Category Archives: Information

General news/information to the CAcert community or about security in general

Audit Report 20080111

Leave a reply

One of the things that happened last year was to negotiate an audit funding deal with NLnet. (This has now agreed and first tranche of funds has been delivered to CAcert.) One of the requirements imposed on CAcert was to deliver reports to the Community and to NLnet at each event like milestones, and at approximately 2 month intervals.

With that in mind, I wrote a 2008 New Year’s report as a sort of checkpoint. For some reason it wasn’t published then, but is now on the wiki. Highlights are these:

  1. Many policies are now in POLICY or DRAFT. Some important work-in-progress projects are started, especially the Assurance Policy. This project needs help!
  2. The work on Risks/Liabilities/Obligations finally settled on a CAcert Community Agreement.
  3. NLnet funds CAcert for audit, described here.
  4. Non-critical systems were moved last year to Netherlands BIT center, but critical systems are still in their halfway house. CAcert needs more sysadms.
  5. Audit Criteria are going on-line.
  6. Best is last: CATS went on line: Have you done the Assurer Challenge yet?

The full report is found on the wiki area. Bear in mind that this report is late, and another is already due. I’ll start on that now!

CAcert Community Agreement is defined now!

Leave a reply

As you may know, CAcert started a big effort in 2007 to address who we are as members of a CA service provision, the Community and the increase of the recognition of CAcert as a professional CA.
CAcert belongs now to the top ten CA’s in the world! This all was inspired and demanded by the need to have CAcert Root Key included in the browsers. For this CAcert started the Audit process, which focused on the questions of Risks, Liabilities, and Obligations amongst us all.

CAcert has now conquered that monumental task. Core of that task was defining who we are as a community, and writing a CAcert Community Agreement that we can all agree to, which brings us together as that community, and which protects you, using the CAcert issued certificates, legally, financially and freely.

Here you can read the details of the CAcert Community Agreement .

Introductory notes on the agreement are on the wiki. This introduction attempts to explain some of the parts, which need maybe some more explanation, eg on free certificates, privacy concernings, certificate care and usage risks, and the CAcert Community.

The Agreement is now approved: by the Board, by the Policy Group, and by the Association, and it is now ready for you!

CAcert software developers will modify the website and the Assurance team will modify the Assurance processes to ask people to agree to it.This will take some time.
In the end we will need agreement from everyone inside the CAcert Community, because it protects each and every one of you, and all of us together, as a community.

CAcert Management Sub-Committee

CATS up and running

Leave a reply

To meet the increased demands on quality assurance due to the CAcert Systems Audit, which is needed to be included in Mozilla’s browsers, CAcert has decided to initiate a Challenge for all for Assurers.
To be an Assurer, you will need to reach 100 assurance points, and you will have to pass the Assurer Challenge. The assurer challenge and training system called CATS is so now avaliable. Under http://wiki.cacert.org/wiki/AssurerChallenge you can find the infos how to join and participate.

further Informations:

Linuxdays.lu 2008

Leave a reply

Well, the aim of the Linuxdays in Luxemburg is to promote and support the Open Source & Free Software movement. The basic idea of Open Source & Free Software is that developers around the world distribute, modify and test their software via the Internet, resulting in products often exceeding the quality of commercial software. The power and cumulated knowledge of the Open Source & Free Software Community ensures that new features are implemented very quickly and that bugs are fixed the moment they are discovered.

CAcert Assurances will be possible there.

More Infos for Assurers and people who wants to get assured: http://wiki.cacert.org/wiki/LinuxDaysLU2008

Greg Rose resigns from CAcert Inc. board for job related reasons.

Leave a reply

CAcert announces the resignation of Greg Rose from the Board of CAcert Inc., as of 1st March 2008.

On resigning for job-related reasons, Greg said “It’s been interesting to say the least, and I feel happy to have made new friends and renewed old ones. Thanks for the opportunity and the honor to have worked with you all.“.

When the existing board resigned in March 2007, Greg stepped in to help, having been a long serving Assurer.
Greg Rose served as President during the critical period of 2007 and helped to build a new board, management team, steered the new board through this difficult phase to recover control of assets, and chairing a week-long meeting in Germany with our key people present.

This crucial period saw the approval of the new CAcert Community Agreement for all members of the Community and many other innovations thanks to an excellent cooperation from within the CAcert Community and Association Members:
the Assurer Challenge, in-house dispute resolution, Organisation Assurance, the re-invigoration of the business side of the CAcert, initiation of a funded audit project and formal procedures for creating and approving policies (eg.  Assurance policy and reformed point system, code signing, open sourcing of software, openness of the organisation, etc.).

Teus Hagen takes up the position of President, assisted by Evaldo Gardenali, Robert Cruikshank and Guillaume Romagny.

Chemnitzer Linuxtage 2008

Leave a reply

CAcert ist auch dieses Jahr wieder mit einem Stand auf den Chemnitzer Linuxtagen vom 1.-3.März 2008 vertreten.

Interressierte Besucher haben am Stand u.a. die Möglichkeit sich umfassend zum Thema CAcert, digitale Zertifikate, E-Mail Signaturen, SSL und S/Mime Zertifikate, etc. zu informieren und darüberhinaus kann man sich von Assurern die Identität für das CAcert Vertrauensnetzwerk verifizieren (assuren) lassen.
Weitere Informationen sind
unter http://wiki.cacert.org/wiki/ChemnitzerLinuxTage2008 zu finden.
Hier können und sollten sich auch Interressierte Assurer
eintragen, die am Stand helfen möchten.

CAcert Verein secure-u in Deutschland

Leave a reply

Es ist soweit. Der Verein secure-u mit dem Zweck “der Förderung der Sicherheit im Internet und die Unterstützung von Anwendern bei der Anwendung sicherer Kommunikation” wurde gegründet. Dieser Vereinszweck soll insbesondere durch die Förderung des Projektes CAcert erreicht werden.

Nach Eintragung des Vereins in das Vereinsregister und Genehmigung des Gemeinnützigkeitsstatus wird es dann auch in Deutschland möglich sein Spenden an das Projekt CAcert gegen steuerlich absetzbare Spendenquittung zu tätigen.

Der Verein soll durch die erwirtschafteten Einnahmen / Spenden u.a. auch lokale CAcert Tätigkeiten (z.B. Messeauftritte) unterstützen. Nach dem holländischen Verein “Oophaga” ist mit dem deutschen Verein “secure-u” somit der zweite Landesverein am Start, und das Ziel das Projekt CAcert auf möglichst viele voneinander unabhängige Schultern zu verteilen rückt ein wenig näher.

Neben der finanziellen Unterstützung des Projektes CAcert soll der Verein aber auch Kern der deutschen / deutschsprachigen Community sein und als direktes Bindeglied dieser Community zu CAcert dienen. Weitere Informationen zum Verein: http://www.secure-u.de (momentan gibt es noch nicht viel zu sehen, Inhalte wie Satzung, Gründungsmitglieder, Infos zur Mitgliedschaft, etc. folgt in den nächsten Tagen …).