BarCamp Vancouver 2006 - Conferences notes - CACert - Robin Johnson

[robbat2]

[Edit: Please see the corrections regarding the CACert Audit posted here.]

This is the outline version of my Powerpoint presentation, created using information from the CACert site and wiki.

Title: CACert - Verified SSL without paying Verisign

• Facets
  • History
  • Verification
  • CACert point system
  • Integration
  • Assurance time!
• History
  • Thawte
    • Web-of-Trust
    • Notaries
    • Things killed by Verisign
• Verification
  • Why?
    • Identity implications
    • Legal requirements
    • Trying to avoiding Verisign-like screwups
  • PGP/GnuPG keysigning
    • Checking IDs
    • (Known-data|shared secret) exchange
  • CACert
    • Keysigning process + point allocation
• CACert point system
• Integration (why doesn’t it work in my browser right now?)
  • Already in most Linux distributions
  • IE: Microsoft requirements
    • WebTrust audit
      • $75K USD upfront, $10K USD yearly
    • Not likely to happen soon
  • Mozilla requirements
    • Audit by any suitable company
    • CACert audit by ‘We!’ funded by StartCom
• Assurance time!
  • Quick guide to filling out the form
  • Circulate!

Comments

Re: CAcert Audit?

[robbat2.livejournal.com]

See my latest post which is a correction on the matter.