To Software Software - To Software-Assessment - Software/Assessment - To previous meeting - To next meeting
Minutes of the MiniTOP on the 2011-06-14
Setting
The MiniTOP will be held via telco
Workshop starts 21:00 CEST (Weak keys bug #918 testing workshop)
- Meeting starts 22:00 CEST
Attendees:
Topics
(skip to agenda)
new items in last meeting:
- modify/split: Michael, Dirk, Uli - prepare patches, update wiki and other sources with new class3 fingerprint
- webdb
/pages/index/3.php and 16.php to fix, also to add link to Roots/StateOverview
see Bug #946
- capnew.php and coapnew.php to modify, removal project defered
- wiki updates
- svn updates
- webdb
- Marcus: flyer update: no label, but 1/3 page of A4 page printout, to cut in 3 pieces to insert in each flyer (fixed within meeting)
capnew.php doesn't work on cacert1.it-sls.de, pdf error message, added Bug #950 (fixed within meeting)
- Alex, Michael, Dirk, Ted, Uli, Critical Team: Proposed Class3 Subroot Re-sign project Rollout Date: Thursday 2011-06-09 or Friday 2011-06-10
modify: All - Arbitration case a20110312.1 Weak keys, workshop session before next weeks meeting, starting 21:00 UTC
Michael, Dirk, Ted: the Bug #948 impact on mail delivery (non RFC-2821 compliance)
Action items from last meeting Meeting Action Items
Agenda
- strategy plans ...
- strategy for: "Certificates Class3" problem
- Debriefing
- Patches and handling
- Press release preparation and distribution
- Timing
- Rollout coordination
- Documentation
- Debriefing
next: strategy for "New Roots & Escrow"
- ...
- strategy for: "Certificates Class3" problem
- State Testserver Update, Current Patches on Testserver, current running Arbitrations:
- the list of unhandled patches
Arbitration case a20110312.1 Weak keys bug #918
Arbitration case a20110419.1 Bug #637: Weak Passwords
"Thawte" patch Bug# 827 Points-Count-Order-Change project
- Software Assessors Review 1
- Software Assessors Review 2
Dirk, Ted, Mawa
the Bug #948 (impact on mail delivery (non RFC-2821 compliance))
- the list of unhandled patches
- Testgroup: recruit new testers, update
- Software Testers - Workshop at Barcamp Karlsruhe ?
- CI app.test (Update)
- next meeting: Tuesday, June 21, 2011 22:00
Minutes
Workshop Weak Keys
Attendees: Marcus, Michael, Uli, dirk
Weak keys testing
first test round is to disable patch on testserver to allow weak keys to add
generate 512 bit keys test (test bug #918 note #2034)
openssl genrsa -out <your-server-name-domain.tld>.key 512
openssl req -new -key <your-server-name-domain.tld>.key -out <your-server-name-domain.tld>.csr
- copy + paste to signing request
copy + paste signed pub key <your-server-name-domain.tld>-pub.key
test new pub key: openssl x509 -text -in <your-server-name-domain.tld>-pub.key -noout
- should result in:
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (512 bit)
- Modulus (512 bit): ...
- Exponent: 65537 (0x10001)
- RSA Public Key: (512 bit)
- Public Key Algorithm: rsaEncryption
- Subject Public Key Info:
- should result in:
generate exponent 3 key test (test bug #918 note #2036)
openssl genrsa -aes256 -out <your-server-name-domain.tld>.key -3 1024
openssl req -new -key <your-server-name-domain.tld>.key -out <your-server-name-domain.tld>.csr
- copy + paste to signing request
copy + paste signed pub key <your-server-name-domain.tld>-pub.key
test new pub key: openssl x509 -text -in <your-server-name-domain.tld>-pub.key -noout
- should result in:
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit): ...
- Exponent: 3 (0x3)
- RSA Public Key: (1024 bit)
- Public Key Algorithm: rsaEncryption
- Subject Public Key Info:
- should result in:
- OA server keys test
Meeting [22:35]
Attendees: Michael, Uli, dirk, mario, magu
- strategy plans ...
