Category Archives: News

News Relating to CAcert

CAcert in german freeX magazine

Leave a reply


The word of CAcert has been spread again in the Computer News in Germany. This time the main focus was put on the use of client certificates: What is the function and how does it intregrate into the popular open source email client Thunderbird, not forgetting other clients like Evolution, Claws-Mail, and the like. It also gives some background of CAcert and a short introducton on how CAcert works. The article in the freeX magazine 2/2011 is in german language. Hope you enjoy it, though 🙂

Aus dem Artikel:
Bewegt man sich im Internet, stößt man auf immer mehr Seiten, mit denen verschlüsselt kommuniziert wird. Solche Seiten mit der Kennung https verschlüsseln die Pakete per SSL. Damit sichergestellt ist, daß man auch mit der richtigen Domain in Kontakt ist und die Daten nicht
kompromittiert werden, identifiziert sich der Server mit Zertfikaten beim Client. Aber nicht nur bei Seitenaufrufen im Web, sondern auch bei E-Mails bedient man sich heute immer häufiger der verschlüsselten Datenübertragung. Die Grundlage sind auch hier Zertifikate. Sie sind eine Art Beglaubigung und bestehen aus einem öffentlichen Teil, der verteilt werden darf, und einem privaten Teil, der ausschließlich dem Benutzer und seinen Programmen zugänglich sein darf. Aus Sicherheitsgründen empfiehlt es sich sogar, die privaten Zertifikate ausschließlich paßwortgeschützt abzulegen. Die heute gebräuchlichen X.509-Zertifikate sichern die Authentizität, Integrität und Vertraulichkeit und bilden damit die Grundlage interner und externer Kommunikation. Doch in der Praxis scheitert eine unternehmensweite Verbreitung von digitalen Zertifikaten zur Absicherung von Servern und E-Mail-Kommunikation – gerade bei kleinen und mittelständischen Betrieben – aber häufig am begrenzten Budget der IT-Abteilung, denn bei den kommerziellen Zertifizierungsstellen fallen schnell jährliche Bereitstellungskosten von mehreren tausend Euro an, und auch für Privatanwender sind wenige hundert Euro Kosten im Jahr oft nicht tragbar.

Um ohne entsprechende Investitionen eine deutliche Steigerung der Sicherheit der Internetkommunikation zu erreichen, kam im Jahr 2002 der Australier Duane Groth auf die Idee, bei X.509-Zertifikaten die zentralisierte Identitätsprüfung kommerzieller Anbieter durch ein Web of Trust zu ersetzen, wie man es in ähnlicher Form von PGP kennt. Er gründete CAcert als community-basierte, nicht-kommerzielle Certification Authority (CA).

Der Originalartikel als PDF mit Bildern
Der ganze Beitrag im Wiki ohne Bilder

New procedure for Name Change after Marriage w/ Assurance

1 Reply

To all community member and assurer,

The arbitration and support teams developed a new “Name Change after
Marriage w/ Assurance” procedure though an arbitration case a20110330.1.
The procedure is outlined in
http://wiki.cacert.org/Arbitrations/Training/Lesson12 and
http://wiki.cacert.org/Support/Handbook/PrecedentCases/a20110330.1.
This should speed up the process of a name change after marriage.

All you need to do is (for the user who wants to get a name change after
marriage):

1. Find at least 2 Assurer to do an Assurance
2. Send a list of the assurers that can confirm the name change after
marriage to support

That’s it.

Support than will contact the parties to get further information.

Workaround for Russian Translation of the CAcert Website (bug #900)

Leave a reply

Russia Translation of CAcert.org WebsiteWe had received a couple of reports by either irc, emails to support or on mailing lists, that the Russian Translation of our CAcert.org Website has garbled Russian translations. This has been reported as Bug #900.

After several analyzes, tests, discussions, we came to the conclusion, that we need an overall UTF-8 upgrade of the critical system. This has to be started as an individual project. As this project doesn’t effects our great efforts on Audit, the priority is lowered against several other Audit essential projects. So currently, there is no easy and no quick fix possible. So we, or better to say Michael V. A. (one of the bug reporters) worked out an workaround:

the exact steps to reproduce both the problem and the workaround:

1. The Bug
http://CAcert.org [^] / Translations / ???????
( http://www.cacert.org/index.php?id=0&lang=ru_RU )

Now the text is garbled (“Western ISO-8859-1” autodetected).

2. The Workaround
Switching to ISO-8859-5.

In my browser (Firefox 3.6.13) it’s exactly the following:

View / Character Encoding / More Encodings
/ East European / Cyrillic (ISO-8859-5)

Now all Russian text is okay.
The workaround works for me.
Yes, I think this should work for other users, as well.

CAcert at Fosdem 11th, Feb 5th – 6th 2011

Leave a reply

FOSDEM, the Free and Open Source Software Developers' European Meeting

CAcert and sidux e.V. will be present at Fosdem 2011, the Free and Open Source Software Developers’ European Meeting, February Sat 5th and Sun 6th 2011

If you want to help on our booth, register yourself on our events wiki page Fosdem 2011 planning

CU at Fosdem ….

