Hot on the heals of last weeks package loss in transit by Citibank, comes the announcement that 40 MILLION credit card numbers have been leaked by a cracker getting into CardSystems Solutions, a third party processing company of credit cards.

So I must ask once more, why do supposedly open source browser vendors keep spreading FUD that we are such a risk, when clearly 6 weeks running the US banking industry has gotten black eye after black eye with horrifically escalating breaches of private and financial information.

I’ll propose my question again, how can any CA breach be even on par with a major browser security breach. Bugs are patched and people are encouraged to upgrade, and life goes on every day, why are SSL certificates treated in such religious and completely incorrect notions of the real world we live in. Fair enough things may have started out much differently but that isn’t the reality we live in today or for the next 5 years to come.

The short version is SSL started out as a solution looking for a problem, and along came a few commercial CAs thinking they could rake in millions if not billions by doing annual ID checks, in the end they had to settle for protecting link layer security and selling snake oil about what was really being protected, after all the latest example proves time and time again the biggest risk and problem is protecting end points, and NOT the link layer.

So please tell me again why are we such a threat!?

We are desperately seeking multilingual people for a number of reasons, firstly the site is mostly complete in 5 languages other then english and we’d really like to see the website completed in more languages since language is a real barrier for many parts of the world and breaking down this barrier is one of our key goals.

The other reason we are after people is to verify translations, some spelling mistakes and mistranslations on legal documents could be a very big problem in future so it’s important we have as many capable eyes verifying as much documentation as possible. With the verification step we possibly only need people giving feed back in their own language to those helping to translate the website/documents.

One of the big changes of late is being able to produce the CAP and TTP PDFs on the fly via php code, this means our existing translation infrastructure can be used to also translate and keep these documents all in sync, rather then requiring translators to produce and handle PDF files if any changes are made.

The translations of the TTP PDF is especially important to get right since it will be dealing with people most likely unfamiliar with CAcert and our practises and in the past people have been rejected because the documents weren’t translated into their countries official language or because the wording made some people uneasy about signing them.

For more information or if you can help out with any of these things PLEASE by all means don’t be shy and join the translation mailing list and let everyone know what you’re willing and able to help out with.

Some time ago people work trying to work out how to generate dynamic PDFs on the spot to make assurances go a little smoother since a number of the fields could automatically be filled in, and you just setup at a conference or an assurance meeting and print out forms as needed which is a good idea. However at the time the only PDFlib usable in PHP needed a commercial license and CAcert lacked the funding at the time to pursue it further.

Of late I found myself needing to generate dynamic forms for a customer’s billing solution, I ended up using FPDF which is free for both commerical and non-commercial purposes. This then lead me to recall about people making requests for this feature with CAcert and I’ve spent a bit of time today making it a reality as this will be beneficial for a number of reasons.

This now lends itself to be translated in the same manner as the website, so the procedures to track and update phrases in other languages can now be applied to both the CAP and TTP forms. Already a number of people have translated these PDFs into other languages, and further progress is being made as I type this.

So this means that we don’t need to keep a bunch of PDF forms on hand in numerous languages, and updating forms in future is now a very easy task, as changing the layout or information on one form effectively changes them all so reduces work loads all round.

You can view the new forms by going here and here.