Executive Summary

This plan proposes that CAcert conduct a meeting in Europe of the new board, advisory and others. It involves raising funds to (a) fly board directors to Europe, (b) organising accomodation, (c) local travel by others.

Introduction

CAcert is an open and free certificate authority that operates across the world as a community. It is open because anyone can join, and it is free of cost for all of its certificates. It works because we are community devoted to securing the Internet access of our users.

CAcert community

The headline task of the CAcert community is to assure people according to their identity documents. Once this identity is established, certificates can be created which claim the identity of the user.

As users gain more points from more assurance, they themselves are encouraged to become Assurers, thus creating a self-perpetuating force of Assurers. The combination of free certificates, an ability to gain points, and help assure others has resulted in a strongly growing community, one that uniquely addresses a cross-section of computing world, wherever people feel they need certificates.

CAcert and the Commercial Market for Certificates

CAcert reaches a particular segment of the market for certificates: those individuals, communities, non-profits, small and large companies, that find that the price of certificates puts them out of the market. Certificates are generally available from commercial CAs from $20 and upwards, but even this low value is impractical for users in poor countries or small and non-commercial organisations that require many certificates.

CAcert provides this service of free certificates by enrolling the users themselves to do the work. In that sense, it is not totally free, as users are encouraged to become Assurers and to contribute time and effort rather than money. Many of CAcert's users are very happy with this offering and are keen to contribute.

CAcert does not compete with commercial suppliers, rather it expands the market for certificates into areas they do not look at. For example, CAcert does not offer support services with guaranteed reaction times. Instead we offer free community-based support without such guarantees.

Structure of the Community

The community is structured roughly like an onion:

Users. The community itself is formed primarily of users who register at the website. Current numbers indicate around 92k, although many of these are inactive. Users may create certificates, and when they are Assurered to 50 points, can create certificates with their names in them.

Assurers. Of the users, there are approximately 8900 Assurers, who have gained 100 points. Their role is to verify identity documentation and allocate points. Assurers are currently undergoing an audit-driven change where they will be trained and tested. This is expected to create a basic standard, at the expense of lowering the gross number of Assurers dramatically.

Officers. Some of the Assurers also work as "Officers" or in other active or senior roles. These are divided up into three different areas: technical, business, policy. This group is somewhere between 10 and 100, depending on how they are counted. A special group is the Advisory, which consists of three senior experienced IT professionals that provide independent advice (and includes the current Auditor).

Association. The core is a legal Association incorporated in NSW, Australia. This is the owner of Intellectual Property assets, the operator of the services, and the ultimate decision maker. The Association normally conducts an Annual General Meeting of its members, and elects a committee ("board"). There are approximately 50 members who pay an annual membership fee.

The Community Growth Process

The community has a mission of running a CA and delivering free certificates to its users. This mission has proven sufficiently powerful to bring in a lot of people, concentrated around the computer systems and administration world.

According to current industry practice, certificates should identify the name of the user (it should be recognised that this is not without controversy). CAcert operates its community as a web-of-trust in order to create the identity statement within the certificate.

Therefore, unlike other communities, there is a strong underlying rationale for the community. To request a certificate with their name, each user requires to be "Assured" to 50 points, which generally means being identity checked by 2 or more other users. Once a user has been Assured to 100 points, they can become an Assurer, and give others points.

'Free certificates' is a popular mission and useful tool. CAcert regularly runs technical events: booths at conferences, presentations of the concept, etc. At these events, the Assurers sign up new users, and identity check them at the same time. In this way the community grows rapidly. Assurers generally volunteer for these events.

Evolution in Governance

The Old CAcert

The above is current, at the present time, and it is evolving fast due to many pressures. The older structure was simpler, and in many ways more powerful, but had serious internal issues that had stalled the system. This section discusses those.

All of the technical, policy and decision making were up until recently concentrated in the hands of the Founder and then-President of CAcert, Duane Groth. This worked well in the early days, but in 2005 and 2006 the responsibilities of handling decisions, managing an audit and governing the community became too much for one person. Although CAcert had a Board (committee) of experienced professionals, they were not able to break down the barriers and separate out the tasks.

