At the January 29 2009 NLOSUG (Dutch OpenSolaris Usergroup) meeting at Competa IT in Rijswijk (NL), we will be doing CaCert assurances. Enough assurers will be available to get you 70 points. Register at cacert.org, bring 2 pieces of govt. issued photo id and enough (>2) CAP forms. The program can be found on http://sun.in-box.nl/mc/5490/ or http://www.nlosug.org
Monthly Archives: January 2009
CAcert-Parties im Rheinland und Ruhrgebiet
Im Rahmen der Vorträge der beiden Java-User-Groups rheinjug und ruhrjug wird es wieder die Möglichkeit geben, sich assuren zu lassen:
Die Vorträge selbst finden ab ca. 19:00 statt, Assurer werden ab ca. 18:30 vor Ort sein. Während den Vorträgen ist KEINE Assurance möglich, erst wieder ab ca. 21:00.
Rheinjug (15.1.2009), Thema: Was ist OpenESB?, Dozent: Christof Strack
> Institut für Informatik
> Heinrich-Heine-Universität Düsseldorf
> Gebäude 25.22
> Hörsaal 5D (oder 5F, je nach Resonanz)
Ruhrjug (22.1.2009), Thema: Erstellung hoch-performanter Websites, Dozent: Peter Roßbach
> Unperfekthaus
> Friedrich-Ebert-Strasse 19
> 45127 Essen
Bei beiden Gelegenheiten wird auch PGP-Keysigning möglich sein.
CAcert Assurance event in Madrid
Next January 14th Medialab-Prado (Madrid) will host the CAParty CAcert Assurance event. A PGP signing party will happen too.
A full description in Spanish with all the details on how to attend is published on the website.
Join to the Web of Trust!
CAcert Assurance event Fosdem’09, Brussels, Sun 8 Febr 2009
Happy new attack!
A few days ago, a group of scientists and security specialists finally succeeded to create a rogue CA that was able to issue certificates that are accepted by all browsers:
http://www.win.tue.nl/hashclash/rogue-ca/ and http://www.phreedom.org/research/rogue-ca/ The problem underneath are weaknesses that were discovered in the MD5 hash-algorithm.
CAcert has switched from MD5 to SHA-1 for certificate-issueing a few years ago, when the first research results were made public that indicated that such an attack will become feasible. CAcert is currently still using an intermediate CA that was issued with an MD5 based signature 3 years ago. We are currently working to phase out this intermediate CA.
We suggest that all certificates (except for root certificates, which aren’t affected), regardless of which CA has issued them, that were still issued with MD5, be replaced with SHA-1 based certificates within the next 3 months. We also suggest that all company-internal or organisation internal CA’s be checked and switched from MD5 to SHA-1 where necessary. To detect, whether a webserver certificate or any of the intermediate certificates are MD5 based, you can use this Firefox extension: http://codefromthe70s.org/sslblacklist.aspx
Happy new year!