Critical Team

Is there somwhere a list with the task, you (the critical team) have to do? If not, can you please, write me just an overview?

As far as I know, there is no task list written down in the sense you mean. But basically most activities of the critical team follow from the CAcert Security Manual

In short is is taking full responsibility for the secure operation of the part deemed critical for CAcert's operation:

In addition the critical sysadmin team also manages the physical aspects of the CAcert infrastructure server (, which is software-wise managed by the infrastructure team), and the setup of the three CAcert test servers (, and

And of course the critical sysadmin team is interacting with development, software assessment, support and arbitration teams for all issues involving some critical server. It also interacts with BIT staff for issues like abuse reports received and physical hosting aspects.

Are this task to do on site in the hosting centre or can they be done by remote access?

Most tasks can be done and thus are done by remote access. We aim to keep the number of site visits to an absolute minimum. As you should now, a critical sysadmin cannot just visit the BIT data center and do his work, he must be accompanied by an Access Engineer from secure-U, since they are the only people with authorization to enter the data center (but they have no software access to the machines). So site visits are expensive in terms of required volunteer resources, even more so when non-trivial signing server access is required -- that requires at least two critical system administrators and one access engineer to be present on-site. All of this is mandated by CAcert's Security Policy and spelled out in the Security Manual.

There are a few cases in which a site visit is unavoidable:

With the policies as they are, you will need at least two fully qualified persons which are willing to travel to BIT in Ede for the occasion (b) and some (a) above, and at least one for (c) and remaining (a) cases.

-- wytze 04/2019

SystemAdministration/CriticalTeam (last edited 2019-07-25 08:18:42 by EtienneRuedin)