Background
CAcert uses roots as described at Structure of Roots and many other places. Because the existing roots have been deemed to be Audit Fail here, we have to create new ones.
Work List
This then means we need these things:
- technical organisation of roots:
Roots/Structure describes the hierarchy and relationship between the roots
Roots/Contents describes the internal fields in each Roots.
- ceremony for creation of root (s)
Roots/CreationCeremony is open as a place to develop this need
Roots/TechScript is where the geeky arcania can be collected
- storage securely on signing server
- escrow root securely for disaster recovery
Roots/EscrowAndRecovery is open for jotting notes...
- finally, when all is good, start the rollout procedure
Roots/RolloutProcedure is open for jotting notes...
Note that as we decide on the way to do this, the process should be transferred to the wip CPS and the wip Security Manual. These pages are the works-in-progress of the New Roots Task Force.
Proposals
- Creation an offine root to be stored securely (eg board controlled safety deposit box)
- Creation of sub-roots for different CAcert functions:
- Web of Trust (eg CAP)
- Remote Assurance (eg RAP)
- Organisation Assurance (eg OAP)
Creation of sub-roots for assured organisations (from which they can issue certificates)
Root cert chain testing
Please have a look on Roots/TestNewRootCerts to help testing the new model of root certificates.
Teams
The following teams:
Root Key Task Force |
software configuration and scripting |
|
Guillaume Rogmany |
|
Teus Hagen |
Security Evaluation |
Philipp Gühring |
Crytical Systems |
system admnin |
|
Wytze van der Raay |
|
Mendel Mobach |
Oophaga |
servers and physical security |
|
Rudi van Drunen |
|
Rudi Engelbertink |
|
Hans Verbeek |
Auditor |
Ian Grigg |
Press & PR |
press contacts and news |
|
Henrik Heigl |
|
Maurice Kellenaers |
Planning
Root Key Task Force is CAcert Sub-Committee installed by board motion m20081008.1 see Board decision list 2008. Task Force has the following members: Guillaume Rogmany, Teus Hagen, auditor (Ian Grigg) and advisory (Philipp Gühring).
Date and Location
The Root Key Generation (One Root Key and 2 sub-rootkeys) has been scheduled on 27th and 28th of November in Holland.
day |
tasks |
location |
people |
Wed 26 Nov |
travel |
to Venlo |
Root Key Task Force |
Thu 27 Nov |
travel |
to Venlo |
Auditor |
afternoon |
script testing |
Grubbenvorst |
Task Force, Auditor, Sec Evaluation |
Fri 28 Nov |
Key generation |
Echteld |
Task Force, Auditor, Crit-team |
afternoon |
Key installation |
Ede |
Crit-team, Auditor, Oophaga |
Sat 29 Nov |
reserved |
Echteld, Tiel |
Crit-team, Oophaga |
afternoon |
travel home |
|
Task Force, Auditor |
Budgets
expense type |
description |
budget |
'allocated |
Euro |
accomodation |
2 persons * 3 night * 125 |
750 |
250 |
|
travel |
train / car |
650 |
250 |
|
party |
5 persons |
400 |
|
|
unforeseen |
|
300 |
|
|
total |
|
1100 |
|
|
hotel
Grubbenvorst Guiilaume and Ian at teus home address.
Tiel Hotel Friday night: Guillaume and Ian.
work location
Thursday: Grubbenvorst (teus/home)
Friday: at Mobach Systems in Echteld.
Friday afternoon key installation at BIT in Ede (see webcam BIT).