This is a draft proposing a split in CAcert structure and management.
The organisation would be divided in 3 parts :
- a CA-tool core team
a quality & audit team
- a CA production team
The CA-tool core team
It would be a separate entity from CAcert. The goal is to provide a core software for a community-CA. The software would be released as LGPL. So, several "open"-CA projects could use the core software. Some specific back-ends could be implemented by the specific CA by their dedicated team.We could call it "communityCA.org"
The quality & audit team
In charge of 2 areas :
control & approve software quality provided by communityCA
making a generic CPS & rules for community based CA in order to pass a webtrust audit
Let's make it "security-CA" consulting. It can provide consulting for other projects & incorporated as a profit organisation.
The CA production team
It's the end CA. So, CAcert could be defined in this section. In charge of :
defining specific certificate usage & updating the generic CPS
- programming specific parts of the CA software according to the CPS
- configuring the core CA-tools
- maintaining all the CA infrastructure