CAcert A Communities Way To Professionalism

Slides:



Advertisements
Similar presentations
EuroCAMP Ljubljana, 3-5 March 2006 TERENA Server Certificate Service Towards the large-scale use of affordable popup-free server certificates for the European.
Advertisements

The Camp Audit “Keep your friends close and your auditor closer”
Copyright © 2008, SAS Institute Inc. All rights reserved. What’s New at SAS Belinda Bank, Marketing Assistant SAS Canada.
Project Tracking. Questions... Why should we track a project that is underway? What aspects of a project need tracking?
LCG CERN David Foster LCG WP4 Meeting 20 th June 2002 LCG Project Status WP4 Meeting Presentation David Foster IT/LCG 20 June 2002.
E.H. Pechan & Associates, Inc. Emissions Data Management System for the Western Regional Air Partnership Presentation to the WRAP Emissions Forum April.
29 th EUGridPMA meeting, September 2013, Bucharest AEGIS Certification Authority Dušan Radovanović University of Belgrade Computer Centre.
© CAcert, 2009 Ulrich Schroeter, Assurer Training Evetns, April 2009, #2 Welcome!
© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 How Cacert responded to audit...
Digital Certificates Presented by: Matt Weaver. What is a digital certificate? Trusted ID cards in electronic format that bind to a public key; ex. Drivers.
Campus Networking Best Practices This Presentation and related materials will be available at: nsrc.org/tutorials/2008/sanog12 Help Desk Services.
© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 What is the CCA?
© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Participating in the Community.
© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 The Purpose of an Assurance.
© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 CAcert and the Audit.
2.0 Assurance Practice.
Advanced Software Engineering Dr. Cheng
SQL Database Management
«My future profession»
Let’s Get Started! Steve Rezhener SQL Malibu and SQL Saturday in LA
TIP Remember, your sense of conviction and your involvement with the content of the presentation are critical to its success.
Security: Exploits & Countermeasures
Hiring Manager onboarding
AEGIS Certification Authority
12.3 Control Procurements The process of managing procurement relationships, monitoring contract performance and making changes or corrections as needed.
Classic X.509 AP updates (v4.1)
MISY3321- Intro. to Information Assurance
Unit Treasurer Workshop/PTA-Economics
SA2: Quality Assurance Status Report
SKY LAKES SECTION II ANNUAL HOME OWNER’S MEETING 2015
A Career in Open Source Software
Tech·Ed North America /13/2018 5:39 AM
CAcert and the Audit.
HmailServer Karam al-sofy & Faten alhasan.
Secure Enterprise Technology Initiatives e-Provisioning Group
CMGT 432Competitive Success/snaptutorial.com
CMGT 432 Education for Service-- snaptutorial.com
CMGT 432 Education for Service-- tutorialrank.com
CMGT 432 Teaching Effectively-- snaptutorial.com.
SharePoint Project Management Simplified
Methods and Assistance Program (MAP) Reviews Lori Fetterman, MAP Supervisor Emily Hightree, MAP Team Lead Property Tax Assistance Division October 12,
New Mexico Department of Health Immunization Program
[INSERT APPLICABLE REGIONAL ENTITY NAME/LOGO]
[INSERT APPLICABLE REGIONAL ENTITY NAME/LOGO]
Family/Caregiver Engagement
Program Policy Committee
MaGrid CA Self audit and update
TGp Closing Report Date: Authors: March 2006 Month Year
TGp Closing Report Date: Authors: May 2007 Month Year
Fiscal Year Budget Plan
TGp Closing Report Date: Authors: March 2006 Month Year
Status of U.S.-EU Bilateral Agreement
Security week 1 Introductions Class website Syllabus review
Security: Exploits & Countermeasures
Lacey day – 1st April 2019.
Security: Exploits & Countermeasures
Company X Process Mapping Training
Why QRA monitor? Knowing what should be done for:
Why SIMOP monitor? Knowing what should be done for SIMOP
South Carolina Health Care Association
GDPR Dashboard General Data Protection Regulation 06/02/2018
State CP Model (“Discussion Draft”)
Security: Attacks & Countermeasures
March 2017 – Total EPC applications 2598
National Visitor Use Monitoring
HOME AFFAIRS IDENTIFICATION SYSTEM (hanis)
New Employee Handbook Orientation
NM Department of Homeland Security and Emergency Management
Presentation transcript:

CAcert A Communities Way To Professionalism

What's CAcert? 2002 Start CAcert Org → CAcert Community 2003 Start CAcert Inc. → Non-Profit Association located in NSW Australia CAcert Inc. Runs PKI Infrastructure servers for their Community Members Based on OpenSource thoughts

What's CAcert? Security and Privacy may not cost anything CAcert offers for free … Certificates for Email Signing Certificates for Email Encryption Certificates for Server SSL Certificates for Code-Signing and Document Signing

CAcert and the Audit To get CAcert Root Certs. into Browsers → Audit is required → which requires: management policies + practices review of business & systems … against policies and practices

CAcert and the Audit CAcert Audit starts in about 2005 by David Ross (builds an audit plan → DRC) Ian Grigg stepped in Jan. 2006 March 2008: 18 months business plan funding by NLnet, (3x 6 months) Audit effects CAcert's two major business areas: Assurance Systems

CAcert and the Audit a. Assurance review Assurance Policy is in full POLICY status It is binding on all Assurers The process of Assurance can be reviewed.

CAcert and the Audit b. Systems review Review of the systems was delayed by lack of a secure hosting service. The systems were moved 1st October, 2008 from Vienna to the secure data center at BIT, a company in Ede, NL.

CAcert and the Audit b. Systems review (cont.) A new team of systems administrators Approval of the Security Policy to DRAFT mode => Binding on the systems administrators and the Access Engineers => now possible to review the systems against the policy.

CAcert and the Audit b.i On-Site Inspection 1st visit on 4, 5, 6th May, 2009 warm-up: personnel, Roots, Access, inventory probably 1st of 3 visits. Next scheduled mid-June

CAcert and the Audit b.ii We still lack the CPS (Certification Practice Statement) (which is nearly ready)

CAcert and the Audit b.iii Review of the software Innsbruck software camp Week 20th April Serious difficulties in maintenance, improvement and securing Cannot form a conclusion over software New software development team, new design, new build

Audit Background

Audit Background One big result of the thinking process we required: a CAcert Community Agreement and it had to do following things:

Audit Background a. make Members a mutually binding Community. b. to state the Risks/Liabilities/Obligations c. to limit the liabilities 1000 Euros to *allocate the liabilities* back to the Members

Audit Background How do we allocate the liabilities? By making our own „forum of dispute resolution“, agreeing to be bound to that resolution, writing a Policy to control that process: ==> Arbitration.

Audit Background Summary: The original “Why” of Arbitration: Audit (DRC) forced disclosure of Liabilities simple fix: limiting complex fix: allocation the safe and cheap way to allocate is: to use our own Arbitration (Last section discusses „How“.)

Summary Remember: This Is All About … To get CAcert Root Certs. into Browsers → Audit is required → which requires: ....

And the Practice? modified CAP forms Assurer Training Events (audited Assurances) Mailings to inform their members about changes and changed procedures CAcert Community Agreement translations apart from that much paperworks (Policies, Handbooks)

Thanks, Questions & Answers http://www.CAcert.org Ulrich Schroeter ulrich@CAcert.org Questions ?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.