Presentation is loading. Please wait.

Presentation is loading. Please wait.

CAcert, a Security Community. The Problem Back in 2001: Sydney had WLAN network access everywhere (Sydney Wireless) People were running their own mailservers.

Published byJared Norris Modified over 8 years ago

Similar presentations

Presentation on theme: "CAcert, a Security Community. The Problem Back in 2001: Sydney had WLAN network access everywhere (Sydney Wireless) People were running their own mailservers."— Presentation transcript:

1 CAcert, a Security Community

2 The Problem Back in 2001: Sydney had WLAN network access everywhere (Sydney Wireless) People were running their own mailservers at home, using the Webmail on their home-mailservers from somewhere else in Sydney Webmail was using plain HTTP, so they broadcasted their passwords in clear on air

3 Strategic goal Privacy through encryption Security through authentication Trust for the Internet Solution to the chicken-and-egg problem: Certificates and applications

4 Tasks of a CA “Certification Authority” A CA digitally binds the identity of people and organisations (“identity-binding”) Issues digital certificates

5 Applications Securing a Webserver with HTTPS Signing and encrypting Emails SSL/TLS Server applications Authentication for websites Authentication for VPN´s

6 CAcert Inc. CAcert Inc. is a registered non-profit organisation based in Australia, which defines the rules and operates the servers Start www.CAcert.org: 2002 Founding CAcert Inc.: 2003

7 Identity-binding Until now: Verification of the identity for every certificate, costs ~ 200,- USD per certificate per year How does it help, if I can afford a certificate, but the rest of the world can´t? CAcert separates the Assurance (verification of the identity with gov. photo-ID) from the issueing of the certificates

8 Web of Trust Was “invented” around PGP If your friend trusts Bob, and your friend tells you about it, and you trust your friend, then you could trust Bob People sign other people´s keys (telling the public you “trust”/... them) 1 Million people Problems: No central authority No defined rules Quality Trust vs. Identity

9 Assurance Assurance is a service, where an Assurer verifies the identity of a person with a government issued photo-ID and affirms for CAcert, and issues points on the life-long account at CAcert free market >4000 Assurer worldwide

10 Point schema With 50 points you can issue certificates With 100 points you become an Assurer, you can give other people a maximum of 10 points, and you get 2 points for doing it. Upto 150 points, where you can give 35 points

11 Community Where do you get your points? “Find an assurer” near you through the website Meet assurers at conferences and events Blogtalk, Linuxwochen, CeBIT, CCC Congress, Linuxworld, LinuxTag, FISL,...

12 Certificates Life-long account at CAcert Issue certificates yourself anytime on the internet certificates are free of charge unlimited number of certificates therefore you only have initial costs, no followup costs

13 Technology X.509 certificates server certificates client certificates code-signing certificates (Java, Active-X, Cellular phones,...) IDN-Domains OpenPGP OpenPGP Signatures CAcert is a platform and technology neutral CA!

14 Security CAcert is being audited with a WebTrust compatible Audit, which is a worldwide recognized Audit for CA´s 4-eyes principle open and transparent structure sourcecode is available for audits instant revocation lists + OCSP

15 Success? Verified Users: > 65000 Issued Certificates: > 150000 Assurers: 6,691 Assurances: 41,957 Issues points: 1,034,107 in more than 29 countries translated into 26 languages http://www.cacert.org/stats.php

16 Thank you very much http://www.cacert.org/ http://wiki.cacert.org/ http://wiki.cacert.org/ Any questions?

17 How do I get my cert now?!? Get the form, fill out the upper part Come with a personal ID / passport / drivers license to me Issue the certificates yourself through the website Think about donating Create your account on www.cacert.orgwww.cacert.org Verify your email address within 24 hours Password: LARGE+small+numb3r+spe(ial

Download ppt "CAcert, a Security Community. The Problem Back in 2001: Sydney had WLAN network access everywhere (Sydney Wireless) People were running their own mailservers."

Similar presentations

AI3 Contact Server Takeshi Usui

AI3 Contact Server Takeshi Usui
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
E-Procurement: Digital Signatures and Role of Certifying Authorities Jagdeep S. Kochar CEO, (n)Code Solutions.

E-Procurement: Digital Signatures and Role of Certifying Authorities Jagdeep S. Kochar CEO, (n)Code Solutions.
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
CSCI 530L Public Key Infrastructure. Who are we talking to? Problem: We receive an e-mail. How do we know who it’s from? E-Mail address Can be spoofed.

CSCI 530L Public Key Infrastructure. Who are we talking to? Problem: We receive an . How do we know who it’s from? address Can be spoofed.
Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.

Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.
Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.

Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.
Signing and Encrypting Email With the Thawte Web of Trust CSU Professional Development Institute January 8, 2009 Steve Lovaas.

Signing and Encrypting With the Thawte Web of Trust CSU Professional Development Institute January 8, 2009 Steve Lovaas.
Internet Security Terms and Techniques Chris Avram Faculty of Information Technology Monash University 1U-Cubed ‘99Chris Avram.

Internet Security Terms and Techniques Chris Avram Faculty of Information Technology Monash University 1U-Cubed ‘99Chris Avram.
Tony BrettOUCS Course Code ZAB 9 February 2004 E-Mail Security – Encryption and Digital Signatures Tony Brett Oxford University Computing Services February.

Tony BrettOUCS Course Code ZAB 9 February Security – Encryption and Digital Signatures Tony Brett Oxford University Computing Services February.
Email Security Jonathan Calazan December 12, 2005.

Security Jonathan Calazan December 12, 2005.
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
Masud Hasan 03-60-475 Secure Email Project 1. Secure Email It uses Digital Certificate combined with S/MIME capable email clients to digitally sign and.

Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.
Identity and Access IDGo Secure Email (ISE) for Android Didier Bonnet November 2014.

Identity and Access IDGo Secure (ISE) for Android Didier Bonnet November 2014.
Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.

Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.
Digital Certificates With Chuck Easttom. Digital Signatures  Digital Signature is usually the encryption of a message or message digest with the sender's.

Digital Certificates With Chuck Easttom. Digital Signatures  Digital Signature is usually the encryption of a message or message digest with the sender's.
Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam

Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam
Secure e-mail r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.

Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.

Similar presentations

Ads by Google