Currently as many of you know there is some issues with our current system, and one big way to over come the entire problem is to have as many people with 50 or more points in the system, to us it would be beneficial to have everyone with 100 or more, but for the most part 50 would satisfy most of the current issues people have with including our root cert.
Step one is to raise awareness of the situation, and this will be executed via a mass mail of all unassured people in the CAcert database, the notification will be along the lines that we have been given indications that we could be better included in Ubuntu, and perhaps many other linux distributions if we stop issuing unassured server certificates. If everyone is serious about us being included in browsers and given the opportunity to be assured (via a distributed world tour?) no one should have a problem with this in theory (and everything works in theory).
Step two will be to actually get people out and about, and assuring people en mass. While CAcert doesn’t have unlimited amounts of funding, CAcert is a cash positive, self sustaining entity which gains funds from donations, memberships and google ads displayed on the website. Utilising these funds or gaining further donations to tip the balance of assurers in areas should be something considered a high priority.
Step three of course is phasing out the ability for people with less then 50 points from being issued a server certificate from our main root certificate, if at all. This was one of the original goals, while we don’t yet have any sort of critical mass, this has brought the issue to the forefront and will only serve to increase the overall security of the system, not to mention that this will also gain us a lot more credibility and will be one less barrier to inclusion.
I’m sure there is other things we will need to do, and as always feedback is appreciated.
To advance “step two”, I would suggest to speed up the TTP process. If there was trusted “in country” contacts to screen TTP paperwork the whole process could be improved. At present, it appears to me that the current centralized could be a bottleneck (I am awaiting for my TTP paperwork to be processed). These contact could also be used to vet the Organizational trust process.
I do not see any new way to increase “Face to Face” contacts other than increasing the number of faces and scatter their locations (100+ assures in SF Bay area USA are not very helpful to us here in Texas USA).
Not to mention the rash of identity thieft especially in the US where identity thieft is so bad that alot of the documents made can’t be detected unless its submitted to the FBI and/or the US Treasury.
In country TTP is a great idea! Someone in country is much more likely to catch a fake:
– More familiar with the documents
– Can easily pick-up the phone & call the TTP
– Familiar with domestic regulations
I like it!