![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Today I got up early and joined some Canton friends for a seven-hour excursion for lunch in Columbus. Why?
We went to meet Duane Groth, president of the CAcert board.
CAcert is a project intended to apply a strict form of the PGP-style "community web of trust" model to SSL-style (X.509) certificates, rather than paying someone like Verisign or Thawte to sign your certificates. CAcert uses a point system: people get points by being "assured" (having their identity verified) by someone with enough points to have that power. Normally you get up to 35 points for being assured by one person, and once you accumulate 150 points you can assure other people. (There are also certificate-related benefits available depending on the number of points you have.)
Duane is on an extended leave from Australia to tour the U.S. promoting CAcert and seeding the system by creating new Assurers. As a board member, he has the power to award 150 points to a person all at once, immediately making that person an authorized assurer, who is then able to award up to 35 points per authenticated person. (I like to think of it as a bit like getting your PGP key signed by Phil Zimmerman, though the web-of-trust models work a bit differently. Which made me wonder,![[livejournal.com profile]](https://www.dreamwidth.org/img/external/lj-userinfo.gif)
stega did you ever get a PGP key signed by Zimmerman before fleeing his company?)
So now I am authorized to authenticate people and award up to 35 points to them, as are the other people I went with. (As I write this I am among a total of 1775 authorized CAcert assurers in the world, and 23260 verified users in the system.) I can also create assured client certificates, code signing certificates, and server certificates. The only problem is that today's SSL client software does not yet trust CAcert by default; the CAcert root certificate must be imported and trusted. Apparently it would cost $75000 plus $10000/year to get it into Internet Explorer (far outside CAcert's budget), but they are working on getting it into Mozilla/Firefox.
We went to meet Duane Groth, president of the CAcert board.
CAcert is a project intended to apply a strict form of the PGP-style "community web of trust" model to SSL-style (X.509) certificates, rather than paying someone like Verisign or Thawte to sign your certificates. CAcert uses a point system: people get points by being "assured" (having their identity verified) by someone with enough points to have that power. Normally you get up to 35 points for being assured by one person, and once you accumulate 150 points you can assure other people. (There are also certificate-related benefits available depending on the number of points you have.)
Duane is on an extended leave from Australia to tour the U.S. promoting CAcert and seeding the system by creating new Assurers. As a board member, he has the power to award 150 points to a person all at once, immediately making that person an authorized assurer, who is then able to award up to 35 points per authenticated person. (I like to think of it as a bit like getting your PGP key signed by Phil Zimmerman, though the web-of-trust models work a bit differently. Which made me wonder,
stega did you ever get a PGP key signed by Zimmerman before fleeing his company?)So now I am authorized to authenticate people and award up to 35 points to them, as are the other people I went with. (As I write this I am among a total of 1775 authorized CAcert assurers in the world, and 23260 verified users in the system.) I can also create assured client certificates, code signing certificates, and server certificates. The only problem is that today's SSL client software does not yet trust CAcert by default; the CAcert root certificate must be imported and trusted. Apparently it would cost $75000 plus $10000/year to get it into Internet Explorer (far outside CAcert's budget), but they are working on getting it into Mozilla/Firefox.
geeky