CAcert webserver downtime on Wednesday December 29, 2010

Leave a reply

We have scheduled to perform a system software upgrade of the CAcert webserver on Wednesday December 29 2010, starting at 10:00 CET. The upgrade will last at most until 13:00 CET, but we are aiming to complete well before that time. During the upgrade, the CAcert webserver will be unavailable for all users, and no certificates can be signed or revoked. All other CAcert servers will remain up and running though (including OCSP and CRL services).

Wytze van der Raay
team leader CAcert ciritical system administrators

Licensing our Documentation under CC-by-sa+DRP

Leave a reply

Hi all, and contributors of documentation!

We are now at the point of licensing our documents. As some of you may have noticed, we have now licensed the Policies under Creative Commons – attribution – share alike licence, with our DRP [1]. Or CC-by-sa+DRP for short [2].

The Board is intending to do the same thing with our other documentation: CC-by-sa+DRP.

If you’re fine with this, say YAY TEAM, and read no further 🙂

Some notes on what this means:

  1. In broad terms the chosen licence is like GPL but for documents not source code.
  2. Documents are contributed under CCA 1.3 which includes this broad grant from you to CAcert Inc.:

    1.3 Your Contributions

    You agree to a non-exclusive non-restrictive non-revokable transfer of Licence to CAcert Inc. for your contributions. That is, if you post an idea or comment on a CAcert forum, or email it to other Members, your work can be used freely by the Community for CAcert purposes, including placing under CAcert Inc.’s licences for wider publication.

    You retain authorship rights, and the rights to also transfer non-exclusive rights to other parties. That is, you can still use your ideas and contributions outside the Community.
    ….

  3. At first glance, that clause CCA 1.3 looks quite fierce. There are a couple of reasons for such a complete and blanket transfer.
    1. It has been our experience that people have made contributions, and withheld transfer, preferring instead to control the results by means of copyright rights. This has put the Board, the Policy Group and the critical teams in a difficult position at times. The people making the contributions have often been thinking with all good intentions, but results of those intentions have been at least unpredictable and sometimes very costly.
    2. Secondly, it is possible that people with bad intentions could insert documents of uncertain background, and then stir up trouble later [3]. We do live in a competitive environment, and a competitor could cause this to happen. So the CCA includes a broad grant that addresses that.
    3. Thirdly, it would take an entire team to resolve the copyright mess if we didn’t have a broad grant. We’d have to have people running after every document, every post, every idea. It’s just uneconomic, and most of the contributors would not fill out the forms and return them anyway. We’ve got better things to do without creating work for ourselves following the tired old dreams of some 20th century colonialist music empire for the collection of royalties from poor starving artists.
  4. The grant is broad about what documents belong. Primarily we’d expect that to include the wiki, the SVN, the doco pages on the main website, email / list forums etc. These would all be “forums” under the above text. The point is it’s broad, inclusive. If there is any difficulty about this, then the intention is to use our Arbitration to solve the bits we missed.
  5. The quid pro quo for all of this is that CAcert Inc, now the proud owner of lots of documentation, license it back to the community. That’s today’s job.

So this email is going out to all the team leaders and so forth, from the Board, to ask for your thoughts, comments, desires, responses on the issue. What do you think? More thought required? Or full-steam-ahead? Somewhere in between? [4]

iang, informally for and from Board [5].

[1] There are some technicalities. We are adding to this by resolving all disputes in our own forum. We do this by means of the single licensing line in the document itself which now looks like: CC-by-sa+DRP. The motive for this is that our Arbitration works well across the planet, and is cheaper. It’s the same motivation for Arbitration with anything else, we protect all the members better this way.

[2] Also, we are using the Australian licence, 3.0 version, so the fuller acronym would add -AU-3.0. It is customary to not add those details. The various 3.0 licences are meant to be complementary (documents can work together under different 3.0 licences from different countries.

[3] This has been reported in the IETF groups, mostly with “submarine patents,” as a game between competitors.

[4] If you’ve got this far 🙂 Let me take this moment to conduct a quick survey: who feels more comfortable with the spelling of the word as licence, and who feels more comfortable with license?

