CACert?
Bill McGonigle
bill at bfccomputing.com
Tue Oct 25 16:41:01 EDT 2005
On Oct 25, 2005, at 15:39, John Abreau wrote:
> Did anything ever come of this thread? I'd be interested in becoming a
> notary, and
> I imagine a number of my members would be, too.
I had a fair number of responses of interest. What needs to be done at
this point is to organize an event. We have one other CACert and
Thawte notary here and we'd need to either get a third notary to visit
or get CACert to lend someone here some points.
This event could be before/after a LUG meeting, at or before the next
quarterly meeting, or another time. There's a HOWTO for the actual
even and how to chain signings to achieve the highest number of points
for each person.
As to Christopher's points - they're valid. CACert is imperfect - but
I would argue you're being given a look inside the sausage factory,
where other CA's have bricked windows. I'm on the notaries list but
not the support list and I don't see any language problems or
ineptitude there - rather some really good analysis of security issues
and code patches to fix them as they're raised. One could argue for
scrapping CACert and starting over, but you're going to lose several
years of traction by doing that and it's probably easier to make
repairs than it is to rebuild. As the Mozilla inclusion issue seems to
be drawing nearer to resolution (and as goes Mozilla so goes RedHat,
et. al.) CACert is going to have more acceptance. It's worth noting
Mozilla is helping steer CACert into what it needs to be when it grows
up. This doesn't solve the $125,000 IE problem. Still, I prefer to
measure on an outcomes-based approach. We know that the Verisign model
is broken based on their outcomes, so I don't want to hang my hat
there. I believe Web-Of-Trust face-to-face systems are inherently more
secure than semi-anonymous online transactions.
And as my paid-for SSL certificate expired last week, and InstantSSL
recently raised their prices 60% (I can't see why they deserve that)
I'm actually using a CACert for my own system and realized what a pain
it was to install root certificates where I needed. Nothing but
critical mass is going to solve this problem.
I'd ask those who want to come to a 'key signing party' (that's not
technically right, but people know what that is) to respond to me with
their preference for:
1) a) Next Quarterly Meeting (~3 months from now)
b) Sooner
2) a) Before a meeting
b) After a meeting
c) a weekend day somewhere/sometime
-Bill
-----
Bill McGonigle, Owner Work: 603.448.4440
BFC Computing, LLC Home: 603.448.1668
bill at bfccomputing.com Mobile: 603.252.2606
http://www.bfccomputing.com/ Pager: 603.442.1833
Jabber: flowerpt at gmail.com Text: bill+text at bfccomputing.com
Blog: http://blog.bfccomputing.com/
More information about the gnhlug-discuss
mailing list