Category Archives: Information

General news/information to the CAcert community or about security in general

Community Update July 2010

July 2010 was full of activities. Two Board members resigned. New procedures for Assurers were updated. And the Software-Assessment Project reaches one milestone.
Continue reading →

root certificates under free license, RDL

Leave a reply

The CACert policy group proudly announces the new Root Distribution License (RDL)[1], which grants the distribution of CACerts root certificates by non related parties. RDL is a free/libre compatible license to allow unrelated vendors and/or distributors to distribute CACert’s root certificates to their users.

CACert confesses itself to interoperability with free and open projects. The CACert website is soon to be updated to reflect the new RDL.
A distributable source package can be found here [2]

[1] http://www.cacert.org/policy/RootDistributionLicense.php
[2] http://sspreitzer.fedorapeople.org/ca-cacert/

~sspreitzer

One Milestone in Software-Assessment-Project reached

Leave a reply

Within the last week we’ve reached one milestone in our new Software-Assessment-Project.
The team is working since November 2009 on a new Software Repository and a new Testserver.
The Testserver needed a Testserver Mgmt System to set the environment for testing new Software and Patches for the Webdb system.
Continue reading →

New Password Recovery w/ Assurance Procedure

Leave a reply

To All Assurers,

A new Password Recovery w/ Assurance procedure has been established thru Arbitration case a20100407.1.
The procedure is outlined under https://wiki.cacert.org/Support/PasswordRecoverywithAssurance
Continue reading →

scheduled systems downtime – 15th June

Leave a reply

Wytze reports on a planned outage for CAcert main systems, as the systems are moved from one rack to another:

“The move has been scheduled for Tuesday June 15, starting at 10:00 CEST, and hopefully ending before 18:00 CEST.

During a significant part of that period, all systems will be down. We will take care of providing a backup during the outage for ocsp.cacert.org (to avoid inconveniencing browser users which have OCSP enabled for CAcert, as they should!), and a placeholder for www.cacert.org which report the downtime and the reason for it.”

Community 2010 March Update

1 Reply

2010-03-30 New Roots task force offers SHA2 based roots/end user certificates for testing
2010-03-30 Software-Assessment Project telco 2010-03-30
- GIT as the future Software Assessment repository passed test successful
- Testserver needs Testserver Management System, action plans triggered to start a deployment
2010-03-27 Walter Güldenberg appointed as Events Team Leader
2010-03-26 Sysadmin team works out way forward for SNI, client certificate authentication and SSL renegotiation changes in browsers
2010-03-26 Security Policy – Board vetos Security Policy Draft regarding point 9.1.4.2. Coverage – Board sighting conflicts with CAcert incorporated rules
2010-03-25 Ongoing update of CAcert Officers list
2010-03-24 First ATE in 2010 season: ATE-Sydney with 6 co-Audited Assurances and addtl. 14 interested Attendees
- Discussions through email and irc about how to seed CAcert deserts. Plans for contacting Usergroups (existing IT related social networks)
- mostly, area has many old SuperAssurers that will have faded away
2010-03-21 Board Meeting 2010-03-21 “Determine Root escrow and recovery mechanism” review ends with no consensus
2010-03-18 Rasika Dayarathna, our Privacy Officer, resigned due to lack of time. Looking forward to rejoining us later.
2010-03-14 Boards Projects Overview Page started deployment
- with this page, Board and also Community can get a better overview over the running and upcoming projects regarding Audit
- currently active areas/projects:
  - 1.1 Software Assessment
  - 2.1 New Root
  - 7.1 Policy Group
  - 8.1 Assurance (co-Audit)
  - 9.2 ATE’s (planning)
2010-03-13 Board Members allowed to serve on arbitration team again
2010-03-06 Daniel Black gets appointed as Infrastructure Team Leader
2010-03-06 Efficiency gain – Policy Officer empowered to perform minor adjustments to policy
2010-03-06 CeBIT 2010 Big Assurance Event successful passed after 5 days with a team of about 8 to 12 and more Assurers. CAcert was one of the 15 projects on the booth at the Open Source Project Lounge sponsored by Linux New Media.
2010-03-03 Co-Audited Assurances Program finalized and starts at CeBIT 2010

Contributions to this Community Update by: Ian, Daniel, Uli

What’s this ATE thing then???

5 Replies

You have probably seen messages flying around about the ATEs, or Assurer Training Events, and you’re probably wondering whether it applies to you. The answer is:

YES, most definately, if you are an Assurer.

