[TriLUG] CACert

[Brian McCullough]

On Mon, Dec 01, 2008 at 11:12:16PM -0500, Kristopher Kane wrote:
> I am interested in this topic but know little about it.  What exactly will
> be certified and does being a member mean you have your own certificate,
> vouched for by CACert?

You're right, Cristobal, we need to do this again.


Kristopher,

CACert is a Certificate Authority, just ( sort of ) like Thawte,
Verisign and RSA ( or at least parts of their businesses ).

The difference ( or at least one important difference ) is that CACert
is operated along the principles of Open Source, and is a non-profit
organization.

By becoming a member of the CACert Community, you may participate in the
organization with all of the appropriate rights and responsibilities.
One of those rights is the ability to have issued X.509 Certificates,
which you can then install into Thunderbird or Firefox to sign and
encrypt e-mail or identify yourself to web sites.

The Assurer process requires that two or three different people examine
your identification information, applying certain criteria, and awarding
you points which, once you have accumulated the required number, allows
you to have a certificate that contains your own name, rather than, for
instance, Thawte's "Free E-Mail Certificate", which has that as the
owner's name, as well.

If you want to continue and acquire more points, and after passing an
on-line examination, you can become an Assurer, yourself, and similarly
Assure other people that you meet.  This Web Of Trust, like Thawte's and
PGP's, allow for the "organic" growth of the network.

Over the past three years or so, CACert has grown from the "one man
show" that it began as, to a formal, professionally-run organization
that it needs to be to operate in this world.  Unlike some Open Source
operations, organizations, or projects, CACert needs to fulfil certain
formal requirements to be allowed to "play" in the big leagues.  An
early goal was to be included in the approved Root CA list found in
Firefox and other Mozilla products.  To do so, CACert had to pass an
audit, as required by Mozilla.  Other browser manufacturers had similar
requirements.  Unlike many Open Source projects, where you just throw
the code out and hope somebody likes it enough to join you, this
required a more professional approach, which the CACert Boards found to
their dismay.


The very long history of this struggle can be found in the link from Ian
Grigg, who was assigned the job of Auditor.  However, finally, things
are progressing well, and success in the Audit process seems possible.
The servers that support CACert have found a secure, professional home
in the Netherlands, and there is a new Board and policies in place.  For
those who have an interest in the processes of documentation and
regulation ( some of our people in The Park -- particularly in
FDA-regulated industries -- may be familiar with these processes ),
there is a mailing list where all discussions regarding the new policies
and procedures take place.  The new re-organization allows all members
to participate in the policy-creation process.


Anyway, I have rambled on long enough for this message.


Feel free to look around the CACert web site, and, if you like, you can
take the first step by joining.


Brian




> 
> -kkane
> -- 
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG FAQ  : http://www.trilug.org/wiki/Frequently_Asked_Questions