I’m visiting Delhi and Varanasi beginning of Februari 2010. Is there anyone interested meeting me over there?
If properly planned sufficiently ahead of time, I might be able to manage to get multiple assurers there to get you up to assurer level in one time. But this requires planning and some interest.
Contact me if you’re interested: aphexer at somewhat obfuscated cacert dot org
In the last few weeks, our one Support Engineer (Werner, working mostly alone) has processed 65 support requests, 40 in the last week. Each case generates 5 mails. At the moment, the SE works with an absence of system, on a clunky silly mailing list, so there is no workflow assistance available to him. He has to remember each of those cases over the days-cycle time, and relate them to all the other emails.
Errors are inevitable. I’ve so far seen and counted 3 errors or blunders. Which means we’re talking around a 5% error rate. That’s to be expected when building a new system, working with fresh people, with minimal historical help, and working through a flood of a backlog with crappy technical support and poor information. Also known as, drowning.
(Obviously, in time, we want to reduce that to around 1-2%. When I did my 5-10 cases a month back, I generated at least one error. I’m not good enough for Support, I’m up in the 10-20% range.)
You can help us by pointing out the errors, directly, and suggesting what it is you would rather have seen. Positive suggestions are always appreciated.
The Triage team — Wolfgang, Martin, Michael, Joost — have to this point worked through outstanding emails back to July this year. See the attached for a picture of today’s Inbox. *Yes, it’s more or less empty!* They got there last night, and have reached the target I set them, to get back to July.
That means a human has processed every one of approximately one thousand support emails received over the last 5 months. There’s probably dozens of errors in their processing, but that misses the point.
In the next month or so, some or all of the Triage people above will get through their ABCs and become SEs or Support Engineers. At that point Werner will have help. At that point, we’ll be able to improve our systems. And, we’ll need more Triage people!
You can help us by signing up to Triage. Let me know if you fit the profile: Assurer, great with mail / MUA, etc, time to handle lots of little, quick tasks, good with English reading (other languages an advantage), and you grok the community (CCA, DRP and you want to know more about Security Policy but were always afraid to ask…). IRC.
We need people outside the European evening slot…
iang,
interim, temporary, impatient Support t/l,
looking for any excuse to get sacked!
CAcert Assurer Training Event Göteborg
——————————————————–
Much has happened during the past year. A list of up till now mostly “orally transmitted” rules have been cast in policies. New procedures (e.g. the Assurer Challenge) and obligations (e.g. in the CAcert Community Agreement) have been decided. The Assurer Training Events try to bring all this informations to “the people”:
– To what, does the CCA protect every CAcert-Community-Member and as such also you?
– Can you recount the 5 statements of the “Purpose of Assurance”?
– Can you at least recount 10 security marks of the Swedish passport?
Answers to these and following questions are given at the Assurer Training Events (ATE’s).
Participation in the events is free, Contributions are however appreciated.
Continue reading
Recently a dispute was filed about some confusion with our “Trusted Third Party” procedure. As part of this arbitration the board was asked for some explanatory words on the discontinuation of the TTP. In order to comply with this request and also shed some light on the issue, I have taken on the task of explaining this.
First off there is a misconception, that the board decided to discontinue the TTP. That is a misconception, because the board does not have the authority to do so. However the TTP was discontinued by the policy-group. The reason for this was simply that there was no policy to describe how the TTP procedure worked. As such the practice was outside the policies and needed to be stopped until a policy has been written defining TTP. The policy group has since made several attempts at writing such a policy, but has not yet come to a conclusion.
So I would invite everyone interested in this area, to please join the policy group, which is open to all community members, and help us write this policy and remedy the situation.
After the policy group had made the decision to discontinue several practices that fell outside the Assurance Policy by moving it to policy status the board felt it necessary, in its role as executive organ of CAcert, to enforce that decision. It did so with a motion ordering the ceasing of all assurances not under the Assurance Policy. This motion caused the systems team to terminate these practices.
However at the time it was missed that there was still a page up on the cacert.org website explaining the availability of the TTP process. This page has since been removed.
So to sum up, the board neither had the power nor did it in fact terminate the TTP, it simply enforced a decision by the policy group. However the communication of these facts was sorely lacking.
So to clear things up, and to comply with the Arbitrator order in Dispute a20091118.1 it should be clearly stated that:
The TTP programme is effectively Frozen until a subsidiary policy under the Assurance Policy is written and moved to DRAFT. Until such a time the TTP programme is against the Assurance Policy rules.
Note: although I am currently serving on the CAcert Inc. Board of Directors, I do not have authority to speak for the board. Therefore this article is written solely on my own behalf.
On the evening of Friday December 11, 2009, a security party will be held in Zurich, Switzerland. The main focus of the event will be PGP keysigning, but CAcert assurances will also be available (why else write here? :-). Please refer to the event website (in German) for organizational details. If you would like to participate as an assurer, please register on the CAcert.org wiki.
========================================
Am Freitag Abend 11. Dezember 2009 findet in Zürich, Schweiz, eine Security Party statt. Der Fokus des Anlasses ist PGP Keysigning, es werden aber auch CAcert Assurances durchgeführt (warum sonst hier schreiben? :-). Die organisatorischen Details findest Du auf der Event Website (auf Deutsch). Falls Du als Assurer mitmachen möchtest so registriere Dich bitte auf dem CAcert.org Wiki.
