ATE Nykobing, Denmark on September 20th 2015

[Danish and German version below]
On Sunday 20th September there will be “A day of Internet Security and CAcert ATE” hosted by ShowIT Media [1].

Agenda

10:00 Welcome
10:15 A Security status on the Internet by Bitdefender
11:00 A Quick Introduction to CAcert
11:20 Time out for lunch
12:15 CAcert Assurance Training Event (ATE)
17:00 Thank you for coming / Safe journey home.

All speeches will be held in English. There will be the possiblity to gether at least 100 Assurance Points.

Place:
ShowIT Media
Slotsbryggen 14 A-D
4800 Nykobing F
Denmark

More information can be found [2], to register: I will attend the ATE Nykobing

[1] https://www.showitmedia.eu/uk_cert.html
[2] https://wiki.cacert.org/Events/2015-09-20-ATE-DK-Nykobing

[Danish version]

Søndag den 20. September afholdes ”En dag med Internet sikkerhed og CAcert ATE” hos ShowIT Media [1].

Program:

10:00 Velkomst
10:15 ”En status på sikkerheden på internettet” af Bitdefender
11:00 En kort præsentation af CAcert
11:20 Frokostpause
12:15 CAcert Assurance Training Event (ATE)
17:00 Tak for I dag / Kom godt hjem

Alle indlæg holdes på Engelsk. Det vil være muligt at samle mindst 100 Assurance point.

Du kan finde mere information på [2] og registrere dig her: Jeg deltager i ATE i Nykøbing

[German version]

Am Sonntag den 20. September veranstaltet die ShowIT Media “Einen Tag der Internetsicherheit und ein CAcert ATE/”A day of Internet Security and CAcert ATE” [1].

Agenda

10:00 Grußwort
10:15 Ein Sicherheitsstatusbericht für das Internet durch Bitdefender
11:00 Eine kurze Dartstellung von CAcert
11:20 Mittagspause
12:15 CAcert Assurance Training Event (ATE)
17:00 Ende der Veranstaltung

Alle Vorträge werden in Englisch gehalten. Es wird die Möglichkeit bestehen mindestens 100 Assurancepunkte zu sammeln.

Weitere Informationen zum Event unter [2], zum Anmelden: Ich nehme ATE in Nykobing teil.

FrOSCon 10 in St. Augustin 22./23. August 2015

For the English version see below.

CAcert wird dieses Jahr zum zehnten Mal mit einem Stand auf der FrOSCon
vertreten sein. Damit gehört CAcert zu den Projekten, die bei allen zehn
Auflagen der FrOSCon dabei waren.

CAcert wird neben dem Stand, an dem wie üblich assured und über CAcert
informiert wird, auch mit einem Projektraum vertreten sein. In diesem
Projektraum wird an aktuellen Softwareentwicklungen bei CAcert gearbeitet,
z.B. Test der Erstellung neuer Roots, Gigi/Cassiopeia dem Redesign der Software.

Wir hoffen, dass wir viele von Euch auf der FrOSCon treffen werden.

Wann?
– Samstag + Sonntag, 22. + 23. August 2015
– Einlass Samstag ab 08:30h und Sonntag ab 09:00h

Ort:
– in der Hochschule Bonn-Rhein-Sieg
– Grantham-Allee 20
– 53757 Sankt Augustin

Tickets
– Der Eintritt ist in diesem Jahr frei!

Mehr Informationen unter wiki.cacert.org/Events/FrOSCon2015

English

CAcert will be present with a booth at the FrOSCon 2015 for the tenth time. Thus CAcert is one of the projects that attended all previous installments.

Apart from the booth CAcert will be present with a project room. In the project room the team will work on the current coding projects like the test of the new root creation and the redesign of the software dubbed Gigi/Cassiopeia.

We hope to meet you at FrOSCon.

When?
– Sat / Sun 22nd/23rd August 2015
– Open Sat from 8:30 and Sun from 09:00

Location:
– Hochschule Bonn-Rhein-Sieg
– Grantham-Allee 20
– 53757 Sankt Augustin

Tickets
– This year the admission is free

For more information see wiki.cacert.org/Events/FrOSCon2015

CAcert fingerprints via DNSSEC

Recently we got several questions about automated installers for our certificates. While the new ca-cacert package in Debian Testing is a nice way for a verified installation it isn’t perfect. One issue is the initial download of the certificates when the source package is built by the maintainer; the second issue is that not everybody is using Debian.

