiting for available time

   • push OrgA (Guy)
   • expand PR (Alex cannot do this, wants to hand over)

   • delivering the OpenID Connect integration, for which CAcert is funded by the RIPE NCC.

   • expand background check

   • remote assurance, if accepted by the community;

   • simplify the certificate creation (this enables the start of various projects from the pipeline)
   • software development and testing
   • New CSR software

   • support SecureU (find an active board member for them in Germany)

2. Not to forget: Staffing the teams
   1. Applicants to the Infrastructure team
   2. Applicants to the Development team
   3. Applicant to the Critical team

1. Access to local systems for board members

1. Tasks assigned to Board Members and others

1. Software Team

   1. Issue 1502: Adapt the UI at CAcert.org to deal with the "keygen" feature having been removed in browsers (Some of this will be met with 1551 )

   2. Issue 1482: Limit validity period of new HTTPS certificates to one year

   3. Issue 1444: PHP - Brian

   4. Issue 1417: Keygen / new CSR software - Bernhard

2. Organisation Assurance
   1. How to relance OrgA? (Guy)
3. Grant applications

   1. Protopype Fund https://prototypefund.de/en/ (mail to SW Board only)

      1. The Prototype Fund is a project of the Open Knowledge Foundation Germany, funded by the Federal Ministry of Education and Research (BMBF). This is for residents of Germany only. We could create a group of people that work on a project for CAcert (with all support of the others in the background). It runs for two more years, every 6 month.
      2. Infra does not see any acute need at the moment, and does not have the capacity to provide qualified support.
      3. There are some ideas for software, but in infra's view there is still a lot of conceptual and preparatory work missing. What Infra could imagine is financing people to carry out a requirements analysis and write a requirements and test specification. This could then be used as a basis for a new implementation of the CAcert software (WebDB, Signer and perhaps other things like CATS). But these are just a few ideas of JanDD and he cannot currently recommend any people who would be suitable for this. Potential candidates would have to deal intensively with the existing software on the one hand and with the underlying policies on the other, and would have to identify a lot of missing information, ask for it and make assumptions for discussion. This requires very good analytical and communication skills and a high level of stamina.

1. Blockchain

   1. see here: https://wiki.cacert.org/Brain/CAcertInc/Committee/MeetingAgendasAndMinutes/2018-03-01/ideas#Blockchain (waiting for answer from IanG)

Minutes Committee meeting - 2024-01-04

Participants

Members of the Committee:

Present, by alphabetical order

Aleš Kastner

Brian McCullough - President

Étienne Ruedin - Secretary

Frédéric Dumas

Frédéric Grither - Treasurer

Absent or silent, by alphabetical order

Kim Nilsson - Vice president

Members of the CAcert community and other guests

Having been active during the meeting, by alphabetical order

Dirk Astrath

1 Opening

From November 2023 to March 2024 inclusive, committee meetings will be held at 19:00 UTC.

Chair Brian opens the meeting at 19:15 UTC, then left at 19:22 UTC for work reasons.

Frederic Dumas invites everyone to join the livepad on Nextcloud for collaborative note-taking of our minutes.

The minutes of the meeting held on 7 December are submitted to the members of the committee for approval. Étienne moves to accept the minutes. Frédéric G. seconded the motion.

Result of the vote:

• Aye: 4
  Naye: 0
  Abstain: 0

The minutes of the 7th of December meeting are accepted.

2 Elephant in the room

Frédéric D. - Short summary of what got explained in December.

Frédéric G. - What do we refer to as the "elephant in the room"? It seems that two incompatible conceptions coexist under the same umbrella name: do we want (1) to arbitrate between continuing or stopping CAcert's activity, or (2) to arbitrate between continuing to work as before or adopting new operating methods?

Dirk - We can bend the rules, but we can't ignore them and break them.

Frédéric D. - If we want our collaborative work to produce results, we need to adopt new collaborative behaviours, before changing our policies.

Aleš - Proposes the following interim measures:

All certificates issued be signed by Class 3 Root.

Further differentiate according to the number of user APs:

• (a) up to 49 APs - valid for 6 months (Dirk proposes 3 months)
  aa - client: no name (CAcert WoT user)
  ab - server with no further restrictions
  
  (b) 50 to 99 APs - valid for 1 year
  ba - client: name can be given
  bb - server without restrictions
  
  (c) 100+ AP - valid for 2 years (Dirk recalls that validity is one year according to cabforum guidelines)
  ca - the assurer can request to sign documents and software with a client cert.
  
  PGP - as before? And why don't they save to the servers ?
  
  Cert. for organizations - probably never even been signed by Class 1 Root.

3 Priorities for 2024

Étienne - Open topics are: OpenID ; Elephant in the room ; ERPNext ; Big Mail ; Paypal ; Background Check ; Organisation Insurance ; Tax exemption formal status.

Dirk - CAcert has lost its users of client certificates for the web. This activity is no longer useful.

Étienne - CAcert's highest intangible value is its ability to build a web of trust.

Frédéric D. - We should abandon the production of client certificates for the web and for email, as we will never be able to gain universal acceptance for our root certificates. Does drop these services would mean dropping the web application too, without having to pay for the accumulated technological debt (which would help us) ?

Dirk - With OpenID, user authentication would still be based on CAcert client certificates, while the dialogue with websites requesting user identification could be based on Let's Encrypt certificates. Integrating OpenID with CAcert does not encounter the same problem of universal non-acceptance of CAcert root certificates.

Étienne & Frédéric G., Dirk, Frédéric D. - NextERP could be used as a Software as a Service, but that would mean outsourcing our contact database and finances to servers other than our own and spend fixed costs, which we didn't want to do. In the short term, Frédéric G. will investigate to find some software that suits his accounting and memberships management needs and propose to the board.

Dirk - Discussion on the renewal of our Class root certificate, valid until 2033.

Frédéric G. & Frédéric D. - Above this list of possible priorities, there remains a big question mark: should CAcert continue, or should it decide to dissolve, if we come to the conclusion that we are unable to carry out our operations? The question has been hanging in the air for years, and has come to a head in the last two or three months. Frédéric Grither now insists to call for a vote in February and get a strong answer if we are not to be left without a decision from one month to the next.

4 Other topics

Étienne & Dirk - Discussion on how users will be informed of the additional unavailability of the existing CAcert service for a few days. Dirk is in charge of writing the post on the blog, and Étienne is offering to produce versions in other languages.

Question Time

No further questions were raised.

Closing

Chair Étienne closes the meeting at 21:35 UTC.

Date of the next meeting

Following the tradition or the first Thursday of the month, the next meeting will be held on Thursday February 1st, 2024 at 19:00 UTC

Motions

• https://motion.cacert.org/motions/m20231207.1 (Constitution)

• https://motion.cacert.org/motions/m20231207.2 (Minutes November meeting)

• https://motion.cacert.org/motions/m20231207.3 (Minutes Elephant meeting)

Actions

• CategoryBoardMinutes