Pressure mounted over 2006 to change. During 2006 and into 2007, most of the board directors resigned, and at some point, the committee entered a "below-minimum" status such that by the rules (and the law) it was unable to hold a meeting and thus unable to make any decision. Further, ex-board directors declined or refused to hand over critical assets such as bank accounts and sevices, citing legal liability or other issues. Founder Duane Groth resigned in March 2007, clearing the way for a new team.

Special General Meeting

With help from the Advisory (formed early 2007), the Office of Fair Trading (the regulator), and one remaining Director, Robert Cruikshank, members of the Association worked to organise a Special General Meeting of the members of the Association. An SGM can be held without the board, and required many detailed steps to be pushed through.

The SGM was held 25th May 2007. At that meeting, a quorum was established, and a new board of (minimum) three members were elected. This board was intended as a temporary committee in order to get the essentials in place. See Appendix A for mandate.

New Board Difficulties

The New Board has a number of challenges to resolve in a short period of time:

To make matters more extreme, the three directors live in different continents and different timezones. Hence, progress has been slow, and CAcert needs new methods to cope with effective power sharing.

Other Initiatives

As well as the above, several other activities are under way.

Proposal

It is therefore proposed to fly all directors to Europe and have them meet physically for a week. Project mission:

To substantially cover the mandate of the SGM.

In order to meet the mandate the board can request key people to present and review progress. A substantial task list is maintained in Appendix A.

The budget laid out in Appendix B predicts that this will require €12.100.

Responsible Party

It is proposed that the Association raise this funding and spend it to the stated purpose. The Board of CAcert is the ultimate responsible party. The President, Greg Rose, would chair the meeting. The Treasurer, Robert Cruickshank, will provide a post-meeting expenditure report. The Secretary, Evaldo Gardenali, will keep minutes of board decisions.

Geographical / Dates

Continent. Europe is chosen because all of the other key personel are concentrated in Europe, and for the price of 3 long-haul flights, we can then add in as many short-haul flights, trains and car trips as is requested by the board.

Country. The country is currently not selected. It is likely to be one of: Germany, Netherlands, United Kingdom. Action point: Advisory

Dates. Currently, we are planning one of:

Action point: Advisory

Shedule

The following preliminary meeting schedule is proposed:

Day Activity Who
-1 Saturday Travel 3BM
0 Sunday Arrive 3BM
1 Monday Board Meeting 3 Board Members
2 Tuesday Presentations by Advisory 3 Board Members + 3 Advisory Members
3 Wednesday Review by Auditor 3 Board Members + Auditor, and 2 other Advisory Members
4 Thursday Systems Administration, Development, Security 3 Board + 2 Technical Team members. Advisory.
5 Friday Business Presentations 3 Board + Business teams: 3 officers. Advisory
6 Saturday Leave 3BM

Notes:


Appendix A. Board Task List

At the SGM, the board was mandated by the members of the Association:

  1. flnancial operations (bank accounts, payment arrangements), bookkeeping and report,
  2. decision taking for member nominations,
  3. sub-committee instalments, e.g. Technical sub-committee, Advisory,
  4. preparation of AGM and all actions needed for this meeting,
  5. safeguarding decisions for continuity of existing association services,
  6. co-opting (no voting rights) of members to the board as prospects for board elections on next AGM.
  7. Necessary arrangements with NSW Offlce of Fair Trade;

Objectives of the meeting:

Detailed task list (as of 29-May):


Appendix B. Estimate / Budget

Item descriptions # Unit Amount   planning notes
Flights Long-Haul From Brazil, USA, Australia 3 2000 6000 self-purchase: Robert, Greg.
Q may fund 1.
Probable up-front funding needed for 1 flight
Short-Haul From DE, NL, AT 6 200 1200

Accomodation
Including
Food
Board, 7 nights 3 21  
Advisory, 4 nights 3 12  
Officers, 2 nights 3 6  
Subtotal, person-nights 39 100 3900

Misc Meeting room 5 100 500 may be optional
Net 5 100 500 may be optional


Total €12.100

Notes.