The CAcert association (CAcert Inc.) will have its Annual Meeting on Saturday 17th of November. More details: http://wiki.cacert.org/wiki/NextAnnualGeneralMeeting . You need to be a full association member in order to be able to vote.

What is on the Agenda?: board elections (five Committee members), CAcert Community Agreement (new!), CAcert Root cert usage License and Disclaimer (new!), Policy document organisation (new!), Arbitration (new!), Open Governance, membership register update.

Note also the minutes of meeting from so called CAcert TOP meeting in September 2007: http://wiki.cacert.org/wiki/TopMinutes-20070917 and current activities: security and quality enhancements to CAcert servers and services, quality improvements for CAcert assurances, Organisation Assurance initiates, CAcert community and organisations (officers and distributed responsibilites), privacy directives and openess actions (open sourcing, open governance), etc.

See the discussions on the policy and membership email lists.

teus

CAcert have seen enormous changes within the structure of CAcert during the last 3 or 4 month. This changes reflect a new, professional approach of CAcert which will allow us to grow way beyond the level we have been so far. Therefore Advisory proposed to the board to have a multiday meeting to adress all those issues. The new structure of CAcert consisting of Board, Advisory, Officers and Community needs to learn a better communication and a better cross area working. The Board has many issues on its route, like approving the backlog of important suggestions and preparing AGM, just to name a view. Advisory has to drive many issues as well, especially getting audit on track, creating policies, dealing with Super Assurers, Organisational Assurance, etc. The officers need to define their teams, their tasks, communication lines, reporting, etc.

So this meeting will be in Pirmasens, Southwest Germany in a nice meeting location in the week of 17th to 21th September 2007. More on this as soon as we know.

At the 25th of May 2007 Special General Meeting (SGM) the CAcert Inc. members (re)elected Robert Cruikshank, Evaldo Gardenali and Greg Rose on the CAcert Inc. Committee (board). The resignations of the old board were accepted by the members.

All the (seven) nominated new members (nominated from January up to June 2007) were accepted and are welcomed as new members.

Membership expressed many thanks to the efforts made by resigned board members for CAcert Inc., especially gratitude is expressed to Duane Groth. We hope that they will continue their support as CAcert Inc. members.

For convenience, a second official CAcert community channel was created on freenode. If you are a freenode regular user, come by #CAcert .

We are also distributing CAcert/Assurer/nickname and CAcert/User/nickname cloaks for people with properly registered nicks on freenode. Ask Evaldo Gardenali (UdontKnow) there for more information.

chat.freenode.net #CAcert – irc://chat.freenode.net/CAcert/

The CAcert Privacy Policy was updated. Joined newly to the Policy are the privacy of the issued certificate and the data accessible to Assurers is defined more exactly now.

The whole Privacy Policy could be found under: https://www.cacert.org/index.php?id=10 or as usual at the bottom of each webpage of cacert.org.

A new vulnerability associated with RSA cryptography has been found, which works by spying the CPU internals with a spy program running on the same computer as the crypto application. Dedicated systems (like CAcert´s certificate generation) are not affected, only multi-tasking and multi-user systems are affected.

http://it.slashdot.org/article.pl?sid=06/11/18/2030247

A New Vulnerability In RSA Cryptography

   Posted by kdawson on Saturday November 18, @04:45PM
   from the predictions-of-trouble dept.

   romiz writes, “Branch Prediction Analysis is a recent attack vector
   against RSA public-key cryptography on personal computers that relies
   on timing measurements to get information on the bits in the private
   key. However, the method is not very practical because it requires
   many attempts to obtain meaningful information, and the current
   OpenSSL implementation now includes protections against those attacks.
   However, German cryptographer Jean-Pierre Seifert has announced [1]a
   new method called Simple Branch Prediction Analysis that is at the
   same time much more efficient that the previous ones, only needs a
   single attempt, successfully bypasses the OpenSSL protections, and
   should prove harder to avoid without a very large execution penalty.”
   From the article: “The successful extraction of almost all secret key
   bits by our SBPA attack against an openSSL RSA implementation proves
   that the often recommended blinding or so called randomization
   techniques to protect RSA against side-channel attacks are, in the
   context of SBPA attacks, totally useless.” [2]Le Monde interviewed
   Seifert (in French, but Babelfish works well) and claims that the
   details of the SBPA attack are being withheld; however, a PDF of the
   paper is linked from the [3]ePrint abstract.

  1. http://eprint.iacr.org/2006/351
  2.
http://www.lemonde.fr/web/article/0,1-0@2-651865,36-835944@51-835781,0.html
  3. http://eprint.iacr.org/2006/351

We would like to announce the availability of free PDF signature applications:
PortableSigner from http://portablesigner.sourceforge.net is a nice application with a GUI.
CAcert PDF Signer is an older, commandline only application.
Both applications are running on Java, and use the iText library, and should work on Linux, MacOSX and Windows.
http://wiki.cacert.org/wiki/PdfSigning