- strategy for: "Certificates Class3" problem
- Debriefing
- Patches and handling
- Press release preparation and distribution
- Michael: has distros received notifications ?
- Timing
- Rollout coordination
- Documentation,
- dispute has been filed regarding notifications to Orgs, but not yet picked up
- no infos from Support yet
- some accounts under twitter - who ? magu ( .. 21 followers), dirk (cacert_me 63 followers) ...
mailing lists: debian 12.6., http://www.elgonzo.net/index.php/tag/cacert/, http://osdir.com/ml/general/2011-06/msg20283.html, https://www.xing.com/net/sicherheit/feedback-biete-suche-tools-events-288/fwd-pressemitteilung-neue-signaturen-fur-cacert-class-3-subroot-zertifikat-anderungen-fur-nutzer-von-cacert-zertifikaten-37158796/
- reminder to heise ?
- linux community - posted
- Debriefing
next: strategy for "New Roots & Escrow"
- idea: using indirect crl's ?
- 2 crl's needed, one valid, one invalid crl server
- policy group: define requirements
- multimember escrow method ?
- how does debian work ?
- secret sharing schema
docu process http://ftp-master.debian.org/keys.html
- public mailing lists ? contacts ?
- dirk ? michael ? jandd ? alexander ? sven ? and other contacts (ftp team ?)
- dnssec has distributed last year
- idea: using indirect crl's ?
- strategy for: "Certificates Class3" problem
- State Testserver Update, Current Patches on Testserver, current running Arbitrations:
- Michael added new states in mantis
- the list of unhandled patches
Arbitration case a20110312.1 Weak keys bug #918
- test running
Arbitration case a20110419.1 Bug #637: Weak Passwords
- needs rework
"Thawte" patch Bug# 827 Points-Count-Order-Change project
- problems with network setup ... fixed within session, 15.php package uploaded
- Software Assessors Review 1
- Software Assessors Review 2
Dirk, Michael, Mawa
the Bug #948 (impact on mail delivery (non RFC-2821 compliance))
- Testgroup: recruit new testers, update
- Software Testers - Workshop at Barcamp Karlsruhe ?
- Idea: push patches to production for testing
- testing with deadline (eg 2 weeks?), after which patch will be pushed to production
annoying bug #911 (gpg expires 1970)
- gpg on testserver not active
- pickup upcoming weekend (dirk, michael, uli)
- CI app.test (Update)
- Hudson, integrated in eclipse
- silenium good for creating
- upcomung new release announced, old revision not under full maintenance eg ff4 not supported
- next meeting: Tuesday, June 21, 2011 22:00
git over http: http://git-cacert.it-sls.de/cgi-bin/gitweb.cgi
- Testserver + Software Testers - task based help:
Emails will not be send to your email address, use testserver management system instead
- how to create admin account?
- how to add new user?
- how to assure an account?
- where to find email?
Fixed Action Items since last Meeting
Michael, Dirk, Ted, Uli
prepare patches, update wiki and other sources with new class3 fingerprint
1. (Dirk, Ted) webdb: Bug #946 REVIEW 2
2. (Uli) wiki updates
3. (Uli) svn updates
Alex, Michael, Dirk, Ted, Uli, Critical Team
Proposed Class3 Subroot Re-sign project Rollout Date: Thursday 2011-06-09 or Friday 2011-06-10
Marcus
flyer update: no label, but 1/3 page of A4 page printout, to cut in 3 pieces to insert in each flyer (fixed within meeting)
Dirk, Michael
capnew.php doesn't work on cacert1.it-sls.de, pdf error message, added Bug #950 (fixed within meeting)
All, Testers
Arbitration case a20110312.1 Weak keys, reviewed by Ted, needs testing !!! Urgent
workshop session before next weeks meeting, starting 21:00 UTC Bug #918 TESTING
Action Items New
dirk ? michael ? jandd ? alexander ? sven ? - next strategy for "New Roots & Escrow" - get in contact with debian group
dirk, michael, uli - annoying bug #911 (gpg expires 1970), activate gpg on testserver ? pickup upcoming weekend ?
