Preamble

Background

CAcert uses roots as described at Structure of Roots and many other places. Because the existing roots have been deemed to be Audit Fail, we have to create new ones that are capable of passing a future audit. Also, this project has taken on more urgency because of the deprecation of MD5 and the general weakening of the roots over time.

Authority

The Board authorises creation of roots and subroots from time to time. The procedures are authorised under DRAFT Security Policy and are indexed into the Security Manual. Also see the wip DRAFT.

Process

Discussion on the project is at cacert-root maillist. You can subscribe here and read the archives.

This wiki page is freely editable. Add tasks where needed. Add questions if needed.

Tasks

Unresolved Issues / Documentation Task List

These need to be addressed with written procedures:

Questions

Planning

  1. Verify new roots are technical designed right
  2. Verify governance framework (CPS, SP, SM) are good
  3. Develop software changes
  4. Plan deployment

Historical

Timeline

Most recent at top.

Team 2008 "May Plan"

Root Key Task Force of 2008 was a CAcert Sub-Committee installed by board motion m20081008.1 see Board decision list 2008. Task Force had the following members: Guillaume Rogmany, Teus Hagen and advisor (Philipp Gühring). Audit was observer (Iang).

The following teams:

Root Key Task Force subteams

Member

Notes

software configuration and scripting

Guillaume Rogmany

in charge

Teus Hagen

assisted

Security Evaluation

Philipp Gühring

remote

Critical Systems

system admins

Wytze van der Raay

in charge

Mendel Mobach

assisted

Oophaga

servers and physical security

Rudi Engelbertink

in charge

Rudi van Drunen

Hans Verbeek

Audit

Iang

observer

Press & PR

press contacts and news

Maurice Kellenaers

in charge

Henrik Heigl

References

Roots/Library lists the deeper references: policies and old decisions:


CategoryAudit