Category Archives: News

News Relating to CAcert

CAcert Inc. has a new Public Officer

Hand over in front of the government house in Sydney, New South Wales.

Since 2011, Kevin Dawson held as public officer liaison to the New South Wales government offices. At his own request he would like to step a little shorter. The committee of CAcert Inc. regrets this decision and thanks Kevin for his tireless efforts in the background and wishes him all the best for the future.

These days, the office was handed over to Alexander Samad, who has been a member of the committee since March 2017. Alexander fulfills all legal obligations for this office.

Deutsch: CAcert Inc. hat neuen Public Officer

Rund sechs Jahre war Kevin Dawson als Public Officer der Verbindungsmann von CAcert Inc. zu den Neusüdwalisischen Regierungsstellen. Auf seinen eigenen Wunsch möcht er nun etwas kürzer treten. Der Vorstand von CAcert Inc. bedauert den Entscheid und dankt Kevin für seinen unermüdlichen Einsatz im Hintergrund und wünscht ihm für die weitere Zukunft alles Gute.

Dieser Tage erfolgte die Amtsübergabe an Alexander Samad, der seit dem 31. März 2017 dem Vorstand angehört. Alexander erfüllt alle gesetzlich vorgeschriebenen Pflichten für dieses Amt.

Français: Un nouveau Officer Public pour CAcert Inc.

Depuis 2011, Kevin Dawson était l’officier public pour la liaison avec les organismes gouvernementaux de la Nouvelle-Galles du Sud. À sa propre demande, il avait maintenant pris sa retraite. Le comité de CAcert Inc. regrette cela et aimerait remercier Kevin pour ses efforts inlassables en arrière-plan et lui souhaite le meilleur pour l’avenir.

Cette journée a été la remise officielle à Alexandre Samad, qui appartient au comité depuis le mars 2017. Alexandre répond à toutes les exigences légales pour ce poste.

CAcert’s Committee complete again

At the annual general meeting held in december 2016, the three seats reserved for Australians, were provisionally suspended. In the meantime, the committee of CAcert Inc. has filled its vacancies at its meeting on March, 31st 2017. Elected were Alexander Samad from New South Wales, Peter Nunn from Victoria and Ross Krumbholz from Queensland.

Deutsch: Der Vorstand von CAcert Inc. ist wieder vollständig.

Bei den Erneuerungswahlen im Dezember 2016 blieben die drei nach gesetzlichen Vorgaben für Australier reservierten Sitze im Vorstand provisorisch frei. In der Zwischenzeit hat der Vorstand von CAcert Inc. an seiner Sitzung vom 31. März 2017 die Vakanzen gefüllt. Gewählt wurden Alexander Samad aus Neusüdwales, Peter Nunn aus Victoria und Ross Krumbholz aus Queensland.

Français: Le comité est de nouveau complet

Lors des élections de renouvellement en décembre 2016, les trois sièges du comité réservés à des Australiens conformément aux dispositions légales sont restés provisoirement indemnes. Entre temps, le comité de CAcert Inc. a élu lors de sa réunion du 31 mars 2017 Alexandre Samad de Nouvelle-Galles du Sud, Pierre Nunn de Victoria et Ross Krumbholz de Queensland.

CAcert 2017

February brought the start of the exhibition season for CAcert with our presence at FOSDEM – one of the biggest Europe-wide developer conferences in Brussels, Belgium. Of course we performed our well-known assurances, which is very popular at such events, with which CAcert safeguards its certificates by checking users’ ID documents. This allows us to offer a safe and trustworthy certificate authority to our users. Of particular note was that interested people were seeking more detailed information about security – questions such as what it actually means, and why are we not yet in the trust stores of many of the web browsers. It’s true that Let’s encrypt is trusted by the popular browsers, but if you take a close look at the certificate of a site protected with a Let’s encrypt certificate, you will find out that it does not contain any information about the owner. This means it is impossible to verify the identity of the site and therefore it is basically uncertain to which site the browser is actually connected to. CAcert allows the site owner to publish identification information in the certificate after the assurance – for private users as well as for companies. This way, CAcert offers a clear mutual trust, which makes it worth importing the CAcert-Root-certificate from www.cacert.org.

But there’s more: CAcert offers client certificates as well and signs GPG/PGP keys. Anyone who always wanted to sign his emails and encrypt them if needed, can do this easily with CAcert. Most email clients supports S/MIME certificates or PGP. By this means the authenticity of the sender is verified, and the receipient can verify the name of the certificate owner. Also attachments like PDF can be signed this way and protect the document against later changes.

