Do you know of an event coming up where assurers will be present? If so please let us know so we can add entries to this blog, currently all known events have been added to the database and on the right hand side of the site there is an events calendar which can be used to find events in the future that you can attend and be assured at.

There is also an ics/vCalendar file of the events (dynamically generated) you can download and load into your favourite program: http://blog.cacert.org/calendar.ics

It’s preferable if you are going to be at an event to list a contact address as many people haven’t managed to make contact with assurers in the past, which can be quite frustrating to say the least.

Currently as many of you know there is some issues with our current system, and one big way to over come the entire problem is to have as many people with 50 or more points in the system, to us it would be beneficial to have everyone with 100 or more, but for the most part 50 would satisfy most of the current issues people have with including our root cert.

Step one is to raise awareness of the situation, and this will be executed via a mass mail of all unassured people in the CAcert database, the notification will be along the lines that we have been given indications that we could be better included in Ubuntu, and perhaps many other linux distributions if we stop issuing unassured server certificates. If everyone is serious about us being included in browsers and given the opportunity to be assured (via a distributed world tour?) no one should have a problem with this in theory (and everything works in theory).

Step two will be to actually get people out and about, and assuring people en mass. While CAcert doesn’t have unlimited amounts of funding, CAcert is a cash positive, self sustaining entity which gains funds from donations, memberships and google ads displayed on the website. Utilising these funds or gaining further donations to tip the balance of assurers in areas should be something considered a high priority.

Step three of course is phasing out the ability for people with less then 50 points from being issued a server certificate from our main root certificate, if at all. This was one of the original goals, while we don’t yet have any sort of critical mass, this has brought the issue to the forefront and will only serve to increase the overall security of the system, not to mention that this will also gain us a lot more credibility and will be one less barrier to inclusion.

I’m sure there is other things we will need to do, and as always feedback is appreciated.

I’ve spoken to some very influencal people of late, one of whom happened to be Mark Shuttleworth today at the Ubuntu down under conference. He had one particular concern about control of domain certificates, and that he didn’t feel comfortable including our current root certificate at present until we either stopped issuing them under our present root (ie setup another root certificate for assured certificates, or start issuing unassured certificates from a new root), or alternatively we can just not issue them to unassured people.

Also worth mentioning that at one point webtrust certification was mentioned but he wasn’t really that concerned about it, he was more worried about the security (or insecurity) of control of domain type certificates.

This isn’t the first time that it’s been suggested that we alter how many root certs we operate and under what conditions people are allowed to issue from which certificate, at this point in time it’s a difficult decision to make and we’re looking to the community for feedback on the issue (as this will effect a lot of people no matter what happens) and what the best course of action to take is.

Comments on this are important!

* one possible solution might be to issue a new root cert signed by the current root cert (since this issue only effects server certificates) that way it should work with least amount of impact to most/all people.