Today the board has passed the motion m20100103.4 to set the date for January 30th 2010 at 21:00 UTC. It is therefore my pleasure as secretary of CAcert Inc. to invite all members of CAcert to attend this Annual General Meeting.

When: Saturday 2010-01-30 21:00 UTC
Where: irc.cacert.org #agm
Who: All CAcert Inc. Members

Please also remember to pay your dues, since according to current rules you may not otherwise vote.

Regards,
Philipp Dunkel
(Secretary)

Recently a dispute was filed about some confusion with our “Trusted Third Party” procedure. As part of this arbitration the board was asked for some explanatory words on the discontinuation of the TTP. In order to comply with this request and also shed some light on the issue, I have taken on the task of explaining this.

First off there is a misconception, that the board decided to discontinue the TTP. That is a misconception, because the board does not have the authority to do so. However the TTP was discontinued by the policy-group. The reason for this was simply that there was no policy to describe how the TTP procedure worked. As such the practice was outside the policies and needed to be stopped until a policy has been written defining TTP. The policy group has since made several attempts at writing such a policy, but has not yet come to a conclusion.

So I would invite everyone interested in this area, to please join the policy group, which is open to all community members, and help us write this policy and remedy the situation.

After the policy group had made the decision to discontinue several practices that fell outside the Assurance Policy by moving it to policy status the board felt it necessary, in its role as executive organ of CAcert, to enforce that decision. It did so with a motion ordering the ceasing of all assurances not under the Assurance Policy. This motion caused the systems team to terminate these practices.

However at the time it was missed that there was still a page up on the cacert.org website explaining the availability of the TTP process. This page has since been removed.

So to sum up, the board neither had the power nor did it in fact terminate the TTP, it simply enforced a decision by the policy group. However the communication of these facts was sorely lacking.

So to clear things up, and to comply with the Arbitrator order in Dispute a20091118.1 it should be clearly stated that:

The TTP programme is effectively Frozen until a subsidiary policy under the Assurance Policy is written and moved to DRAFT. Until such a time the TTP programme is against the Assurance Policy rules.

Note: although I am currently serving on the CAcert Inc. Board of Directors, I do not have authority to speak for the board. Therefore this article is written solely on my own behalf.

After a recent policy group decision p20091106, Philipp moved the DRAFT CPS onto the policy page on the main website, and also got rid of the old document that was at cacert.org/ policy .php with a redirect.

We started writing the CPS or Certification Practice Statement way back in early 2006. It was the first document to be considered, and the last to get to DRAFT state. This is in part because stuff was thrown out of it into other more appropriate documents: Organisation Assurance Policy, Dispute Resolution Policy, Policy on Policy, Assurance Policy and Security Policy all took their roots from this area, and for a while, we concentrated on those. CPS became the one that couldn’t be finished until the others were stable.

Curiously, there was already a fairly good effort at a CPS in place, written by Christian Barmala. This was a pretty good effort really, and it formed the starting point. There were two problems with the old document, which were that CAcert didn’t own or (totally) control it, and it had never faced audit scrutiny. So the decision was made pretty early on to rewrite it, and looking back, that was the right one.

Today’s move marks the removal of that old document. But our thanks go to Christian for giving us a starting point, to study and build on. Major influences on this new CPS include Philipp Güring, Jens Paul, Philipp Dunkel, Teus Hagen, Daniel Black in time order. And of course, myself, as eternal critic.

If you’re wondering, what next? then hop on over to the policy group and lend a hand. They’ve got a lot to do: CCS, finish the CPS and SP, PoJAM, TTP, Remote/Desert, Tverify, Code-Signing. Recently, the policy group just made it easier to get IDNs (a change that made it into the CPS).

And, if you’re wondering why it took 3.5 long years to get the CPS to where it is, you’re asking the wrong question. To paraphrase a recent post;

“ask not when your policy is written and ready for you, ask when you are ready to write your policy”

On September 11, 2009 the aging CAcert signing server was replaced by new up-to-date hardware, thanks to a donation from NLUUG (the association of (professional) Open Systems and Open Standards users in the Netherlands) to Oophaga, CAcert’s hardware keeper. Please also check the original announcement.

Here we show some pictures taken during the replacement/upgrade action.

Hans Verbeek checks the sliders for mounting the new CAcert signing server at BIT

New CAcert signing server mounted in the rack at BIT

Backside of new CAcert signing server plus Sun1,2,3,4

Mendel Mobach debugging new usbserial connection, Hans Verbeek watching

Mendel Mobach and Wytze van der Raay debugging new usbserial connection between CAcert webserver and signing server

Generator and fuel tank for backup power for CAcert servers at BIT’s data centre

CAcert’s old signing server after putting back the copied master disk

CAcert new signing server with properly locked front panel

CAcert new signing server features a dual redundant power supply!