Monthly Archives: March 2010

Community 2010 March Update

  • 2010-03-30 New Roots task force offers SHA2 based roots/end user certificates for testing
  • 2010-03-30 Software-Assessment Project telco 2010-03-30
    • GIT as the future Software Assessment repository passed test successful
    • Testserver needs Testserver Management System, action plans triggered to start a deployment
  • 2010-03-27 Walter Güldenberg appointed as Events Team Leader
  • 2010-03-26 Sysadmin team works out way forward for SNI, client certificate authentication and SSL renegotiation changes in browsers
  • 2010-03-26 Security Policy – Board vetos Security Policy Draft regarding point 9.1.4.2. Coverage – Board sighting conflicts with CAcert incorporated rules
  • 2010-03-25 Ongoing update of CAcert Officers list
  • 2010-03-24 First ATE in 2010 season: ATE-Sydney with 6 co-Audited Assurances and addtl. 14 interested Attendees
    • Discussions through email and irc about how to seed CAcert deserts. Plans for contacting Usergroups (existing IT related social networks)
    • mostly, area has many old SuperAssurers that will have faded away
  • 2010-03-21 Board Meeting 2010-03-21 “Determine Root escrow and recovery mechanism” review ends with no consensus
  • 2010-03-18 Rasika Dayarathna, our Privacy Officer, resigned due to lack of time. Looking forward to rejoining us later.
  • 2010-03-14 Boards Projects Overview Page started deployment
    • with this page, Board and also Community can get a better overview over the running and upcoming projects regarding Audit
    • currently active areas/projects:
  • 2010-03-13 Board Members allowed to serve on arbitration team again
  • 2010-03-06 Daniel Black gets appointed as Infrastructure Team Leader
  • 2010-03-06 Efficiency gain – Policy Officer empowered to perform minor adjustments to policy
  • 2010-03-06 CeBIT 2010 Big Assurance Event successful passed after 5 days with a team of about 8 to 12 and more Assurers. CAcert was one of the 15 projects on the booth at the Open Source Project Lounge sponsored by Linux New Media.
  • 2010-03-03 Co-Audited Assurances Program finalized and starts at CeBIT 2010

Contributions to this Community Update by: Ian, Daniel, Uli

What’s this ATE thing then???

You have probably seen messages flying around about the ATEs, or Assurer Training Events, and you’re probably wondering whether it applies to you. The answer is:

YES, most definately, if you are an Assurer.

This is your event, to update and to participate. More than that, it feeds into audit. This connection may be a little non-obvious, so this post is about explaining it to those wavering on their path to an ATE near them as to why you should help.

Recall that CAcert has today 3460 (and growing) Assurers around the world, and that they provide the critical information feeding into the certificates for the entire community.

That line — from Community Member to verification of information to the certificate — is of key interest to the Auditor. The certificate part is well-understood but what is less well understood is the verification part. How does the Auditor verify the actions of 3460 people spread across dozens of countries? Are they doing the job? Looking after Members? Mostly harmless or causing risks to rise?

Assurers mostly harmless?Verifying the Assurers across the planet is a challenge we must conquer, because our audit criteria says “A.2.y The CP details how the CA verifies that [Assurers] operate in accord with the CA’s policies.” Indeed, the auditor for a big famous-name CA simply declined to audit their web of trust, and the CA found it in its heart to drop the entire thing.

But it can be done. As auditor, I visited around 8 countries in 2009 for a tiny budget of €1500 and verified personally around 80 Assurers. The German community did a similar thing across Germany, and together these results gave us a good showing. It was still marginal; we need better and broader coverage. We need scaleability and we needed process, but we had our start.

From the 2009 experiment, the Assurance Team has designed a comprehensive programme to meet the audit criteria A.2.y, and the ATE is the leading part of that. At the Assurer Training Event, you the Assurer are brought up to date with changes (dramatic), informed on essential checks (of course) and then we individually record that process (carefully and slowly). All this is then collated and prepared for an end-of-season report.

The 2010 season is now underway. If you want to help CAcert’s audit process and improve on the results below, you should look out for an ATE near you. Who wouldn’t want to be involved??? Better yet, ask at events@c.o for how to run one.

2009 results

ATE-Sydney

ATE-Sydney is programmed! Masa has made available a lecture theatre at Sydney University’s IT school for an ATE on evening of 24th March, 6:00pm. More details on the wiki.

I will attend ATE-Sydney!

The ATE or Assurer Training Event is exceptionally recommended for all Assurers, and include parts which contribute directly to our audit. Come and find out how you can also contribute. Please RSVP as above.

Other events in NSW coming soon, or mail me with suggestions.

Two Weeks to go! CAcert at OpenExpo 2010 Bern – Switzerland – March 24.-25. 2010

OpenExpo, the Swiss leading conference and trade show for Free and Open Source Software, will take place for the 8th time Wednesday and Thursday, March 24. and 25. 2010 at the BEA expo in Bern. CAcert is proud to be present among many other Open Source Projects as part of the Open Source Community.

In the conference program at KMU day, there will be the presentation – SSL-Zertifikate in der betriebsinternen Kommunikation der ETH Zürich (in German language) – about the application of CAcert certificates. As the first university in Switzerland, ETH is deploying CAcert certificates.

Additional Swiss CAcert assurers or CAcert assurers from any country with successfully passed assurer test and willing to help, register in the CAcert.org Wiki. The entrance and the conferences are free of charge, simply order and print your free ticket.

