To Software Software - To Software-Assessment - Software/Assessment - To previous meeting - To next meeting
Minutes of the MiniTOP on the 2011-03-22
Setting
The MiniTOP will be held via telco 22:00 CET
Attendees: Dirk, Magu, Michael, Uli, Ted
Action items from last meeting
- Dirk: translingo cacert upload.pl bug #913
- Dirk: regular Thawte patches, still open
- 15.php - add assurers state at bottom of page
- Michael: TMS function (Assurances)
- Michael: Hosting providers: to contact Martin Ga regarding questions about VMs on vienna hosting
- Michael: add SA's to Admin in bugs for customizing, mail to Philipp, Andreas, Mario
Dirk: strategy for: "Certificates Class3" problem and "New Roots & Escrow"
- contact root cert group
- Michael: CI (low priority)
Topics
- State Testserver Update
- strategy plans ...
strategy for: "Certificates Class3" problem and "New Roots & Escrow"
- see action items
Overview Projects Board (wiki:OverviewProjectsBoard) topics for SA (Update)
- Signer deployment (Andreas/Markus) (Update)
- Automated testing system (Andreas, Magu, MSchiffer) (Update)
Arbitration case a20110312.1
- next meeting: Tuesday, March 29, 2011 22:00
Minutes
- Action items from last meeting
- Michael: TMS function (Assurances), still open
- Michael: Hosting providers: to contact Martin Ga regarding questions about VMs on vienna hosting, still open
- Michael: add SA's to Admin in bugs for customizing, mail to Philipp, Andreas, Mario, still open
- Michael: CI (low priority), still open
- strategy plans ...
strategy for: "Certificates Class3" problem and "New Roots & Escrow"
- Multimember Escrow system proposal by Mario: HR problem, CRL signing problem
Overview Projects Board (wiki:OverviewProjectsBoard) topics for SA (Update)
- WIP
- Dirk, Ted: translingo cacert upload.pl bug #913, still open
- Dirk: regular Thawte patches, still open
- 15.php - add assurers state at bottom of page, still open
- Special Case: in production system user with 120 pts: 60 + 30 + 30 F2F (!!)
- Michael to add sql injection onto special testuser
Dirk: strategy for: "Certificates Class3" problem and "New Roots & Escrow"
- class3 prob: signing server receives identifier for which cert certs to issue
- Michael: webdb is the problem, to correct on several code snippests
- "New Roots" makes no sense with Software not Audit Ready
- proposal: one event: old "new" clase3 (A), create new root (B), new class3 (C), (A) to apply first
- Software and "Audit Ready" topic
- software needs documented
- each step has to be traceable
eg. logical deletions -> delete mark, but content shouldn't be deleted
assurances -> deletable by support or by administrative increases
- temporary administrative increases
- admin for organisation assurerance
- delete account function from support console
- may be more
- full code review
- in the past this leads to Software Camp Innsbruck - Software is not auditable
- we have procedures for updates, but new critical bugs needs to be fixed
- also Policy related fixes
- critical mass of developers
- policy conformity
- fix major bugs
Arbitration case a20110312.1 "Weak keys"
- Weak keys ... check databases, revoke keys and so on
- search keys from database script
- testservers: all software assessors should have console access onto all related servers (cacert1, git)
- ted has access to test1.cacert.at
- in database is filename of pem encoded cert file
- in database there is some info, but not valueable
- rsa key lengths vs. dsa key lengths, first check rsa keys
- tests finished, needs coding, and running
- generate emails based on the exec results
- Michael: don't accept weak csr's
- Ted: 4 procedures to check: user client cert, user server cert, org client cert, org server cert
- Michael: account.php 23 matches regarding openssl, -7 text matches
- Michael: api - running a script with parameters /www/api
- web api (SOA)
- Ted: relevant positions to find - transfer to signer
- Michael: its to late, to send user responses
- proposed fix till end of week, review upcoming monday
- revocation of too small keys, info to board
- next meeting: Tuesday, March 29, 2011 22:00
- Ted: pushed a branch to git: translingo cacert upload.pl bug #913
- Signer deployment (Andreas/Markus), Michael will contact Andreas
- meeting closed [0:45]
Action items: Meeting Action Items
Software/Assessment/ActionItems
Marcus
cap.php review different languages, from meeting 2012-04-24, contact translators
uli
Experience points for ATE attendance
check board motions and/or trigger if not yet passed
uli
Infrastructure separation, to contact secure-u (Frank, Mario, Ted, Sebastian) for discussion, prepare a plan, started 2011-12-18
current state: see Funding Landing Page All
1. next: strategy for "New Roots & Escrow" - using indirect crl's ?
