Slashdot Mirror

← Back to Stories (view on slashdot.org)

Free Certificate Authority Unveiled by Aussies

Posted by CowboyNeal on from the good-things-from-down-under dept.

SonOfGates writes "Well, the Aussies have invaded Boston but at least they're not throwing tea into the harbor. AU-based nonprofit CAcert Inc has spent the last few days at USENIX '04 registering new users by the truckload. They bill themselves as a 'Community-Based CA.' Could this be the begining of a true 'open' certificate authority? See the O'Reilly story and press release."

4 of 284 comments (clear)

  1. Good for them by A.+Pizmo+Clam · · Score: 5, Informative

    Many ISP's and low-budget group have self-signed certs. They're easy to make. Hopefully this project will make it easier. I have quite often seen sites with a self-signed cert and another page giving the fingerprint of the cert. Most vendors allow these, but they aren't "trusted".

    The only reason the big companies charge so much (their claim, not mine) is the insurance they provide, and the fact that they are "trusted" by the various vendors.

    Any new group wanting to be a trusted CA will face the liability issue -- if one of your customers sues you, even if you try to disclaim all liability up front, you will still face massive court fees. Even if you won in court, you would lose financially if not insured.

    There is no technical or logistical problem with setting up a Free (and free) common-geek's CA, the problems are entirely legal ones. I know because I looked into it right after SSL came out. It looks like a good business plan, right up until someone takes you to court.

    --

    Thank you for your support.
  2. Re:Sounds like... by casuist99 · · Score: 5, Informative

    I know it's not non-profit, but Thawte does provide personal certificates for free. You can use them for email encryption and signing without any difficulty. As for server certificates (https, etc), I think you'd have to pay for, but for personal email usage, Thawte is a pretty good option.

  3. Denmark has this... by Jezral · · Score: 5, Informative

    Denmark has free digital signatures for all citizen, for use in email, to sign in on sites, etc...

    URLs:
    - http://www.digitalsignatur.dk/
    - http://privat.tdc.dk/digital/
    (both in Danish, though...)

    The technicalities are run by the largest phone company/ISP, TDC, but otherwise it's fully a government thing.

  4. Root certificate for Redhat, Opera, Mozilla by stray · · Score: 5, Informative
    In the June edition of ;login: (the Usenix Association's magazine), there is an article by Adam Butler (of CAcert) describing the project and shedding some light on the process of getting a CA root certificate included into various browsers:

    Quote from the article:

    "In true Microsoft style, Redmond adopted a new metric for determining whether a CA's root certificate is to be included with its browser/OS/kitchen-sink product: In order for a CA's root certificate to be accepted - I swear I'm not making this up - Redmond said CA must pay a WebTrust-licensed member of the American Institute of Certified Public Accountants up to $250,000 for an initial evaluation/inspection, plus additional tens of thousands of dollars in fees on a periodic "follow-up" basis.

    The makers of the Opera Web browser did not respond to email queries regarding their inclusion policies/requirements; however, a Bermuda-based CA representative stated in the netscape.public.mozilla.crypto newsgroup that "as of [his] last contact in 2003, Opera wanted cash to add a CA [root certificate]. They did not appear to have a standards policy.".


    He goes on to describe the process of getting the root cert, hopefully, included into the Mozilla project through a Bugzilla feature enhancement request. From what I read from the article, the discussion about this is still going on.