. '''To Software [[Software|Software]]''' - '''To Software-Assessment [[Software/Assessment|Software/Assessment]]''' - '''To [[Software/Assessment/20120228-S-A-MiniTOP|previous meeting]]''' - '''To [[Software/Assessment/20120313-S-A-MiniTOP|next meeting]]'''

----

= Minutes of the MiniTOP on the 2012-03-06 =

== Setting ==
The MiniTOP will be held via telco  22:00 CET

Attendees: Dirk, Marcus, Uli, Magu, Michael


== Topics ==

(skip to [[#AGENDA|agenda]])

Action items from last meeting '''[[Software/Assessment/ActionItems|Meeting Action Items]]''' 
<<Include(Software/Assessment/ActionItems)>> 



<<Anchor(AGENDA)>>
== Agenda ==

## last full agenda https://wiki.cacert.org/Software/Assessment/20120228-S-A-MiniTOP
 * there are 4 topics of high priority:

=== 1. 6.php by dirk ===
 1. Thawte points removal, final step
  * relates to 6.php
  * this also relates to TTP
  * dirk will work on this last weekend (2012-01-21)
  * current state: not yet finished
   * expected finishing? upcoming weekend (2012-01-23 to 2012-01-30)
   * not finished, upcoming weekend 2012-02-06?


=== 2. testing of certs patches ===
 * 2012-02-21 meeting test series by uli

  1. [[https://bugs.cacert.org/view.php?id=540|bug#540]] No key usage attribute in cacert org certs anymore?
   * also: [[https://bugs.cacert.org/view.php?id=905|bug#905]]
   * Policy group discussion - Extended key usage -> [[PolicyDecisions#p20111113|p20111113]], motion CARRIED
   * deployment
    1. prepare fixes -> Michael to prepare diffs, against svn
    1. sending to testserver
    1. transfer to critical system
   * (2011-12-13) approx 2 weeks to write the fix, approx 2 months to go
   * Michael did transfer the patch to testserver
    * signer code update
    * changes against svn
    * uli, to add to tester portal, done
    * uli to inform testers about new tests
    * test report from kenneth to transfer to report (email from 2011-12-25)
     * Michael: where to find the report from kenneth? link?
     * NEO has added the report (written to private dl)
    * who has adobe 8 for testing?
     * magu has, please test
    * next: needs testing (week 6)
     * uli, marcus: needs full cert create tests
     * uli (2012-01-25): sent notification to software testers
     * awaiting testing ... problem FULL test, including all possible variations with certs creation
     * also to report under [[https://bugs.cacert.org/view.php?id=978|bug #978]] bug 978 (weak keys) (bug 918)
    * Testers: test all certs veriations, functions

  1. [[https://bugs.cacert.org/view.php?id=440|bug#440]] Problem with subjectAltName (CSR, renew certs)
   * "There seems to be a problem with the subjectAltName. Dupes, missing entries, and more"
   * patch by gagern
   * Software-Assessors: needs 1st review + transfer to testserver (week 4)
   * (2012-01-23) michael picked up

  1. [[https://bugs.cacert.org/view.php?id=978|bug #978]] bug 978 (weak keys) (bug 918)
   * invalid key format, no regular error message, something wrong, error code # identified
   * debugging infos from user + infos from critical team with error code #, was spkac routine
   * one test done 2011-12-17 by JensK
   * uli, marcus: more tests: certs routine, weak keys (small keys test), relates to [[https://bugs.cacert.org/view.php?id=540|bug#540]] tests
   * (week 7)

  1. [[https://bugs.cacert.org/view.php?id=812|bug #812]] CAcert certificate not working with Windows Encrypting Filesystem (EFS)

  1. [[https://bugs.cacert.org/view.php?id=905|bug #905]] Unable to sign PDF file with Acrobat

=== 3. 2nd review of 4 patches ===

 ||<#ff8080> '''Software-Assessors task''' ||

 || uli, ted || [[https://bugs.cacert.org/view.php?id=789|bug #789]] OA edit domain fix || Editing domain for organisations does not work<<BR>>new update 2011-09-26<<BR>>2 tests, needs 2nd review, deploy<<BR>>more fixes, more testing || 6 {0} ||
 || Michael || [[https://bugs.cacert.org/view.php?id=1002|bug #1002]] || 0001002: Contact Assurer form leaves a funny comment after sending  || {0} ||
 || Michael || [[https://bugs.cacert.org/view.php?id=1003|bug #1003]] Provide a possibility to regularly review the permissions in the system || needs to be started from console, not testable || {0} ||
 || Michael || [[https://bugs.cacert.org/view.php?id=1011|bug #1011]] problem fix || needs review by Software-Assessor - priority: high {-} <<BR>>untestable, needs 2nd review || {0} ||

