Category Archives: News

News Relating to CAcert

Last chance: End of thawte points transfer on 16th november 2009

(EN)
Please note, that all thawte points tansfers must be started before 16th november 2009. After this date we can´t check your status at thawte.

If you have 0 points at CAcert, you get can up to 150 pts.
Please click here for details: http://wiki.cacert.org/ThawteNotary

Interface for thawte transfer:
https://tverify.cacert.org

If you need help, you can also write to our mailinglists – details:
https://lists.cacert.org/wws/arc/cacert-support (EN)
https://lists.cacert.org/wws/arc/cacert-support (DE)
https://lists.cacert.org/wws/arc/cacert-es (ES)
https://lists.cacert.org/wws/arc/cacert-br (BR)

—-
(DE)
Bitte beachtet, dass ein Transfer der Punkte aus dem Thawte WoT nur noch bis zum 16. November 2009 möglich ist. Wir haben danach keine Möglichkeit mehr, eure Daten zu verifizieren und können daher keine Punkte mehr transferieren.

Wenn ihr aktuell 0 Punkte bei CAcert auf dem Konto habt, so könnt ihr dies über den Transfer auf bis zu 150 Punkte aufstocken.
Für Details einfach hier klicken: http://wiki.cacert.org/ThawteNotary

Das Interface für den Transfer findet ihr unter:
https://tverify.cacert.org

Wenn ihr Hilfe benötigt, so könnt ihr uns auch über die Mailinglisten kontaktieren:
https://lists.cacert.org/wws/arc/cacert-support (Englisch)
https://lists.cacert.org/wws/arc/cacert-de (Deutsch)
https://lists.cacert.org/wws/arc/cacert-es (Spanisch)
https://lists.cacert.org/wws/arc/cacert-br ((brasilianisches) Portugiesisch)

Thawte Web of Trust Shutting Down

Thawte’s Web Of Trust is to be Terminated by 16th November

Therefore the board is planning to run the Tverify program until that time, then terminate it completely (as the information will no longer be available).

Then, members who have come in via Tverify will have a year to get assured by other means. This includes members who have obtained points from Tverify in the past.

Tverify is now operating under the authority of board motion m20090928.1 and under the Assurance Policy. This latter means no issues of points over 50, and the earlier includes some restrictions.

However, note that all Tverify points (including ones previously obtained), will be deleted late 2010, so it is best to get assured by CAcert assurers anyway. If you can reach a few of them it may be easier all round if you do that instead of using the Tverify process.

See http://wiki.cacert.org/ThawteNotary for more details. (Disclaimer: that wiki page is not an official statement of the committee)

For the committee of management (board) of CAcert Incorporated,

Nicholas E. Bebout
President
CAcert Incorporated

CAcert Blog is fully X.509 enabled

The CAcert-Blog is now fully X509 enabled.
From never visited the site before and using a named certificate you can, with one click (log in), register for the site and have author status ready to write your own contribution.

If you only have a WoT unnamed certificate you can write your article and it will be spam controlled by the PR people (aka editors).

If you had a contributor account and haven’t posted anything yet you have been downgraded to a subscriber (no comment or write a post access) with all the other spammers. The good news is once you log in with a certificate you get upgraded to the correct status just as if you’d registered.

There is no password authentication any more. The time taken to make sure both behaved reliably was not possible in the time the admins had available.

Please ignore the big blog upgrade notice – we are using Debian security maintained packages and don’t need a WordPress upgrade.

So get to it – write something interesting.
[Edits thanks to Henrik Heigl]

Signing server outage [solved]

Friday August 14, 2009 19:15 CEST both the webserver and the signing server suffered from a short power glitch. Due to this power glitch both servers performed a spontaneous reboot. After a reboot both servers will wait for manual input, as a critical server engineer has to enter the decryption-password. The webserver can be managed remotely, this server was operational again Friday at 22:15 CEST.
The signing server cannot be managed remotely. In order to restart the signing server a visit has been made to the hosting center this morning. The signing server is operational again since Saturday Aug 15 10:30 CEST.

No other servers were involved. The signing server will be replaced with new hardware (with a dual power supply) within a few weeks, the new server is currently under test.