For the noun form, the word is /licence/ in Anglo spelling, and /license/ in American spelling. The reason it is confusing is that in Anglo-english, the *verb* form uses S like licensing, licensed not C like licence. The American form then is far simpler, using S all the time, and as expected. The Anglo form is confusing … Note the RDL retained the American form 🙂

Anglo in this context means A/NZ/UK, I’m not sure about countries such as India, Pakistan, Singapore, Honk Kong and other strong users of English. Europe generally adopts British English, but I’d be surprised if they have avoided this confusion! Note that the answer to this question may feed into a wider question…

[5] which means, there is no Board motion as yet. There is board discussion minuted at:
https://wiki.cacert.org/Brain/CAcertInc/Committee/MeetingAgendasAndMinutes/20101003#a2.3

Assurer Training Event Hamburg, Freitag 5.11.2010

Leave a reply

Scroll down for English version

[Deutsch]

Es hat sich viel getan im letzten Jahr. Eine ganze Reihe von bisher eher “mündlich überlieferten” Regeln wurden in Policies gegossen. Neue Prozeduren (z.B. die Assurer Challenge) und Verpflichtungen (z.B. in dem CAcert Community Agreement) wurden beschlossen. Die Assurer Training Events wollen versuchen, die ganzen Informationen unter’s Volk zu bringen:

  • Was hast du auf dem CAP Formular hinzuzufĂĽgen, wenn du Minderjährige ĂĽberprĂĽfst ?
  • Was sind die 2 wesentlichen Punkte der CCA die du einem Assuree vermitteln können sollst ?
  • Unter welchen Umständen können z.Bsp. niederländische Rufnamen akzeptiert werden?

Antworten auf diese und weitere Fragen erhälst du bei den Assurer Training Events (ATEs).

Die kommende Veranstaltung in deiner Nähe findet statt am Freitag, den 5. November 2010 ab 19 Uhr:

Attraktor e.V.
Mexikoring 21
22297 Hamburg

Das Veranstaltungs-Team freut sich schon auf Eure Teilnahme.

Details zum Veranstaltungsort und Anfahrthinweise findet Ihr im Wiki: ATE-Hamburg im Wiki

Unverbindliche Anmeldung und Registrierung:
Ich möchte am ATE in Hamburg teilnehmen.

[English]

Much has happened during the past 3 years. The old way of
orally-transmitted procedures has now gone, and our rules have been cast
into formal policies. New procedures (e.g. the Assurer Challenge) and
obligations (e.g. in the CAcert Community Agreement) have been approved.
The Assurer Training Events bring all this to you, the Community:

  • What you have to add onto the CAP form if you assure U18 people ?
  • What are the 2 essential topics regarding CCA you have to present an Assuree ?
  • When you can accept i.e. a Dutch “roepnaam” ?

Answers to these and many other questions are given at the Assurer
Training Events (ATEs).

The nexte ATE takes place on Friday, November 5th, from 7 p.m., at

Attraktor e.V.
Mexicoring 21
22297 Hamburg

The Event-Team is looking forward to your attendance.

Details on Location and Transportation can befound in the corresponding Wiki page.

Informal registration and questions: I will attend the ATE in Hamburg.

Software-Assessment-Project reached next milestone

Leave a reply

Todays systemlog message marks the quantum leap in our about 10 months project work, to become the Software-Assessment area auditable.

As many Software-Updates are in the queue from the software developers, that needs testing and reviews by Software Assessors, the team started by end of last year with this project,

  • to build up a new ”controlled” testserver with authority by Software-Assessors
  • built up by the critical team as a Disaster Recovery testcase
  • a new central repository for all the upcoming software projects (including the New Software project BirdShack)
  • building a new test team running the software tests
  • and finalyze the process by a review of the patches by 2 Software-Assessors
  • document the patches, the testing, the review and the check by two Software-Assessors
  • to bundle the new Software-revision for transfer to the Critical team

The systemlog message signals, that the first tested and reviewed patches has received by the critical system webdb and is incorporated into production. A new tarball has been generated to build the next basis for applying the next patches.

So here my thanks goes to all the involved teams,

  • Software-Assessment-Project team
  • the new Software Testteam
  • the Critical Sysadmins team
  • and last but not least to the Software-Assessors from the Software-Assessment team

With all these people assistance, this project hadn’t be pushed to this milestone. Thank you Andreas, to build the project plan and the technical background, and also hosting the current testserver, Thank you Wytze for all your work to build the new testserver from scratch as identical as possible to the production server, to Michael, who assist us in deploying the new git repository and also assistance in deploying the Testserver-Mgmt-System, so everybody can start testing w/o the need of console access, Thank you Markus, for all your time and effort to deploy the repository and testserver environment and also your work together with Philipp as Software-Assessor, to finalyze the Software-Update-Cycle. Thank you Dirk for all your suggestions to move on with this project.

Some more work is todo:

  • adding a test-signer, so also cert related patches can be tested in the future (Andreas and Markus are working on this)
  • deploying a C(ontinous)I(ntegration) system for automated testing (Andreas is working on this).

Now the teams have to walk thru the list of open bugs, that needs to be pushed thru … First of all is the “Thawte” bug … to signal all users who’ve got their Thawte points transfered by the old Tverify program if they are effected by the points removal or if they are safe. The CCA-Rollout with a couple of patches, a list of new Policies and Subpolicies related patches (eg. PoJAM, TTP program), a list of Arbitration pushed patches, and so on …

So guys, lets have a party tonight, we’ve wiped out one of the biggest audit blockers!