=== 4. continue BlackJack coding by Michael ===

  1. [[https://bugs.cacert.org/view.php?id=964|bug#964]], [[https://bugs.cacert.org/view.php?id=918|bug#918 (Part II)]] Codename "BlackJack" - VBscript for Vista/Win7 (select keysize >= 1024)
   || x^1^ Dirk, new [[https://bugs.cacert.org/view.php?id=964|bug#964]]<<BR>>DEV: [[https://bugs.cacert.org/view.php?id=918|bug#918 (Part II)]] ([[Arbitrations/a20110312.1|a20110312.1]]) Weak keys: /pages/account/..  4.php, 17.php  to combine ? (/includes/keygen.php) '''DEV''' || current state: test /account/4.php added to testserver<<BR>>Marcus will do detailed tests on Wed<<BR>>some references added to [[https://bugs.cacert.org/view.php?id=964|bug#964]] || {0} ||
   * as part of
   * x^1^ Arbitration case [[Arbitrations/a20110312.1|a20110312.1]] Weak keys [[https://bugs.cacert.org/view.php?id=918|bug #918]] / [[https://bugs.cacert.org/view.php?id=954|bug #954]] / [[https://bugs.cacert.org/view.php?id=964|bug#964]]
   * Current state:
    || {g} || pre mailing sent ||
    || {g} || keys revocation script to bulk revoke weak keys, new [[https://bugs.cacert.org/view.php?id=954|bug #954]], finished ||
    || {-} || dirk: DEV: [[Arbitrations/a20110312.1|a20110312.1]] [[https://bugs.cacert.org/view.php?id=918|bug#918]] Weak keys: /pages/account/..  4.php, 17.php  to combine ? (/includes/keygen.php) '''DEV''' <<BR>>vbscript needs to be improved with select box key size and lower limit to 2048 (based on [[https://wiki.mozilla.org/CA:MD5and1024]])<<BR>>Api CertEnroll (MS crypto provider)<<BR>>new [[https://bugs.cacert.org/view.php?id=964|bug#964]]<<BR>>current state: test /account/4.php added to testserver<<BR>>Marcus will do detailed tests on Wed<<BR>>some references added to [[https://bugs.cacert.org/view.php?id=964|bug#964]] - codename "BlackJack" ||
    || {g} || Weak keys blog post, published ||
    || {g} || Weak keys article published by Hanno(July 28), link is in CAcert's blog post (July 30) ||
    || {b} || weak keys: problems with cryptostick (to test at [[events/FrOSCon2011|Froscon]] with Juergen ?) ||

   * cert enroll infos under [[https://bugs.cacert.org/view.php?id=964|bug#964]]
   * vista and win7 works with other engine !CryptoAPI (?) => Cryptography API: Next Generation
    * [[http://msdn.microsoft.com/en-us/library/aa833130%28v=VS.85%29.aspx]]
    * Marcus: added notes for Win7 [[https://bugs.cacert.org/view.php?id=964#c2249]]
   * dirk: has not started the virtual machine
   * Question from Marcus: did someone contacted illuminat?
    * No, Marcus: to contact illuminat
    * illuminat will give it a try, first needs download of testserver image
   * Update?
    * marcus: illuminat not yet seen last time
    * baseline requirement - keyssize >= 2048 to fix till end of 2011
    * how to proceed?
    * dirk:  1st step, to bring win test server localy online
    * marcus: to contact illuminat
    * Do we have other developers who may pick up this project?
   * Marcus -> dirk: announcement of vbscript bug to developers mailing list
    * change keysize
    * merge 2 scripts to one
    * fix on script 1 needs fix in 2nd script too, solutions: include, one file, or comment fix script 2 too
   * interrupt: [[https://bugs.cacert.org/view.php?id=964|bug#964]] -> codename "BlackJack"
    * relates to IE8 problem, that certs cannot be created
    * is there a security issue with available fix? also [[https://bugs.cacert.org/view.php?id=918|bug#918]]
    * related 927, 901, 847
    * a patch is online on testserver, but cannot found
    * related patch files, /pages/account/ 3,4,16,17; /include/account.php
    * there are other vbscript pages: ../account/ 6 + 19
   * Brian [[https://bugs.cacert.org/view.php?id=964|bug#964]]
    * Michael: Marcus to test with IE
    * IE select provider only
   * code from Brian needs some corrections, corrections to do, 4 + 17 inclusions, checkin
    * notification to Brian, done
    * quickfix has problems too
    * next step(s)
     * check error codes / debug routines
     * open developer mode, create cert
      * resulting error: line 213, put length, wrong parameter
      {{{
Zeile: 213
Fehler: CertEnroll::CX509PrivateKey::put_Length: Falscher Parameter. 0x80070057 (WIN32: 87)
Zeile 213:  objPrivateKey.Length = &h08000000
}}}
   * current state: an undef error with current patch
    * we need someone who has experience with vbscript, to come into telco, reviews interface/api beforehand
     * illuminat: not before eastern
     * marcus: will ask users on assurance party Wed 18th Jan
   * 2012-01-23:
    * also cabforum requirement, keysize under IE limited to 1024
    * how to find programmers ?
     * windows webserver programmers: Outlook, Citrix portals
    * new API's can use java, new apis have web-enabled
    * splitting vbscript for os revisions < vista, java for os revisions >= vista ?
   * NEO started development, not yet finished

=== 5. next meeting ===
 * Tuesday, March 13, 2012 22:00


== Minutes ==

 1. Prelimaneries
  1. [[https://bugs.cacert.org/view.php?id=1019|bug#1019]] - contact form doesn't work if logged-in
   * patch is on testserver
   * online session:
    * tests by Marcus, Uli
   * Ted: will pickup 2nd review

 1. dirk tries to get his vm running

 1. Michael continued BlackJack development




==== Fixed Action Items since last or within meeting ====



----

==== Action Items New ====



Action items: '''[[Software/Assessment/ActionItems|Meeting Action Items]]'''

----
 . CategorySoftwareAssessment