Advisory meeting 2007.08.18-19 Minutes

1. Organisational Assurance OA
   • needs to be done before 'Systems' Event in October
   • Highest Priority for Advisory
   • super outline, and national/local policies below that.
   • draft compiled on Saturday afternoon, to be written up (now done).
2. 'exec' agenda.
   • Funding from NLnet situation?
   • Present printouts, especially PoP
   • Suggest Evaldo to post one week before announcing meeting to community
   • Advisory to provide the structure and items, as suggestion.
   • If board want to go with that flow, then the flow is there.
   • Collect issues this weekend.
3. AGM
   • board members:
   • we need to be recruiting + checking
   • What about old board members? No, not as yet.
   • Teus may stand for board if costs are covered.
   • 1st November - action deadline for full announcement - create / post
   • NSW -- need more members inside the formal jurisdiction
   • Announcement email to membership list, to be sent by Evaldo.
   • Advisory may again take on the election preparation.
   • Advisory to prepare agenda
   • motions to be added via wiki page? (who controls?)
   • Wiki page already started
   • http://wiki.cacert.org/wiki/NextAnnualGeneralMeeting
4. Board Openness.
   • Need board decision, greg Rose said it was already done?
   • Secretary/Evaldo is responsible, support him in this
   • Creating a place to announce stuff
   • openness should be built into the structure, Integrated in normal system operations
5. Assurer Structure?
   • what are the different types?
   • what cross-over between different assurer sub-programmes?
   • The Assurer Programme ... Assurance Officer....
   • The overall situation needs to be mapped out
   • defer to 'top', community decision
   • there are bugs
   • (e.g., prefix Dr) (e.g., umlauts or no umlauts)
   • effects education
   • quality
   • To be presented / discussed on Officer's day.
6. Education
   • Assurer testing system is being tested
   • 'exec' meeting -- placeholder for a demo test run for people
   • issue: testing language -- official is english?
   • need translations (got german, spanish next?)
   • if translated, lose control of questions
   • if not translated, difficulties with assurers accessing (we will lose assurers)
   • need a road map to present to 'top' -- board + officers, twice
   • should officers make the decisions?
7. Privacy
   • Rasika is taking the role for now
   • is this official? Has board understood it all?
   • who is the DPO official? Probably not Rasika
   • DPA -- is it a big deal or not?
   • We need to get Rasika to 'exec'
   • "functionality attributes?"
   • how it is done is not yet clear
8. PoP
   • present to board at 'exec', sugget to vote then
   • document is drafted, has been sent to board
   • holding everything up
9. Org Chart
   • Chart has no internal quality control
   • officers title ack
   • lack of senior people to manage the departments
   • definition of officers, what can we expect from them, what can they expect from us, from each other?
   • prepare "officer's manifesto" and circulate at 'exec'
   • reporting flow?
   • relationship to CAcert Inc. ?
10. Funding
    • Local Associations to be encouraged, set up.
    • http://www2.futureware.at/svn/sourcerer/CAcert/PolicyOnFoundations.html
    • More CAcert structure???
    • B/A/Officers costs
    • income should carry meeting costs
    • B/A/Officers.
    • basic PR, technical measurments, infrastructure costs.
    • write a proposal / PROPOSE
    • German association Jens to pursue (on return?)
    • Teus stops NLnet in October
    • Audit costs?
    • Brainstorming Sunday write up ideas.
11. PR
    • Henrik
    • press kit
    • only started, current one is not there yet
    • Jens and Henrik review.
    • Style Guide
    • belongs to PR?
    • Johann is now part of team
    • Jens and Henrik review.
    • web pages improvement needed
    • Inc. membership application is bad
    • fee payments are bad.
12. Open Sourcing
    • This is a board decisions.
    • Alex/Georg involvment
    • Pressure from NLnet for GPL
13. Hosting Location
    • technical part
    • memorandum
    • Board proposal and decision
14. Assurance Events
    • Mario handling...
    • getting people taking care of events
    • need rules for events, need a proposal of Events Handbook or something
    • Mario to present situation, B/A to back up.
15. CAcert name delegation
    • DNS
    • countries cacert.nl -- in MoU.
    • trademark -- register?
    • propose Intellectual Property policy to board -- to be written
    • to use the brand must ask policy
    • can be revoked
    • is there a country / community / style?
    • Marketing issues
16. Technical / Systems Department
    • 2 presentations for sysadm and software
    • technical structure sysadm, software, support needs to be separated.
    • Presentation differs for sysadm day
    • recruiting
    • management
    • reporting
    • Email response is not working, respondes to requests?
    • Single Sign On procedure within CAcert, Delay /
    • Problems with Challenge eMails
    • need independent test training system
    • use machine in rack?
    • oophaga not happy, not likely to provide another machine?
    • need a sysadm
    • TrustCheck - on hold. What now?
17. audit
    • DRC - review for board at 'exec'
    • funding proposal for audit
    • re-post - decisions to be taken
    • how to maintain independence
    • Use oophaga as independent oversight?
    • finding new external audit
    • internal auditing team
    • raise at 'top'
    • part of quality section? v.v.
18. Registered User Agreement
    • Big block on audit progress
    • cacert has to do risks, liabilities, obligations
    • Advisory document is drafted, to be reviewed by Teus
    • to be discussed at 'exec' and proposed to community
    • connection to OA
    • General approach of RUA + principles + RDR - all happy
    • a 3rd party vendors agreement is also needed.
19. Strat & Mkt
    • Greg Stark has proposed European & US mkt.
    • Lots of disagreement.
    • Can't do a strategy without a mission
    • Not ready for Officer yet.
    • CAcert needs more senior execs, before marketing
    • Partnering *and* Competition OpenID, SL? etc ... policy needed
20. Mission
    • Historical:
    • 2002: because privacy is your right
    • 2004: promote awareness and education on computer security through the use of encryption
    • 2005: to increase your privacy and security for free
    • 2006: to get security at the right price... Free!
    • 2007: To provide a trust mechanism to go with the security aspects of encryption
    • conclusion?: privacy is your right, so security measurements should be for the right price: free
    • add a mission discussion to 'exec' ... will take years !
21. Association / CAcert INC / Community
    • distance to community -- too much?
    • role of Association within community
    • proper form of association, needs to be investigated
22. Dispute Resolution
    • We need an officer for DR -- "Chief Arbitrator"
    • default core team needs to be changed ==> internal audit (done)
    • dependent on existing policies.
    • defer to PoP then the next
23. Advisory Meeting
    • regular thursday night 23.00 Skype voice
    • Physical meeting, next in October, Netherlands?
24. Funding Ideas
    • just ideas, no conclusions
    • in second life - charging for authentication mechanism
    • courseware (Quality control?)
    • specialism usage
    • donations
    • org use of CAcert infrastrcuture should lead to donations (more activity)
    • EU? (see report Dutch government experience teus: government PKI too complex, too expensive)
    • BSI, GPG, etc
25. Issues not mentioned / forgotten
    • AGM: financial year, yearly report
    • recruiting help