BarCamp Vancouver 2006 - Conferences notes - CACert - Robin Johnson

[robbat2]

[Edit: Please see the corrections regarding the CACert Audit posted here.]

This is the outline version of my Powerpoint presentation, created using information from the CACert site and wiki.

Title: CACert - Verified SSL without paying Verisign

• Facets
  • History
  • Verification
  • CACert point system
  • Integration
  • Assurance time!
• History
  • Thawte
    • Web-of-Trust
    • Notaries
    • Things killed by Verisign
• Verification
  • Why?
    • Identity implications
    • Legal requirements
    • Trying to avoiding Verisign-like screwups
  • PGP/GnuPG keysigning
    • Checking IDs
    • (Known-data|shared secret) exchange
  • CACert
    • Keysigning process + point allocation
• CACert point system
• Integration (why doesn’t it work in my browser right now?)
  • Already in most Linux distributions
  • IE: Microsoft requirements
    • WebTrust audit
      • $75K USD upfront, $10K USD yearly
    • Not likely to happen soon
  • Mozilla requirements
    • Audit by any suitable company
    • CACert audit by ‘We!’ funded by StartCom
• Assurance time!
  • Quick guide to filling out the form
  • Circulate!

Comments

CAcert Audit?

[startssl.myopenid.com (from livejournal.com)]

What the heck is CAcert Audit funded by StartCom?

CAcert has refused ANY help from StartCom.

StartCom was audited by We!, while CAcert has not been Audited at all. Even if CAcert wanted to get get Audited by We!, which they don't, StartCom would NOT fund them.

Re: CAcert Audit?

[robbat2.livejournal.com]

See my latest post which is a correction on the matter.