- uli, marcus - Testserver + Software Testers - task based help
Action items: Meeting Action Items
Software/Assessment/ActionItems
Marcus
cap.php review different languages, from meeting 2012-04-24, contact translators
uli
Experience points for ATE attendance
check board motions and/or trigger if not yet passed
uli
Infrastructure separation, to contact secure-u (Frank, Mario, Ted, Sebastian) for discussion, prepare a plan, started 2011-12-18
current state: see Funding Landing Page All
1. next: strategy for "New Roots & Escrow" - using indirect crl's ?
indirect CRL: RFC 5280 http://tools.ietf.org/html/rfc5280 (chapter 5) - test deployment dirk, Michael
3. next: strategy for "New Roots & Escrow" - how does debian work?
to contact, deferred to next events (?)
Uli, Michael
Documentation Bugs.cacert.org Review, documentation I (bugs handbook) svg files to convert to jpg or png
Development, Deployment, Discussion
dirk Brian
DEV: bug#918 (Part II) (a20110312.1) Weak keys: /pages/account/.. 4.php, 17.php to combine ? (/includes/keygen.php)
new bug#964
current state: test /account/4.php added to testserver
Marcus will do detailed tests on Wed
some references added to bug#964 done.
proposal patch from Brian rcvd OAO, Ted
bug #943 change OA admin/assurer text
needs 2nd test -> Fabian, Marc, Alex?
/ needs 2nd review -> Ted, rejected 
uli, Ted
bug #824 Org User cert fix Case study
Organisation User Certificates: Need UI improvement for proper production usage
uli
bug #988 TTP cap form deployment Case study
sneak preview
for local testserver deployment only uli, ted
bug #823 email address removal fix
No warning when removing e-mail address from account that certificates will be revoked
checked by 4, needs 2nd review, deploy
rejected inopiae
bug #920 Join - single name only (eg Indonesian)
details under bug number
uli
bug #859 admin console interface
feature request: show activity on an account in the admin interface
rejected, certs login doesn't modify "modified" field All
bug #1034 files to remove from webdb
eg wot/14
Software Assessors: Review 1 / add to cacert-devel, add to testserver
Software-Assessors task
uli
bug #977 admin console text fix
admin console Sysadmin - find domain - lists 2 tables - one for user accounts, one for org accounts, naming issue
Testing
Testers task
gagern
bug #440 Problem with subjectAltName (CSR, renew certs)
There seems to be a problem with the subjectAltName. Dupes, missing entries, and more
neo
bug #922 CAcert application code problem causing missing "certificate about to expire" messages
Ted
bug #835 Assurer challenge (on testserver)
needs testing
Michael
bug #1003 Provide a possibility to regularly review the permissions in the system
also bug #1038 Provide a script for board/tverify reset flags by arbitration a20110118.1
neo
bug #1025 Domain Dispute issue
disputes rc and rc2 var prob
Software Assessors: 2nd Review, Bundle Package to Critical Team
Software-Assessors task
uli, ted
bug #789 OA edit domain fix
Editing domain for organisations does not work
new update 2011-09-26
2 tests, needs 2nd review, deploy
more fixes, more testing6
uli
bug #967 OA isassurer check
Give an OA the opportunity to check if a designated Organisation Administrator is a CAcert assurer
neo
bug #978 Invalid SPKAC requests are not properly validated
recheck full certs signing procedures
duplicate report to bug#540 Michael
p20111113 CPS #7.1.2 "Certificate Extensions" adjustments - testing
uli, marcus: needs full cert create tests
duplicate report to bug#978 neo
bug #1024 Assurer flag is not set correctly on updatesort.php run
tested by 4, ok
dirk
bug #1023 Consolidate changes into the Assure Someone page
6.php global re-design project
assurance, wot area (Thawte points removal effective) inopiae
New layout of view for Organisation Administrators in account/id35
Software Assessors: Bundle Package to Critical Team
Software-Assessors task
Awaiting Response from Critical Team