CACert?

Bill McGonigle bill at bfccomputing.com
Tue Oct 25 16:41:01 EDT 2005 

On Oct 25, 2005, at 15:39, John Abreau wrote:

> Did anything ever come of this thread? I'd be interested in becoming a 
> notary, and
> I imagine a number of my members would be, too.

I had a fair number of responses of interest.  What needs to be done at 
this point is to organize an event.  We have one other CACert and 
Thawte notary here and we'd need to either get a third notary to visit 
or get CACert to lend someone here some points.

This event could be before/after a LUG meeting, at or before the next 
quarterly meeting, or another time.  There's a HOWTO for the actual 
even and how to chain signings to achieve the highest number of points 
for each person.

As to Christopher's points - they're valid.  CACert is imperfect - but 
I would argue you're being given a look inside the sausage factory, 
where other CA's have bricked windows.  I'm on the notaries list but 
not the support list and I don't see any language problems or 
ineptitude there - rather some really good analysis of security issues 
and code patches to fix them as they're raised.  One could argue for 
scrapping CACert and starting over, but you're going to lose several 
years of traction by doing that and it's probably easier to make 
repairs than it is to rebuild.  As the Mozilla inclusion issue seems to 
be drawing nearer to resolution (and as goes Mozilla so goes RedHat, 
et. al.) CACert is going to have more acceptance.  It's worth noting 
Mozilla is helping steer CACert into what it needs to be when it grows 
up.  This doesn't solve the $125,000 IE problem.  Still, I prefer to 
measure on an outcomes-based approach.  We know that the Verisign model 
is broken based on their outcomes, so I don't want to hang my hat 
there.  I believe Web-Of-Trust face-to-face systems are inherently more 
secure than semi-anonymous online transactions.

And as my paid-for SSL certificate expired last week, and InstantSSL 
recently raised their prices 60% (I can't see why they deserve that) 
I'm actually using a CACert for my own system and realized what a pain 
it was to install root certificates where I needed.  Nothing but 
critical mass is going to solve this problem.

I'd ask those who want to come to a 'key signing party' (that's not 
technically right, but people know what that is) to respond to me with 
their preference for:

1) a) Next Quarterly Meeting (~3 months from now)
    b) Sooner
2) a) Before a meeting
    b) After a meeting
    c) a weekend day somewhere/sometime

-Bill
-----
Bill McGonigle, Owner           Work: 603.448.4440
BFC Computing, LLC              Home: 603.448.1668
bill at bfccomputing.com           Mobile: 603.252.2606
http://www.bfccomputing.com/    Pager: 603.442.1833
Jabber: flowerpt at gmail.com      Text: bill+text at bfccomputing.com
Blog: http://blog.bfccomputing.com/

More information about the gnhlug-discuss mailing list