As for a long time there was no way to automate the check of the trust anchor with tools you already have we used cryptography to make it work: DNSSEC. While you can’t directly download the certificates directly from DNS – the information would be to huge and hardly manageable – you still get enough information to bootstrap the verification from DNS. All you need is a way to query and validate TXT RRs from DNS, a way to download files via HTTP and a way to calculate some hashes.

The information about the fingerprints is stored in the DNS zone _fp.cacert.org – the underscore indicates non-host information. For each generation of root certificates a new sub-directory will be created. The current one is “g1″. To list all available certificates of a specific generation you can query the label _certs for that sub-directory given a DNS query for _certs.g1._fp.cacert.org yielding the two names “root class3″ as the certificates. Each of those references in turn provides both an URL (“_url”) and a set of fingerprints (_md5, _sha1, _sha256) needed for the verified download of that certificate. To download the current (g1) root certificate you’d thus look for the download URL at _url.root.g1._fp.cacert.org and verify the SHA2-256 fingerprint given at _sha256.root.g1._fp.cacert.org. Fingerprints are always uppercase and without any delimiters.

For further technical details have a look into the Wiki [1]

[1] https://wiki.cacert.org/HowToDocuments/FingerprintsViaDNSSEC

Availability of CAcert Root Certificates on Linux Distributions

After the inclusion of CAcert in Debian has been a quite complicated story for the past few years we are glad to announce that there’s a new package in the Debian Sid (unstable) branch: ca-cacert. This package has been created and will be maintained by Dmitry Smirnov. This package became necessary after Debian decided to remove CAcert from its main certificate store provided by the package ca-certificates in early 2014 [1].

Our goal is to promote awareness and education on computer security through the use of encryption, specifically by providing cryptographic certificates. These certificates can be used to digitally sign and encrypt email, authenticate and authorize users connecting to websites and secure data transmission over the internet. Any application that supports the Transport Layer Security (TLS) or the somewhat older Secure Socket Layer Protocol (SSL) can make use of certificates signed by CAcert, as can any application that uses X.509 certificates, e.g. for encryption or code signing and document signatures.

The re-inclusion – even if just as a supplementary package – allows users of Debian and its many derivatives to securely access and install our certificates. Using this path for installation of our root certificates a major attack vector during installation has been mitigated by providing an additional, verified means to get an authenticated copy of our root certificates. Another possibility to verify our certificates after download has been prepared recently and will be documented soon.

CAcert is still pursuing to become audited and thus available in the default browser and OS trust stores.

We thank all people who were involved in creating and providing this package and hope for a constructive future development. Furthermore we like to thank the maintainers of the openSUSE package who made sure our root certificates have been available for the past years [2]. Also we want to thank all other package maintainers for other OS helping to provide a safe anchor for our certificates[3].

Currently our Wiki editors are working on HowTo documents [4, 5].

[1] https://packages.qa.debian.org/c/ca-cacert.html
[2] https://software.opensuse.org/package/ca-certificates-cacert
[3] https://wiki.cacert.org/InclusionStatus
[4] https://wiki.cacert.org/HowToDocuments/
[5] https://wiki.cacert.org/HowToDocuments/DE

CAcert does NOT allow video assurances

Recently support received a question if video assurance can be used to replace a face-to-face meeting in an assurance. The short answer is that currently the rules of CAcert do NOT allow video assurances. [1, 2]

One aspect of the face-to-face meeting why you need to meet the assuree in person is such that you can check security features of the presented documents. This check can not be done with video communication like e.g. FaceTime, Google+ Hangout, Jitsi, Skype [3] as verifying documents includes getting a feel for the presented documents as well as checking security features, that are not or not easily transferable with video conferencing.

In case CAcert sees any signs of assurance entries that hint to having been conducted as video assurances these cases will be reviewed (by arbitration) AND removed from the system if they are found to be invalid.

[1] http://wiki.cacert.org/AssuranceHandbook2#Preparing_yourself_for_an_assurance
[2] http://wiki.cacert.org/AssuranceHandbook2#The_meeting
[3] http://en.wikipedia.org/wiki/Videoconferencing

Assurer Training Event in Dresden 2015-05-12

Am Dienstag, 12. Mai 2015 findet in den Räumen der Chaos Computer Club Dresden das nächste ATE in Deutschland statt.

