[TriLUG] CACert

[Neil L. Little]

You forgot to state the most important part of the whole thing. The "Web 
of Trust".

Cory Doctorow in his book "Little Brother" went into detail about the 
concept of the Web of Trust. Though it looked like the big hole in the 
Web of Trust is that the evil Department of Homeland Security can 
infiltrate your key ring and "poison" it.

73,
Neil, WA4AZL
JARS Forever!!
www.jars.net

Brian McCullough wrote:
> On Mon, Dec 01, 2008 at 11:12:16PM -0500, Kristopher Kane wrote:
>   
>> I am interested in this topic but know little about it.  What exactly will
>> be certified and does being a member mean you have your own certificate,
>> vouched for by CACert?
>>     
>
> You're right, Cristobal, we need to do this again.
>
>
> Kristopher,
>
> CACert is a Certificate Authority, just ( sort of ) like Thawte,
> Verisign and RSA ( or at least parts of their businesses ).
>
> The difference ( or at least one important difference ) is that CACert
> is operated along the principles of Open Source, and is a non-profit
> organization.
>
> By becoming a member of the CACert Community, you may participate in the
> organization with all of the appropriate rights and responsibilities.
> One of those rights is the ability to have issued X.509 Certificates,
> which you can then install into Thunderbird or Firefox to sign and
> encrypt e-mail or identify yourself to web sites.
>
> The Assurer process requires that two or three different people examine
> your identification information, applying certain criteria, and awarding
> you points which, once you have accumulated the required number, allows
> you to have a certificate that contains your own name, rather than, for
> instance, Thawte's "Free E-Mail Certificate", which has that as the
> owner's name, as well.
>
> If you want to continue and acquire more points, and after passing an
> on-line examination, you can become an Assurer, yourself, and similarly
> Assure other people that you meet.  This Web Of Trust, like Thawte's and
> PGP's, allow for the "organic" growth of the network.
>
> Over the past three years or so, CACert has grown from the "one man
> show" that it began as, to a formal, professionally-run organization
> that it needs to be to operate in this world.  Unlike some Open Source
> operations, organizations, or projects, CACert needs to fulfil certain
> formal requirements to be allowed to "play" in the big leagues.  An
> early goal was to be included in the approved Root CA list found in
> Firefox and other Mozilla products.  To do so, CACert had to pass an
> audit, as required by Mozilla.  Other browser manufacturers had similar
> requirements.  Unlike many Open Source projects, where you just throw
> the code out and hope somebody likes it enough to join you, this
> required a more professional approach, which the CACert Boards found to
> their dismay.
>
>
> The very long history of this struggle can be found in the link from Ian
> Grigg, who was assigned the job of Auditor.  However, finally, things
> are progressing well, and success in the Audit process seems possible.
> The servers that support CACert have found a secure, professional home
> in the Netherlands, and there is a new Board and policies in place.  For
> those who have an interest in the processes of documentation and
> regulation ( some of our people in The Park -- particularly in
> FDA-regulated industries -- may be familiar with these processes ),
> there is a mailing list where all discussions regarding the new policies
> and procedures take place.  The new re-organization allows all members
> to participate in the policy-creation process.
>
>
> Anyway, I have rambled on long enough for this message.
>
>
> Feel free to look around the CACert web site, and, if you like, you can
> take the first step by joining.
>
>
> Brian
>
>
>
>
>   
>> -kkane
>> -- 
>> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
>> TriLUG FAQ  : http://www.trilug.org/wiki/Frequently_Asked_Questions
>>