[lug] Re: Certificate Authority

Jeffrey Brown jabrown at co.jefferson.co.us
Mon Mar 7 15:06:17 MST 2005


I apologize for top posting, I'm using an unintelligent email client
right now. I was able to become a CAcert assurer while at USENIX last
year. Basically if you get 100 points you can generate any type of
certificate you want and assure other people up to 10 points. Once an
assurer has assured 25 people they can then issue up to 35 points for
assurance. It can be confusing though.

The value of CAcert.org is still questionable as it's CA certificate
isn't in any browser at this point. If that doesn't bother people I'd
recommend becoming your own CA, mint certs yourself and tell your users
to import your own CA certificate into whatever application they're
using. 

Jeffrey Brown
Linux/UNIX Administration
Jefferson County Gov't., Colorado


>>> jafo at tummy.com 3/5/2005 1:49:33 AM >>>
On Wed, Mar 02, 2005 at 11:44:30AM -0700, Jeff Schroeder wrote:
>warning.  You can always grab a free cert, or even generate one 
>yourself, but the odds are that people's browsers will complain and 
>they'll get nervous.

CACert is an interesting idea.  It's not practical to use right now
though.
It works by different people getting points through authentication
with
existing CACert assurers, and those assurers can give that person some
amount of points based on the authentication.  Back in January, I was
traveling through CO, NM and TX and thought it would be a bit of nice
geek
tourism to meet other assurers and get the max CACert points while
doing
so.

The process isn't very well documented, but IIRC the best you can get
for a maximally assured assurer is something like 20 points.  A fully
certified assurer has to obtain 150 points in this way.

During my trip, I contacted around a dozen assurers, heard back from 3,
and
actually met up with one.  In the end I decided that it was too much
trouble to try to get certified by using assurers, and decided I
should
just find a notary and someone else to witness my identity papers and
submit them directly to Australia.  Unfortunately, I've been so busy I
haven't been able to make that happen yet.

I think you need to get at least 3 assurers with 150 points to assure
you
to get a certificate.  If we primed the LUGs with assurers, we could
probably make it so that people could show up and get certified. 
Hacking
Society would be even better since it would allow people to get
certified
every week in Boulder and Fort Collins.

It's not likely that CACert will get included in browsers any time
soon.
So, for the moment it's kind of hard to say that it's worth the hassle
when
you can get a real cert for, I think our least expensive one is $75...

It'd be neat to have though.

Sean
-- 
 The "PEANUTS" gang finds their first root-kit in "YOU'RE AN 3L33T
H4CK3R
 NOW, CHARLIE BROWN".
Sean Reifschneider, Member of Technical Staff <jafo at tummy.com>
tummy.com, ltd. - Linux Consulting since 1995.  Qmail, Python,
SysAdmin

_______________________________________________
Web Page:  http://lug.boulder.co.us 
Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug 
Join us on IRC: lug.boulder.co.us port=6667 channel=#colug



More information about the LUG mailing list