CAcert.org is scheduling ATE’s in the United States this summer.
Category Archives: Information
Software-Testers Reward Challenge
Dear CAcert Supporters,
To become Audit Ready, CAcert is heavyly depended on a working Software-Assessment team.
The Software-Assessment team is depended on an active Software-Testteam.
Continue reading
12 May 2011, NLUUG Spring Conference – Open is efficient, Ede – Netherlands
On the 12 May 2011 the NLUUG (Netherlands Unix Users Group) will hold its semiannual conference in De Reehorst, Ede.
The topic is “Open is Efficient”.
CAcert will have a booth there.
Are you interested and willing to help out at the booth please contact me and/or sign up on the CAcert wiki – http://wiki.cacert.org/events/vj2011
Remember Assurers must have passed the Assurer Challenge!
Be sure to enlist as assurer on the event page.
For more information on the conference:
http://www.nluug.nl/activiteiten/events/vj11/index.html
Easter Egg Challenge 2011
We’ve just started our this years Easter Egg Challenge … We’ve put a couple of patches on to our testserver CACERT1 for you, our fellow and our new Software testers. We’ve put light to heavy patches to the package so everybody is able to walk thru the testserver web pages and search our Easter Egg’s.
Continue reading
Assurers: New Default Hyphen Rule
A new default rule has been added to Practice On Names – Hyphen Rule.
For the purposes of checking the Name against PoN, a hyphen in given names is to be treated as optional.
Continue reading
New procedure for Name Change after Marriage w/ Assurance
To all community member and assurer,
The arbitration and support teams developed a new “Name Change after
Marriage w/ Assurance” procedure though an arbitration case a20110330.1.
The procedure is outlined in
http://wiki.cacert.org/Arbitrations/Training/Lesson12 and
http://wiki.cacert.org/Support/Handbook/PrecedentCases/a20110330.1.
This should speed up the process of a name change after marriage.
All you need to do is (for the user who wants to get a name change after
marriage):
1. Find at least 2 Assurer to do an Assurance
2. Send a list of the assurers that can confirm the name change after
marriage to support
That’s it.
Support than will contact the parties to get further information.
Google on improving certificate security
Benl writes: Improving SSL certificate security
Friday, April 1, 2011 9:05 AM Posted by Ben Laurie, Google Security Team
In the wake of the recent [incident], there has been a great deal of speculation about how to improve the public key infrastructure, on which the security of the Internet rests. Unfortunately, this isn’t a problem that will be fixed overnight. Luckily, however, [engineers] have long known about these issues and have been devising solutions for some time.
Given the current interest it seems like a good time to talk about two projects in which Google is engaged.
The first is the Google Certificate Catalog. Google’s web crawlers scan the web on a regular basis in order to provide our search and other services. In the process, we also keep a record of all the SSL certificates we see. The Google Certificate Catalog is a database of all of those certificates, published in DNS. So, for example, if you wanted to see what we think of https://www.google.com/’s certificate, you could do this:
[tech details snipped]
The second initiative to discuss is the DANE Working Group at the IETF. DANE stands for DNS-based Authentication of Named Entities. In short, the idea is to allow domain operators to publish information about SSL certificates used on their hosts. It should be possible, using DANE DNS records, to specify particular certificates which are valid, or CAs that are allowed to sign certificates for those hosts. So, once more, if a certificate is seen that isn’t consistent with the DANE records, it should be treated with suspicion. Related to the DANE effort is the individually contributed CAA record, which predates the DANE WG and provides similar functionality.
[caveats snipped]
Improving the public key infrastructure of the web is a big task and one that’s going to require the cooperation of many parties to be widely effective. We hope these projects will help point us in the right direction.
CATS login bug fixed (bug#889)
If you tried to log in to CATS recently with a newly created certificate you probably failed. Especially when using a Class 3 certificate. Now I hope this bug is finally fixed.
Like usual for such bugs it was quite a trivial thing, for details compare CAcert/Education/CATS/login.php in svn with its previous version.
For analysis: certificates affected contained a serial number wich started with a non-digit character after stripping learing zeros. So Class 3 certificates with serial number bigger than 09:ff (issued since about half a year ago) and Class 1 certificates with serial greater than 09:ff:ff (issued since recently) have been affected.
I’m still waiting for the first explicit confirmation of someone now able to log in, but the analysis nicely fits the symtoms and the problem could be reproduced on the test system, so I hope we finally got it.
One more milestone reached within Software-Assessment Project
Within the last 2 days, the testserver got the running signer integration into the testserver environment. This was one of the milestones in getting a testing environment as identical as possible to the production system.
Continue reading
CAcert assurances at Linux Infotag Augsburg
This year too, there will be enough 35-point assurers at the booth of the LUG Ottobrunn at Linux Infotag in Augsburg (26th march) to get fully assured (100 points). Check for the CAcert badges & logo !
Auch dieses Jahr werden ausreichend 35-Punkte Assurer am Stand der LUG Ottobrunn beim Linux Infotag in Augsburg (26. März) anwesend sein, um voll assured zu werden (100 Punkte). Folgt dem CAcert Logo !