CeBIT Open Source Project Lounge -- CAcert
CAcert -- community based certificate authorityBy
CAcert is among the 15 projects that will present their work at CeBIT, offering community based security certificates.
In a nutshell - describe your project in a few words:
CAcert is a community based certificate authority with the objective of providing a free, open and transparent public key (PK) infrastructure for all its community members. It seeks to provide an enhanced experience in the virtual world by connecting the virtual identities of the Internet with real world entities.
When did the project begin?
In 2002 with CAcert.org and in 2003 with CAcert, Inc.
How many active members does the project have?
3,257 active assurers (those passing our Assurance Challenge) and 19,067 participants, as of January 18, 2010.
How did the project come about?
Duane Groth wanted to secure the WLAN network of his hometown, which was too expensive, so started the community.
What would make a CeBIT visitor interested in your booth?
1. Anyone can become a community member to use free certificates as long as they get assurance of identity as part of our Organization Assurance program.
2. Small companies, organizations and schools with smaller budgets can get information about how they can add value for their customers or members with the help of client certificate logins to their Internet portals.
3. Linux distributions and software developers can learn how to extend their software with features so that Internet portal or application users are assured secure access.
Who do you make your software for?
Community members have the choice to create client certificates, e-mail certificates (signing and encryption) or server certificates (SSL and TLS) and sign documents or code. They can also sign PGP/PGP keys (engage in keysigning parties).
Where do you see your biggest current challenge?
Browser integration of root certificates into the operating systems require audits handled by the community. These audits are time consuming.
If you were to hire a full-time project developer now, what problem should he or she be ready to solve?
The requirement for audits spawned a new software development project called "Birdshack" during the spring of 2009. We need developers to implement this project.
Under which license is the software currently offered?
GNU General Public License v2, June 1991.
Internet adress: http://www.cacert.org
New flaw in an old encryption scheme leaves the experts scrambling to disable SSL 3
Lennart Poettering wants to change the way Linux developers talk to each other.
Enterprise giant frees itself from ink and home PCs (and visa versa).
Mozilla’s product think tank sinks silently into history.
TODO group will focus on open source tools in large-scale environments.
New tool will look like GParted but support a wider range of storage technologies.
New public key pinning feature will help prevent man-in-the-middle attacks.
Carnegie Mellon researchers say 3 million pages could fall down the phishing hole in the next year.
The US government rolls new best-practice rules for protecting SSH.