CAcert is supported by an Australian non-profit association, the operation of the server is safeguarded by the German incorporated society secure-u. This structure has advantages, but the Australian society is possible only as long as CAcert has at least three Australian residents as members of the board. In 2017 we want to bring the association behind the web of trust to Europe. This limits the resources of many of the active members, because the handover must be done under appropriate rules. Anyone who wants to support CAcert can find more details at recent blog post “Prosit 2017” or can send an e-mail to support@cacert.org

For a secure 2017!
Your CAcert

Two members of CAcert Inc. honored for loyal services

In a few hours, the year 2016 will be over. So, the secretary of the new elected committee of CAcert Inc., the infrastructure partner of the CAcert comunity, had just enough time, to show his gratitude to two members of the association who were active in the association for exactly five years. That is the reasons, why he handed over them a (virtual) golden watch as sign of thank you.

Kevin Dawson from New South Wales, the home of CAcert, became Public Officer in 2011 and remained in this function until 2016. As public officer, he dealed with the New South Welsh government and was contact person for the Office of Fair Trade and CAcert’s bank. Furthermore, Kevin Dawson, had a seat in the committee from 2011 to 2013 and in the transition committee in summer 2016. We sincerely thank Kevin for his excellent work, which he has done silently at the other end of the world, but always exactly and well, and regret that he is now concentrating on new things.

The second gold watch for five year loyal services to CAcert Inc. was handed over to Dirk Astrath from Germany, the country with the most community-members. He startet – at the same time as Kevin as Public Officer – as assessor in the committee. Later he hold the functions of secretary, vice president and president with exception of winter 2015/2016. If everything goes well with the “move” of CAcert Inc. Dirk will have been the last president of the Australian association.

Statement of direction given by SGM

Dear members,

there were some mails which were referencing the direction of the new board. This is interesting as the new board so far did not give any statement. Also no new board member either at the SGM nor later did such a statement. Even while it is assumed by many, that I am close to the new board or some of its members, I do not have a clear view what the new board will do.

Abstimmung

CC BY NC SA HDZimmermann

However, there WAS a direction given last Saturday. It was given by the statement of direction given by SGMof CAcert Inc with the voice of the SGM. The new board is bound to respect this statement.

The statement of the SGM is:
“The membership is disheartened by the recently elected committee and its persistent disrespect for properly established arbitration, policies and  procedures. It is resolved, that the committee as constituted no longer enjoys the confidence of the members, and each committee member is removed from their position. We stopped short to resolve, that CAcert Inc has been placed into an unacceptable breach of our CAcert Community Agreement, is no longer acting in the interests of the community, and is therefore no longer a suitable vehicle for the community’s property and role as executive.

And instead resolve,
* that CAcert Inc’s actions were the sole responsibility of the committee members.
* that CAcert Inc with a duly formed committee that respects and abides by the rulings of arbitration enjoys our confidence in the future,
* and that the liabilities of CAcert Inc during the period of troubles should remain strictly limited under our DRP as if arbitration was not suspended.

The new committee is to create a detailed and fully transparent, uncensored report of the old committee’s activities since the AGM to which all members of the community may contribute. This report is to be presented to a general meeting for ratification.”

As the one who was selected to do the minutes, I so far can verify the counting of the votes for any part of this statement. I give a CARS that the votes counted by the vote-bot match those of 3 logs of the irc-channel and the proxy-votes were done according to a list created by the former secretary. With the exception of the “we stopped short”-motion, all these parts were given with a clear or even overwhelming majority:

“disheartend sentence”: 28 : 8 : 3
“board removed”: 22 : 14 : 4
“unacceptable breach”: 15 : 16 : 9
“responsibility of old board”: 29 : 11 : 0
“report”: 38 : 0 : 3
[aye : naye : abstain]

41 members-votes were present during those decisions.

Kind regards,
Eva Stöwe, CARS

New board elected

Abstimmung

CC BY NC SA HDZimmermann

On April, 9th, 2016, the members of CAcert Inc held an SGM, in which a new board has been elected. The membership felt disheartened by the formerly elected committee and its persistent disrespect for properly established arbitration policies and procedures. This was carried by a motion which shows the importance of being a member of the association.

The full agenda points of the SGM can be found on https://wiki.cacert.org/SGM/20160409?action=recall&rev=13. You may note some placeholders in other topics as later revisions which corrected these items included further agenda items which could not be moved on for the reason of notification of the members in time.

After counting proxies for the votes, the european board members of the prior board resigned. 5 new members were then accepted, including one who got expelled by the old board end of February 2016 because he stood up for an independent arbitration which he wrote in the members mailing list. The old committee was removed and a new committee was elected. The new board members are: Ben Ball (AU), Piers Lauders (AU), Kevin Dawson (AU), Ian Grigg, Gero Treuner, Dirk Astrath, and Mathias Subik. The new committee was also instructed to create a report of the activities of the former board since the AGM. All members of the community may contribute.

