This is the list of things that need still to be done for the Audit:
Task |
Who |
Status |
Blocking |
Since |
Comment |
Assurance Review |
Spring Tour Complete |
. |
20080712 |
being documented |
|
Notifications |
Board + Wytze |
Board has requested |
Assurance Review |
20070830 |
notify all Members of CCA. See RolloutCommunityAgreement |
Software Changes to Website |
Board Software |
??? |
Assurance Review |
200806xx |
a. NRP-DaL notice on Roots download page. b. add checkboxes "I agree to CCA." to cert creation; c. drop wrong/out-of-date contract text; See RolloutCommunityAgreement |
Board (PD) |
rebuild |
DRC-C |
20090520 |
need to review the Software Development progress |
|
Systems review visit #3 |
not scheduled yet |
DRC-C |
20090621 |
anticipated only |
|
Systems review visit #2 |
scheduled 20090619-20 |
visit #3, DRC-C |
20090506 |
pending |
|
Sysadm work-thru M3 |
wytze |
66% ? |
DRC-C, Systems review |
20081001 |
milestone 3. software upgrade |
Sysadm expansion |
wytze, teus |
M + S |
survival |
20080930 |
need more sysadms; ideally around 10 |
Support expansion |
Guillaume |
2 only |
20080420 |
need more support engineers |
|
Security Policy incorporate feedback from review |
Audit + sysadm + policy group |
ready for testing |
. |
20090327 |
taken to DRAFT, now for audit |
CPS to DRAFT |
Board |
wip |
DRC-A |
20090124 |
how to do this? Section 7 remains to be tested? |
Board Software |
policy decision made |
CPS |
20081224 |
needs to implement new p20090105.1 domain/email decision |
|
wip |
DRC-A.1 |
200611xx |
Is the key to the audit criteria |
||
Root documentation |
Board nrTF |
incomplete |
DRC-C |
20090508 |
review of roots in visit #1 found lacks in documentation and protection |
Test New Roots |
Board nrTF |
wip |
DRC-C |
20081129 |
testing of roots |
ordered roughly in order of importance, and bold signifies urgent
wip=Work in Progress, DRAFT, POLICY are explained in PoP
Draft Polices are listed at PolicyDrafts
Done stuff is now in Audit/Done, move it there when done.
Next phase, ongoing
Things that may not make it in this Audit, or are routine.
Task |
Who |
Status |
Blocking |
Since |
Comment |
Assurance Work Plan |
Sebasitian (Assurance Officer) and Ulrich |
basics in mini-TOP |
future audits |
20090517 |
mini-TOP in Munich laid out the basic problems that Assurance has to deal with over next year |
Review of WoT Exceptions - OA, SuperA, Code signing TTP, MinorA, TVerify, ... |
authors |
only blocking themselves |
DRC-C |
|
Some of these are being wound-down so may be scrapped by time Audit gets to them |
wip |
. |
2006-06... |
Needs to incorporate all from Assurance Policy (now DRAFT) |
||
policy |
decided |
CPS |
20060101 |
policy decision is that all info is verified; now need to fix CPS |
|
CAcert Inc and/or Audit |
wip |
next milestone |
20071226 |
Ongoing requirement from NLnet. Next from Audit is June or thereabouts |
|
policy group / AO |
early wip |
R/L/O |
200701.. |
R/L/O, 3pv-DaL works hand-in-hand with RUA and NRP-DAL. Some discussion going on over at Mozilla. |
|
OrganisationAssurance review |
board |
deferred |
. |
20081003 |
resolve policy questions. Document practices, add verification. Do we need a OrganisationAssuranceManual? |
OA root |
OAP |
. |
20081003 |
Create one Assured Organisation subroot. |
|
Member root |
email/domain checking |
. |
200801xx |
as per DRC. Create one Member subroot. |
|
Webtrust criteria |
Auditor |
Deferred |
|
|
Working on DRC only for now, although Board has requested a comment on switching. Also look at ETSI. |