Preamble

Background

CAcert uses roots as described at Structure of Roots and many other places. Because the existing roots have been deemed to be Audit Fail, we have to create new ones that are capable of passing a future audit. Also, this project has taken on more urgency because of the deprecation of MD5 and the general weakening of the roots over time.

Authority

The Board authorises creation of roots and subroots from time to time. The procedures are authorised under DRAFT Security Policy and are indexed into the Security Manual. Also see the wip DRAFT.

Process

Discussion on the project is at cacert-policy maillist. You can subscribe here and read the archives.

This wiki page is freely editable. Add tasks where needed. Add questions if needed.

Tasks

Unresolved Issues / Documentation Task List

These need to be addressed with written procedures:

Questions

Planning

  1. Verify new roots are technical designed right
  2. Verify governance framework (CPS, SP, SM) are good
  3. Develop software changes
  4. Plan deployment

Historical

Timeline

Most recent at top.

References