indirect CRL: RFC 5280 http://tools.ietf.org/html/rfc5280 (chapter 5) - test deployment dirk, Michael
3. next: strategy for "New Roots & Escrow" - how does debian work?
to contact, deferred to next events (?)
Uli, Michael
Documentation Bugs.cacert.org Review, documentation I (bugs handbook) svg files to convert to jpg or png
Development, Deployment, Discussion
dirk Brian
DEV: bug#918 (Part II) (a20110312.1) Weak keys: /pages/account/.. 4.php, 17.php to combine ? (/includes/keygen.php)
new bug#964
current state: test /account/4.php added to testserver
Marcus will do detailed tests on Wed
some references added to bug#964 done.
proposal patch from Brian rcvd OAO, Ted
bug #943 change OA admin/assurer text
needs 2nd test -> Fabian, Marc, Alex?
/ needs 2nd review -> Ted, rejected 
uli, Ted
bug #824 Org User cert fix Case study
Organisation User Certificates: Need UI improvement for proper production usage
uli
bug #988 TTP cap form deployment Case study
sneak preview
for local testserver deployment only uli, ted
bug #823 email address removal fix
No warning when removing e-mail address from account that certificates will be revoked
checked by 4, needs 2nd review, deploy
rejected inopiae
bug #920 Join - single name only (eg Indonesian)
details under bug number
uli
bug #859 admin console interface
feature request: show activity on an account in the admin interface
rejected, certs login doesn't modify "modified" field All
bug #1034 files to remove from webdb
eg wot/14
Software Assessors: Review 1 / add to cacert-devel, add to testserver
Software-Assessors task
uli
bug #977 admin console text fix
admin console Sysadmin - find domain - lists 2 tables - one for user accounts, one for org accounts, naming issue
Testing
Testers task
gagern
bug #440 Problem with subjectAltName (CSR, renew certs)
There seems to be a problem with the subjectAltName. Dupes, missing entries, and more
neo
bug #922 CAcert application code problem causing missing "certificate about to expire" messages
Ted
bug #835 Assurer challenge (on testserver)
needs testing
Michael
bug #1003 Provide a possibility to regularly review the permissions in the system
also bug #1038 Provide a script for board/tverify reset flags by arbitration a20110118.1
neo
bug #1025 Domain Dispute issue
disputes rc and rc2 var prob
Software Assessors: 2nd Review, Bundle Package to Critical Team
Software-Assessors task
uli, ted
bug #789 OA edit domain fix
Editing domain for organisations does not work
new update 2011-09-26
2 tests, needs 2nd review, deploy
more fixes, more testing6
uli
bug #967 OA isassurer check
Give an OA the opportunity to check if a designated Organisation Administrator is a CAcert assurer
neo
bug #978 Invalid SPKAC requests are not properly validated
recheck full certs signing procedures
duplicate report to bug#540 Michael
p20111113 CPS #7.1.2 "Certificate Extensions" adjustments - testing
uli, marcus: needs full cert create tests
duplicate report to bug#978 neo
bug #1024 Assurer flag is not set correctly on updatesort.php run
tested by 4, ok
dirk
bug #1023 Consolidate changes into the Assure Someone page
6.php global re-design project
assurance, wot area (Thawte points removal effective) inopiae
New layout of view for Organisation Administrators in account/id35
Software Assessors: Bundle Package to Critical Team
Software-Assessors task
Awaiting Response from Critical Team