———————————————————————————————————————————————————————————————————————————————–

OpenExpo, die Schweizer Messe und Tagung für Freie und Open Source Software findet zum achten Mal statt, am Mittwoch und Donnerstag, 24. und 25.März 2010 in der BEA expo in Bern. CAcert.org ist stolz darauf, mit vielen anderen Open Source Projekten an diesem Anlass teilnehmen zu dürfen und Teil der Open Source Community zu sein.

Im Konferenzprogramm wird am KMU-Tag der Einsatz von SSL-Zertifikate in der betriebsinternen Kommunikation der ETH Zürich anhand von CAcert Zertifikaten präsentiert. Die ETH setzt als erste Universität in der Schweiz CAcert Zertifikate ein.

Zusätzliche Schweizer CAcert.org Assurer oder CAcert.org Assurer aus irgend einem Land mit erfolgreich absolviertem Assurer Test, welche mithelfen wollen, tragen sich bitte im CAcert.org Wiki ein. Der Messeeintritt und das Konferenzprogramm sind für jederman kostenlos, einfach Gratis-Tickets bestellen und ausdrucken.

ate-OZ

I’m in the vicinity of Canberra – Sydney for next 2 months, and looking to do ATEs. If you have some sort of venue or facility, and there are Assurers in your area, let me know.

Additions: Sydney is rolling…

iang @ the normal address, for the Assurance Team.

Thawte Points Transfer and Removal of Points at Nov 16th 2010

CAcert 2010The November 2009 blog post Last chance: End of thawte points transfer on 16th november 2009 was the starting point for the moving of Thawte Notarys to CAcert … but this is half of the story. November 16th 2010 ends the verification period of transfered points. So the 150 points transfer will be lost. To prevent the loss of Assurance and Experience Points all members using this program needs to search for assurers to get fully assured and starting also assurances to get the needed experience points. Until now, the addtl. Assurances doesn’t count, but added to the account until the Points Count process will be changed before Nov 16th 2010, so the last assurance points counts.

This will become a big shift in this year until November 2010. Current work is to prepare the building of the Software Assessment Team and the Repository project to make Software updates possible. This project is a not so well noticed project still running in the background. But if someone reads the Software MiniTOP Updates from Dec 2009 and February 2010, those can reads the progress that is made in this area. This is also a requirement for the CCA Rollout plan that needs to be started around mid of this year to succeed before Audit can continue.

If you have further questions regarding the Thawte transfer points removal, please go to the public CAcert Support mailing list.

Community 2010 February Update

  • 20100221 Markus Warg appointed to Software Assessment.
    * He is now the 2nd team member in a new team that will be formed under the “Repository Project” by Andreas Bäß
    * Also involved in this project is the Critical sysadmins team for building up the Servers and software for becoming testing and staging servers.
    * Also to train the system recovery from scratch
    * Also to prepare a proposed system upgrade
    * These are the first results from the Software MiniTOP Essen Dec 16th 2009
  • 20100221 UlrichSchroeter appointed as Assurance Officer
    * Board accepts Sebastian’s resignation as Assurance team leader, and thank him for steering the ship over the last year. Sebastian remains on the Assurance team! Board appoints Ulrich as team leader, formally Assurance Officer within the meaning of the Assurance Policy.
  • 20100221 Michael Tänzer appointed as Support Officer
    * Board appointed Michael as support team leader and accepts Ian Grigg’s resignation as support team leader.
    * (Formally, as Support Officer within Security Policy.)
  • 20100213 Software MiniTOP Offenbach Feb 13th 2010
    * Current State of ”Repository Project”
  • 20100206 Assurance MiniTOP Brussels Feb 6th 2010 – on the Agenda were several topics
    * Assurance – Tasks for coming weeks.

    • Plan for Events.
    • Submit review to board.
    • new AO and EO to board.
    • prepare CeBIT.
    • finish Co-auditing Programme for 2010, in time for CeBIT.

    * CeBIT
    * Roles
    * Support
    * ABC interviews
    * Recruitment
    * Co-Audit
    * Defining the Co-Auditor
    * co-Audit Team
    * co-Audit preparation

  • 20100201 p20100119 PoJAM to DRAFT resolved.
    * https://svn.cacert.org/CAcert/Policies/PolicyOnJuniorAssurersMembers.html
    * Now the Subpolicy is binding to Assurers for assuring minors and als minors to be Assurers.
    * This is the first policy in a series of subpolicys under AP, that cames back after all special assurance programs becomes frozen.

Further Community Update News you will find in the Wiki Community Update

Linux Release Party May 29th 2010 – Reehorst, Ede, Netherlands

HCCUbuntu
The Dutch Hobby Computer Club HCC and ubuntu nl are organising the Dutch Ubuntu release party for Lucid Lynx (Ubuntu 10.4 LTS / Long Time Support version)
Of course your favorite free certificate provider – CAcert – will be present.
Create your account at http://www.cacert.org, login to your account, get some prints of the assurance form using CAP Forms and bring them with you.
If you have more as 100 assurance points and have passed the CAcert Assurer Challence, so you are a CAcert Assurer, pick up your Assurer pin/badge at the CAcert booth table!
Make sure to enlist as assurer on the event page.

May 6th 2010, NLUUG Spring Conference – System administration, Ede – Netherlans

NLUUGThe dutch Linux/Unix NLUUG conference will host CAcert Assurances on Thursday 6th of May in the conference center De Reehost in Ede, Holland. See for details the NLUUG conference web page. The conference theme is System administration.
Be prepared and complete the assurance program form: Login to your account on http://www.cacert.org on go to CAP Forms.

If you have more as 100 assurance points and have passed the CAcert Assurer Challence, so you are a CAcert Assurer, pick up your Assurer pin/badge at the CAcert booth table!
Be sure to enlist as assurer on the event page.