Beginning of February the exhibition season started for CAcert with attending the FOSDEM – one of the biggest Europe-wide developer conferences in Brussels, Belgium. Of course we have performed our well-known assurances, which is very appreciated in such events with which CAcert safeguards its certificates by checking ID documents. Doing so we can offer a safe and trustworthy CA to our users. Exciting was that interested people ask more detailed about security like what it actually means, and why are we not yet in the trust stores of many of the web browsers. It’s true: Let’s encrypt is trusted by the popular browsers, but if you take a close look at the certificate of a site protected with a Let’s encrypt certificate, you will find out that it does not contain any information about the owner. This means one cannot verify the identity of the site thus it is basically uncertain to which site the browser is actually connected to. CAcert stands out to offer the site owner to publish his indentification information in the certificate – for private users as well as for companies. This way, CAcert offers a clear mutual trust, which makes it worth importing the CAcert-Root-certificate from www.cacert.org.
But there’s more: CAcert offers client certificates as well and signs GPG/PGP keys. Anyone who always wanted to sign his emails and encrypt them if needed, can do this easily with CAcert. Most email clients supports S/MIME certificates or PGP. By this means the authenticity of the sender is verified, and the receipient can verify the name of the certificate owner. Also attachments like PDF can be signed this way and protect the document against later changes.
CAcert is supported by an australian non-profit association, the operation of the server is safeguarded by the german incorporated society secure-u. This structure has advantages, but an australian society is possible only as long as you have at least three members in the board. In 2017 we want to care for relief and to bring the association behind the web of trust to Europe. This limits the resources of many of the active members, because the handover must be done under appropriate rules. Who wants to support CAcert finds more details on recent blog post “Prosit 2017” or just please just drop a line to firstname.lastname@example.org.
For a secure 2017!