CeBIT Open Source Project Lounge -- CAcert
CAcert -- community based certificate authorityBy
CAcert is among the 15 projects that will present their work at CeBIT, offering community based security certificates.
In a nutshell - describe your project in a few words:
CAcert is a community based certificate authority with the objective of providing a free, open and transparent public key (PK) infrastructure for all its community members. It seeks to provide an enhanced experience in the virtual world by connecting the virtual identities of the Internet with real world entities.
When did the project begin?
In 2002 with CAcert.org and in 2003 with CAcert, Inc.
How many active members does the project have?
3,257 active assurers (those passing our Assurance Challenge) and 19,067 participants, as of January 18, 2010.
How did the project come about?
Duane Groth wanted to secure the WLAN network of his hometown, which was too expensive, so started the community.
What would make a CeBIT visitor interested in your booth?
1. Anyone can become a community member to use free certificates as long as they get assurance of identity as part of our Organization Assurance program.
2. Small companies, organizations and schools with smaller budgets can get information about how they can add value for their customers or members with the help of client certificate logins to their Internet portals.
3. Linux distributions and software developers can learn how to extend their software with features so that Internet portal or application users are assured secure access.
Who do you make your software for?
Community members have the choice to create client certificates, e-mail certificates (signing and encryption) or server certificates (SSL and TLS) and sign documents or code. They can also sign PGP/PGP keys (engage in keysigning parties).
Where do you see your biggest current challenge?
Browser integration of root certificates into the operating systems require audits handled by the community. These audits are time consuming.
If you were to hire a full-time project developer now, what problem should he or she be ready to solve?
The requirement for audits spawned a new software development project called "Birdshack" during the spring of 2009. We need developers to implement this project.
Under which license is the software currently offered?
GNU General Public License v2, June 1991.
Internet adress: http://www.cacert.org
3ROS attack tool lowers the technical bar so anyone can be an intruder.
Mozilla's latest browser offers powerful new privacy feature
If attackers are on your system, saving your passwords in a password vault is no protection.
Faulty hash algorithm persists, despite efforts by experts to raise awareness.
Powerful man-in-the-middle attack is now targeting online shopping.
Another high-profile coder says the kernel team needs a kinder, gentler culture.
Bug database has a bug of its own that could allow an intruder to create an unauthorized account.
Report focuses federal resources on achieving universal Internet access.
Leading browser makers say “no” to porous encryption algorithm