Background

CAcert uses roots as described at Structure of Roots and many other places. Because the existing roots have been deemed to be Audit Fail here, we have to create new ones.

Work List

This then means we need these things:

  1. technical organisation of roots:
  2. ceremony for creation of root (s)
  3. storage securely on signing server
  4. escrow root securely for disaster recovery
  5. finally, when all is good, start the rollout procedure

Note that as we decide on the way to do this, the process should be transferred to the wip CPS and the wip Security Manual. These pages are the works-in-progress of the New Roots Task Force.

Proposals

Root cert chain testing

Please have a look on Roots/TestNewRootCerts to help testing the new model of root certificates.

Teams

The following teams:

Root Key Task Force

software configuration and scripting

Guillaume Rogmany

Teus Hagen

Security Evaluation

Philipp Gühring

Crytical Systems

system admnin

Wytze van der Raay

Mendel Mobach

Oophaga

servers and physical security

Rudi van Drunen

Rudi Engelbertink

Hans Verbeek

Auditor

Ian Grigg

Press & PR

press contacts and news

Henrik Heigl

Maurice Kellenaers

Planning

Root Key Task Force is CAcert Sub-Committee installed by board motion m20081008.1 see Board decision list 2008. Task Force has the following members: Guillaume Rogmany, Teus Hagen, auditor (Ian Grigg) and advisory (Philipp Gühring).

Date and Location

The Root Key Generation (One Root Key and 2 sub-rootkeys) has been scheduled on 27th and 28th of November in Holland.

day

tasks

location

people

Wed 26 Nov

travel

to Venlo

Root Key Task Force

Thu 27 Nov

travel

to Venlo

Auditor

afternoon

script testing

Grubbenvorst

Task Force, Auditor, Sec Evaluation

Fri 28 Nov

Key generation

Echteld

Task Force, Auditor, Crit-team

afternoon

Key installation

Ede

Crit-team, Auditor, Oophaga

Sat 29 Nov

reserved

Echteld, Tiel

Crit-team, Oophaga

afternoon

travel home

Task Force, Auditor

Budgets

expense type

description

budget

'allocated

Euro

accomodation

2 persons * 3 night * 125

750

250

travel

train / car

650

250

party

5 persons

400

unforeseen

300

total

1100

hotel

Grubbenvorst Guiilaume and Ian at teus home address.

Tiel Hotel Friday night: Guillaume and Ian.

work location

Thursday: Grubbenvorst (teus/home)

Friday: at Mobach Systems in Echteld.

Friday afternoon key installation at BIT in Ede (see webcam BIT).