OpenExpo, the Swiss conference and trade show for Free and Open Source Software, takes place for the 6th time Wednesday and Thursday April 1 and 2 (No April Fool’s Joke!), 2009 at the BEA expo Hallen in Bern. Read more… http://www.openexpo.ch/openexpo-2009-bern/

Additional Swiss assurers or assurers from any country with successfully passed assurer test and willing to help, register in the CAcert.org Wiki: http://wiki.cacert.org/wiki/OpenExpo2009-CH-Bern

———————————————————————————————————————————————–

OpenExpo, die Schweizer Messe und Tagung für Freie und Open Source Software findet in sechster Austragung am Mittwoch und Donnerstag, 1./2. April 2009 (Kein Aprilscherz!)in den BEA expo Hallen in Bern statt. Mehr unter… http://www.openexpo.ch/openexpo-2009-bern/

Zusätzliche Schweizer Assurer oder Assurer aus irgend einem Land mit erfolgreich absolviertem Assurer Test, welche mithelfen wollen, tragen sich bitte im CAcert.org Wiki ein: http://wiki.cacert.org/wiki/OpenExpo2009-CH-Bern

at the upcoming events wikipage there are some new events. Any volunteer can pick the event wich he or she likes and write some lines at the page.
In the Netherlands we have soon 3 great events: the Mozilla Camp, the NLUUG and the HAR2009. Anybody is free to fill in and participate.

Next January 14th Medialab-Prado (Madrid) will host the CAParty CAcert Assurance event. A PGP signing party will happen too.

A full description in Spanish with all the details on how to attend is published on the website.

Join to the Web of Trust!

A few days ago, a group of scientists and security specialists finally succeeded to create a rogue CA that was able to issue certificates that are accepted by all browsers:

http://www.win.tue.nl/hashclash/rogue-ca/ and http://www.phreedom.org/research/rogue-ca/ The problem underneath are weaknesses that were discovered in the MD5 hash-algorithm.

CAcert has switched from MD5 to SHA-1 for certificate-issueing a few years ago, when the first research results were made public that indicated that such an attack will become feasible. CAcert is currently still using an intermediate CA that was issued with an MD5 based signature 3 years ago. We are currently working to phase out this intermediate CA.

We suggest that all certificates (except for root certificates, which aren’t affected), regardless of which CA has issued them, that were still issued with MD5, be replaced with SHA-1 based certificates within the next 3 months. We also suggest that all company-internal or organisation internal CA’s be checked and switched from MD5 to SHA-1 where necessary. To detect, whether a webserver certificate or any of the intermediate certificates are MD5 based, you can use this Firefox extension: http://codefromthe70s.org/sslblacklist.aspx

Happy new year!

Although the new RootKeys are generated, they are not yet availlable. At the moment there is a review of the new keys going on to see if they comply fully with the requirements for inclusion in the mainstream browsers. When the review is succesfull, the new RootKeys will become public and will be used to sign new or renewed certificates.

The blog will be the first place where you can read they have gone on-line, as well as additional info