On 2016-04-16 at 12:00 UTC (noon) the first meeting of the new commitee will take place in the IRC channel #board-meeting on the CAcert IRC network. Everybody is welcome to participate, please find the agenda on https://wiki.cacert.org/Brain/CAcertInc/Committee/MeetingAgendasAndMinutes/2016-04-16.

Successful Root-Re-Sign

On March 12th 2016 CAcert performed the Root Re-Signing at our data center in Ede, NL. After the initial attempt[1] had to be postponed on short notice.

The process followed the procedures that are available in the Wiki[2]/SVN[3] along with the tooling[4] used.

The re-signing was conducted by two CAcert critical administrators, a secure-u access engineer, and supervised by CAcert’s internal auditor.
Its execution has been announced on the cacert-systemlog mailing list[5]. The execution report by the critical team has been published there too[6]. The report of the auditor is published in our Wiki[7].

We want to send special thanks to all who helped in preparing and testing the procedures and tools for the process and thus made this smooth execution possible.

CAcert Inc. board tried to have the part for creation of the needed software to be held in public but was overruled by some of the involved teams.

As the re-signed root certificates are available to CAcert the next steps are to publish them to the public. This will need some time as the software team needs to prepare the code changes[8][9][10] and have them reviewed. Once this is done the publishing of the re-signed root certificates will be announced on the blog and all community members will get informed via e-mail.

[1] https://blog.cacert.org/2015/12/re-signing-root-certificate/
[2] https://wiki.cacert.org/Roots/Class1ResignProcedure
[3] https://svn.cacert.org/CAcert/SystemAdministration/signer/re-sign-2016/implementation.txt
[4] https://github.com/CAcertOrg/cacert-procedures/tree/root-resign-sha256/rootResignSHA256
[5] https://lists.cacert.org/wws/arc/cacert-systemlog/2016-03/msg00001.html
[6] https://lists.cacert.org/wws/arc/cacert-systemlog/2016-03/msg00002.html
[7] https://wiki.cacert.org/Audit/Results/session2016.1
[8] https://bugs.cacert.org/view.php?id=1305
[9] https://bugs.cacert.org/view.php?id=1254
[10] https://bugs.cacert.org/view.php?id=1194

Safer Internet Day 2016

On 2016-02-09 is this year’s Safer Internet Day[1] asking its participants to “Play your part for a better internet!”

The Safer Internet Day was first celebrated in 1999 to strengthen the awareness for security within and on the internet.

CAcert’s share in this effort is providing everybody the means to protect their communication by sending encrypted emails or using free client certificates for authentication.

So take a moment and think about taking part in one of the several events and help to promote email encryption with CAcert S/MIME certificates.

And stay safe on the internet!

[1] https://www.saferinternetday.org/

Re-Signing Root Certificate

On Friday, 29th January 2016, the long-planned re-signing of CAcert’s root certificate will finally take place.

This action has been overdue for quite some time now as several browser and OS vendors have dropped support for MD5-signed certificates or otherwise made such certificates unusable.

The re-signing process [1] has been tested successfully at last FrOSCon in August 2015 [2].

Attendance of the re-signing ceremony will be open to the public and will take place near CAcert’s data center in Ede, NL. As soon as more details become available we’ll provide a wiki page with the exact schedule and location.

UPDATE: Unfortunately the Re-Signing event had to be postponed due to shortage of manpower in the different teams involved in the process. The currently a new date is being searched. As soon as the new date is available it will be announced here.

[1] https://wiki.cacert.org/Roots/Class1ResignProcedure
[2] https://wiki.cacert.org/Audit/Results/session2015.4

Get Audit ready

The new elected CAcert Inc board want to share their mission statement for the current fiscal year.

We want to help CAcert to become the world’s most trusted service provider able to help people around the world

  • to secure their privacy
  • to secure their identity

in the area of digital electronic communications. We all want to lead an operating Certificate Authority providing highly secure certificates for free to the public in which everybody can trust. The next central milestone for the development of our CA is to pass an audit with flying colors.

We will subordinate all of our activities to reach this goal within the next years.

The first serious challenge to take will be the resign of our root certificate within the next 3 months (hopefully on the eve of FOSDEM 2016).

We want to continue with the tasks to prepare the New Root Escrow within the next year.
To secure the existence of CAcert for a long time we want to prepare the move to a hosting country in Europe within the next year.

Today we ask you to have confidence in our plans and personal integrity and hope that all of you will support us in fulfilling these tasks.

Please allow to remember to McDonald’s main maxim:

„All of us is more than one of us“

The new board is composed of
Reinhard Mutz, President CAcert Inc.
Jürgen Bruckner, Vice President CAcert Inc.
Marcus Mängel, Secretary
Stefan Thode, Treasurer
Felix Dörre, Board member
Peter Yuill, Board member