CAcert at Webmontag Berlin, Montag, 20. Juli 2009

Am Montag, den 20.7.09 findet in Berlin bei newthinking store, Tucholskystr. 48, Berlin-Mitte
der nächste Webmontag statt. Zu diesem Termin wird es für CAcert einen 10 minütigen Vortragsslot geben.
Arbeitstitel: CAcert – Was ist das? Wer steckt dahinter? Wie geht es weiter?
Anschliessend wird es die Möglichkeit für Assurences geben (Für Assurances bitte einen oder mehrere offizielle Lichtbildausweise mitbringen – Personalausweis, Führerschein, Reisepass).
Weitere Details unter Webmontag Berlin 20.7.09

CAcert Assurer Training Event Berlin-Brandenburg am 9. Juli 2009

CAcert Assurer Training Event Berlin-Brandenburg
——————————————————————————–ATE-Berlin

Es hat sich viel getan im letzten Jahr. Eine ganze Reihe von bisher eher “mündlich überlieferten” Regeln wurden in Policies gegossen. Neue Prozeduren (z.B. die Assurer Challenge) und Verpflichtungen (z.B. in dem CAcert Community Agreement) wurden beschlossen. Die Assurer Training Events wollen versuchen, die ganzen Informationen “unter’s Volk” zu bringen:

– Wovor schützt die CCA jedes CAcert-Community-Mitglied und somit auch dich?
– Kannst du die 5 Statements der “Purpose of Assurance” aufzählen?
– Kannst du auf Anhieb 10 Sicherheitsmerkmale des deutschen Personalausweises aufzählen?
Antworten auf diese und weitere Fragen erhälst du bei den Assurer Training Events (ATE’s).

Der Termin für Berlin steht nun fest.

Berlin-Wilmerdorf,
Donnerstag 09. Juli 2009 in der Zeit von 19:00 bis 21:00 Uhr
Restaurant Prometheus
Schlangenbader Strasse
12345 Berlin-Wilmerdorf
Berlin-Brandenburg, Donnerstag 9. Juni

Anmeldungen erfolgen bitte ausschliesslich über folgende Seite:
Anmeldung ATE-Berlin/Brandenburg

Die Teilnahme der Veranstaltungen ist kostenlos, Spenden werden aber gerne gesehen.

Details zum Veranstaltungsort und Anfahrthinweise findet Ihr im Wiki und
bei mixxt.de, siehe die Links oben.

Das Veranstaltungs-Team freut sich schon auf Eure Teilnahme.

Kontakt: events@cacert.org

Ian Grigg resigned as auditor in the “audit for CAcert” project with CAcert

CAcert regrets to announce that Ian Grigg resigned as auditor for CAcert, effective the 12th of June 2009. Ian is ending his activity on behalf of CAcert Inc within the “audit for CAcert,” audit project.

Ian’s work was a primary element in the audit project, which started in the beginning of 2008. The one and a half years project is almost at the point of the second of the three mile stones. Because of the long time it takes for getting policies accepted in the far-flung CAcert Community and CAcert Board, a board run in the spare time of its members, the end date of the project has shifted greatly. The true amount of work was underestimated.
All together, this made funding and periodic payment of expenses quite troublesome.

Ian influenced and achieved quite a lot of the current set of policies, agreements and documentation. CAcert thanks Ian for his contribution. It is most regrettable that Board actions to find solutions to the problems mentioned did not succeed to undo the resignation.

CAcert now has to find another auditor, and we expect that this may take some time. In the meantime, some work still has to be done in order to get CAcert ready for an audit.
This includes: finalizing and accepting the Certificate Policy Statement (CPS); working to make sure that Organisation Assurance can be audited (i.e., write-up of the Organisation Assurer Manual, and …); continuing the audit on the code for security; continuing finding a solution for Third Party assurances; continuing to incorporate new policy functions into the Web software system; testing of the new (Sub)Root Keys; Assurance information and training, etc.

As you can see “some work” is actually quite a lot of work.

Also, Ian has an audit to-do list described in his wiki Audit To Do.

If you have any questions or would like to get involved with the audit project, please contact support at cacert.org. We’d like to hear from you.

Teus Hagen
President of Board
CAcert Inc.

CAcert auf der CBLOS Flensburg 12.-13.6.09

CAcert wird auf der CBLOS mit einem Stand und 2 Vorträgen am Samstag vertreten sein:

10:45 – 11:30 Workshop: CAcert – Was ist das?
Vorstellung CAcert, Einführung in die E-Mail Signatur und Verschlüsselung, Server SSL

Ich möchte am Workshop in Flensburg teilnehmen!

14:00 – 16:00 Assurer Training Event – Flensburg
Für alle anwesenden Assurer und Assurer aus der Umgebung die Möglichkeit einer Fortbildung

Ich möchte am ATE-Flensburg teilnehmen!


CAcert will be at CBLOS with a booth and 2 presentations on Saturday:

10:45 – 11:30 Workshop: CAcert – What is this?
CAcert Introduction, Introduction to Email signing and encryption, Server SSL

I will attend to the Workshop!

14:00 – 16:00 Assurer Training Event – Flensburg
For all attended Assurers and Assurers from that area the possibility for an advanced training

I will attend to the ATE-Flensburg!


Infos: CrossBorder Linux Open Source (CBLOS) CBLOS
CAcert at CBLOS CAcert WikiFlensburger Hafen