This is your event, to update and to participate. More than that, it feeds into audit. This connection may be a little non-obvious, so this post is about explaining it to those wavering on their path to an ATE near them as to why you should help.

Recall that CAcert has today 3460 (and growing) Assurers around the world, and that they provide the critical information feeding into the certificates for the entire community.

That line — from Community Member to verification of information to the certificate — is of key interest to the Auditor. The certificate part is well-understood but what is less well understood is the verification part. How does the Auditor verify the actions of 3460 people spread across dozens of countries? Are they doing the job? Looking after Members? Mostly harmless or causing risks to rise?

Assurers mostly harmless? Verifying the Assurers across the planet is a challenge we must conquer, because our audit criteria says “A.2.y The CP details how the CA verifies that [Assurers] operate in accord with the CA’s policies.” Indeed, the auditor for a big famous-name CA simply declined to audit their web of trust, and the CA found it in its heart to drop the entire thing.

But it can be done. As auditor, I visited around 8 countries in 2009 for a tiny budget of €1500 and verified personally around 80 Assurers. The German community did a similar thing across Germany, and together these results gave us a good showing. It was still marginal; we need better and broader coverage. We need scaleability and we needed process, but we had our start.

From the 2009 experiment, the Assurance Team has designed a comprehensive programme to meet the audit criteria A.2.y, and the ATE is the leading part of that. At the Assurer Training Event, you the Assurer are brought up to date with changes (dramatic), informed on essential checks (of course) and then we individually record that process (carefully and slowly). All this is then collated and prepared for an end-of-season report.

The 2010 season is now underway. If you want to help CAcert’s audit process and improve on the results below, you should look out for an ATE near you. Who wouldn’t want to be involved??? Better yet, ask at events@c.o for how to run one.

ATE-Sydney

Leave a reply

ATE-Sydney is programmed! Masa has made available a lecture theatre at Sydney University’s IT school for an ATE on evening of 24th March, 6:00pm. More details on the wiki.

I will attend ATE-Sydney!

The ATE or Assurer Training Event is exceptionally recommended for all Assurers, and include parts which contribute directly to our audit. Come and find out how you can also contribute. Please RSVP as above.

Other events in NSW coming soon, or mail me with suggestions.

Two Weeks to go! CAcert at OpenExpo 2010 Bern – Switzerland – March 24.-25. 2010

Leave a reply

OpenExpo, the Swiss leading conference and trade show for Free and Open Source Software, will take place for the 8th time Wednesday and Thursday, March 24. and 25. 2010 at the BEA expo in Bern. CAcert is proud to be present among many other Open Source Projects as part of the Open Source Community.

In the conference program at KMU day, there will be the presentation – SSL-Zertifikate in der betriebsinternen Kommunikation der ETH Zürich (in German language) – about the application of CAcert certificates. As the first university in Switzerland, ETH is deploying CAcert certificates.

Additional Swiss CAcert assurers or CAcert assurers from any country with successfully passed assurer test and willing to help, register in the CAcert.org Wiki. The entrance and the conferences are free of charge, simply order and print your free ticket.

———————————————————————————————————————————————————————————————————————————————–

OpenExpo, die Schweizer Messe und Tagung für Freie und Open Source Software findet zum achten Mal statt, am Mittwoch und Donnerstag, 24. und 25.März 2010 in der BEA expo in Bern. CAcert.org ist stolz darauf, mit vielen anderen Open Source Projekten an diesem Anlass teilnehmen zu dürfen und Teil der Open Source Community zu sein.

Im Konferenzprogramm wird am KMU-Tag der Einsatz von SSL-Zertifikate in der betriebsinternen Kommunikation der ETH Zürich anhand von CAcert Zertifikaten präsentiert. Die ETH setzt als erste Universität in der Schweiz CAcert Zertifikate ein.

Zusätzliche Schweizer CAcert.org Assurer oder CAcert.org Assurer aus irgend einem Land mit erfolgreich absolviertem Assurer Test, welche mithelfen wollen, tragen sich bitte im CAcert.org Wiki ein. Der Messeeintritt und das Konferenzprogramm sind für jederman kostenlos, einfach Gratis-Tickets bestellen und ausdrucken.

ate-OZ

Leave a reply

I’m in the vicinity of Canberra – Sydney for next 2 months, and looking to do ATEs. If you have some sort of venue or facility, and there are Assurers in your area, let me know.

Additions: Sydney is rolling…

iang @ the normal address, for the Assurance Team.