After a recent policy group decision p20091106, Philipp moved the DRAFT CPS onto the policy page on the main website, and also got rid of the old document that was at cacert.org/ policy .php with a redirect.
We started writing the CPS or Certification Practice Statement way back in early 2006. It was the first document to be considered, and the last to get to DRAFT state. This is in part because stuff was thrown out of it into other more appropriate documents: Organisation Assurance Policy, Dispute Resolution Policy, Policy on Policy, Assurance Policy and Security Policy all took their roots from this area, and for a while, we concentrated on those. CPS became the one that couldn’t be finished until the others were stable.
Curiously, there was already a fairly good effort at a CPS in place, written by Christian Barmala. This was a pretty good effort really, and it formed the starting point. There were two problems with the old document, which were that CAcert didn’t own or (totally) control it, and it had never faced audit scrutiny. So the decision was made pretty early on to rewrite it, and looking back, that was the right one.
Today’s move marks the removal of that old document. But our thanks go to Christian for giving us a starting point, to study and build on. Major influences on this new CPS include Philipp Güring, Jens Paul, Philipp Dunkel, Teus Hagen, Daniel Black in time order. And of course, myself, as eternal critic.
If you’re wondering, what next? then hop on over to the policy group and lend a hand. They’ve got a lot to do: CCS, finish the CPS and SP, PoJAM, TTP, Remote/Desert, Tverify, Code-Signing. Recently, the policy group just made it easier to get IDNs (a change that made it into the CPS).
And, if you’re wondering why it took 3.5 long years to get the CPS to where it is, you’re asking the wrong question. To paraphrase a recent post;
 |
“ask not when your policy is written and ready for you, |
On September 11, 2009 the aging CAcert signing server was replaced by new up-to-date hardware, thanks to a donation from NLUUG (the association of (professional) Open Systems and Open Standards users in the Netherlands) to Oophaga, CAcert’s hardware keeper. Please also check the original announcement.
Here we show some pictures taken during the replacement/upgrade action.
Hans Verbeek checks the sliders for mounting the new CAcert signing server at BIT
New CAcert signing server mounted in the rack at BIT
Backside of new CAcert signing server plus Sun1,2,3,4
Mendel Mobach debugging new usbserial connection, Hans Verbeek watching
Mendel Mobach and Wytze van der Raay debugging new usbserial connection between CAcert webserver and signing server
Generator and fuel tank for backup power for CAcert servers at BIT’s data centre
CAcert’s old signing server after putting back the copied master disk
CAcert new signing server with properly locked front panel
CAcert new signing server features a dual redundant power supply!
CAcert ist auf dem diesjährigen Brandenburger Linux-Infotag (BLIT) am 21. November 2009 vertreten.
Dr. Thomas Bremer wird einen Vortrag zum Thema “Freie Zertifikate für Schulen und Hochschulen” halten und ebenfalls Informationen zur Verwendung von Zertifikaten geben. Dem Vortrag könnt ihr im Hörsaal 3 von ca 14:00 – 15:00 Uhr beiwohnen.
Der BLIT findet in Potsdam (Griebnitzsee) im Haus 6 des Instituts für Informatik der Universität Potsdam statt.
Für die Anfahrt mit dem öffentlichen Nahverkehr bietet sich die S-Bahn Linie 7 an, alternativ verkehrt die Regionalbahn mit der Linie RB 21.
Solltet ihr mit dem Auto anreisen, so sucht in eurem Navi – sofern vorhanden, die “Prof. Dr. Helmert Straße” in 14482 Potsdam. Eine Wegbeschreibung sowie weitere Informationen zur Anfahrt findet ihr auf der Seite des Brandenburger Linux-Infotages unter BLIT – Anfahrt.
Weitere Informationen zum BLIT findet ihr unter:
http://www.blit.org/2009/
(EN)
Please note, that all thawte points tansfers must be started before 16th november 2009. After this date we can´t check your status at thawte.
If you have 0 points at CAcert, you get can up to 150 pts.
Please click here for details: http://wiki.cacert.org/ThawteNotary
Interface for thawte transfer:
https://tverify.cacert.org
If you need help, you can also write to our mailinglists – details:
https://lists.cacert.org/wws/arc/cacert-support (EN)
https://lists.cacert.org/wws/arc/cacert-support (DE)
https://lists.cacert.org/wws/arc/cacert-es (ES)
https://lists.cacert.org/wws/arc/cacert-br (BR)
—-
(DE)
Bitte beachtet, dass ein Transfer der Punkte aus dem Thawte WoT nur noch bis zum 16. November 2009 möglich ist. Wir haben danach keine Möglichkeit mehr, eure Daten zu verifizieren und können daher keine Punkte mehr transferieren.
Wenn ihr aktuell 0 Punkte bei CAcert auf dem Konto habt, so könnt ihr dies über den Transfer auf bis zu 150 Punkte aufstocken.
Für Details einfach hier klicken: http://wiki.cacert.org/ThawteNotary
Das Interface für den Transfer findet ihr unter:
https://tverify.cacert.org
Wenn ihr Hilfe benötigt, so könnt ihr uns auch über die Mailinglisten kontaktieren:
https://lists.cacert.org/wws/arc/cacert-support (Englisch)
https://lists.cacert.org/wws/arc/cacert-de (Deutsch)
https://lists.cacert.org/wws/arc/cacert-es (Spanisch)
https://lists.cacert.org/wws/arc/cacert-br ((brasilianisches) Portugiesisch)