  • Was hast du auf dem CAP Formular hinzuzufügen, wenn du Minderjährige überprüfst ?
  • Warum solltest du dir die 3 Buchstaben: R/L/O einprägen ?
  • Wie verhälst du dich, wenn du ein fremdes Ausweis-Dokument zum ersten mal prüfst ?

Antworten auf diese und andere Fragen erhaltet ihr auf dem Assurer Training Event.
Bringt geeignete Lichtbildausweise für Assurances mit.

ATE-Bremen findet statt:

Chaos Computer Club Dresden im robotron-Bürokomplex
Starts: 2015-05-12 18:00
Duration: 3 hours:
Lingnerallee 3
Dresden, Sachsen
01069
DE

Registrierung: Ich moechte am ATE-Dresden teilnehmen

Vielleicht treffen wir uns ja da.

Mit bestem Gruß vom Events Team!

Weitere Infos:
ATE Dresden im CAcert Wiki

CAcert bei den Linuxwochen Wien 2015 (7.-9. Mai)

CAcert wird dieses Jahr auf den Linuxwochen mit einem Stand vertreten sein.

Dort können Fragen rund um CAcert und zur Nutzung von Zertifikaten gestellt sowie Assurancen durchgeführt werden.

Am 7. bis 9. Mai wird CAcert in der Fachhochschule FH Technikum Wien, Hochstädtplatz 6, 1200 Wien Brigittenau zu finden sein.

http://www.linuxwochen.at/Wien/

CAcert bei der VHS Amberg-Sulzberg am 8. Mai 2015

CAcert wird sich anlässlich der Eröffnung des Stützpunkts für Verbraucherbildung
an der VHS Amberg-Sulzbach am 8. Mai 2015 präsentieren.
Dazu wird Daniel Salcher einen Kurzvortrag zu CAcert halten.
Des Weiteren wird es eine Stand zur Information und zum Assuren geben.

Freitag, 8. Mai 2015, ab 14:30 Uhr
in der Volkshochschule Amberg-Sulzbach (LCC),
Obere Gartenstraße 3, Sulzbach-Rosenberg

Assurer Training Event in Bremen 2015-05-05

Logo of Embassy of Nerdistan in BremenAm Dienstag, 5. Mai 2015 findet in den Räumen der Embassy of Nerdistan in Bremen das nächste ATE in Deutschland statt.

  • Was hast du auf dem CAP Formular hinzuzufügen, wenn du Minderjährige überprüfst ?
  • Warum solltest du dir die 3 Buchstaben: R/L/O einprägen ?
  • Wie verhälst du dich, wenn du ein fremdes Ausweis-Dokument zum ersten mal prüfst ?

Antworten auf diese und andere Fragen erhaltet ihr auf dem Assurer Training Event.
Bringt geeignete Lichtbildausweise für Assurances mit.

ATE-Bremen findet statt:

Embassy of Nerdistan in den Räumen des AUCOOP Bremen e.V. (2. OG)
Starts: 2015-05-05 19:00
Duration: 3 hours:
Weberstr. 18
Bremen, Bremen
28203
DE

Registrierung: Ich moechte am ATE-Bremen teilnehmen

Vielleicht treffen wir uns ja da.

Mit bestem Gruß vom Events Team!

Weitere Infos:
ATE Bremen im CAcert Wiki

Certification de clés PGP et CAcert à Paris 1er, le 20 avril 2015

Date: lundi, le 20 avril 2015, à 19:00 heures

Lieu: Hôtel Novotel Les Halles, 8, place Marguerite de Navarre, 75001 Paris

  • Métro :
    Ligne Station
    1 Châtelet, sortie n°6
    11 Châtelet, sortie n°6
    14 Châtelet, sortie n°6
    4 Châtelet, sortie n°6
    A Châtelet-les-Halles
    B Châtelet-les-Halles
    D Châtelet-les-Halles
  • Bus :
    Ligne Station
    38 CHÂTELET
    27 PONT NEUF-LOUVRE

 

Carte: http://www.openstreetmap.org/way/53672217#map=18/48.86091/2.34613

Nous vous proposons le 20 avril comme date de rencontre pour valider vos identités CAcert.

3 accréditeurs pouvant donner 105 points présent. Si vous pouvez aussi donner des points, manifestez vous.

Pour plus de détails, voir https://wiki.cacert.org/Events/Paris_2015