CaCert

From LiluxWiki
Jump to navigationJump to search

(For description, skip below)

Registration

If you are a CaCert assurer who can give 35 points, please register here, and mark your number of points:

If you are a CaCert assurer who can give 25 points, please register here, and mark your number of points:

If you are a CaCert assurer who can give 10 points, please register here, and mark your number of points:

If you are assured (more than 50 points, but less than 100), please register here:

If you are not yet assured, but are interested of being assured, please register here:

What is it?

CaCert (http://www.cacert.org/index.php?id=12, http://www.cacert.org, http://wiki.cacert.org) is a CAcert.org is a community driven, Certificate Authority that issues certificates to the public at large for free. These include SSL certificates (which are recognized by more and more browsers), as well as PGP/GPG keys.

Participation is very easy. No need to prepare any encryption keys in advance, or to be knowledgeable about SSL, GPG, or similar technologies. The whole assurance procedure is performed using pen and paper, and using the cacert website.

The system works using a "web of trust model", where existing members "assure" new and existing members, which means that they vouch for their identity. New members accumulate points. Beyond 50 points, a new member is assured, which means that the CA trusts their identity. Beyond 100 points, a member is an assurer, meaning that he can assure other members.

If a member has less than 100 points, he can only gain points by being assured: Up to 10 points if the assurer has less than 150 points, and up to 35 points if he has more than 150 points.

If a member has more than 100 points, he can only gain points by assuring other members, that way he gains 2 points per member that he assures.

The goal of our LiLux CaCert project is to enable LiLux to act as a CaCert assurer. This works if we have at least 5 assurers at 10 or 2 at 35. If we get at least 10 assurers (at 10 points) or 3 assurers (at 35 points), we cannot only assure people but also make them into assurers!

What's in it for us, LiLux

At LinuxDays 2007, a number of members got certified as CaCert assurers. Theoretically, we are now enough members together to assure people (50 points).

If people are interested in being assured, we can invite them to our meetings, where they can get assured... as long as enough of our assured members are already present! Or conversely, assure all of the "regularly" present members that are not yet assured...

If the presence of enough assurers is not achievable for every meeting, we should at least strive to have an "assurer's meeting" once in a while (for example, once every 2 or 3 months).

Technical

Although the goal of this is to supply GPG keys, SSL certificates and other certificates to the assured members, it is not needed to have the keys to be signed prepared in advance of the assurance procedure. Technical details, such as keys, can be handled at a later stage.

All you need to have ready beforehand is:

  • Two photo identity pieces (such as national ID card and driving license)
  • An account on cacert.org (can be created in 5 minutes using a Web Browser and an e-mail address. Can be done just before assurance procedure if you trust the public terminals we have at your disposal, or if you bring your own Laptop)

The actual procedure is as follows:

  • The assuree fills in a CaCert form (which we can supply).
  • The assurer checks the ids (not only to make sure that the assuree is who he claims he is, but also to check exact spelling of name (this is important!), birthdate, and signature), certifies that the form is filled in correctly, and keeps it. He then logs in to the cacert site, and assures the user (this can happen at a later stage, if no computers are available at this stage).
  • The assurer safekeeps the form for at least 7 years (during which random checks may be asked for by CaCert)

Once the assuree has gained enough points, he can log in to the site, supply his various public keys (SSL, GPG, ...) and have them signed by CaCert.

The important point here is you do not yet need to have prepared any encryption keys in advance to participate! So it is very easy to participate