Presentation is loading. Please wait.

Presentation is loading. Please wait.

CAcert A Communities Way To Professionalism

Published byBarnaby Hoover Modified over 6 years ago

Similar presentations

Presentation on theme: "CAcert A Communities Way To Professionalism"— Presentation transcript:

1 CAcert A Communities Way To Professionalism

2 What's CAcert? 2002 Start CAcert Org → CAcert Community
2003 Start CAcert Inc. → Non-Profit Association located in NSW Australia CAcert Inc. Runs PKI Infrastructure servers for their Community Members Based on OpenSource thoughts

3 What's CAcert? Security and Privacy may not cost anything
CAcert offers for free … Certificates for Signing Certificates for Encryption Certificates for Server SSL Certificates for Code-Signing and Document Signing

4 CAcert and the Audit To get CAcert Root Certs. into Browsers
→ Audit is required → which requires: management policies + practices review of business & systems … against policies and practices

5 CAcert and the Audit CAcert Audit starts in about by David Ross (builds an audit plan → DRC) Ian Grigg stepped in Jan. 2006 March 2008: 18 months business plan funding by NLnet, (3x 6 months) Audit effects CAcert's two major business areas: Assurance Systems

6 CAcert and the Audit a. Assurance review
Assurance Policy is in full POLICY status It is binding on all Assurers The process of Assurance can be reviewed.

7 CAcert and the Audit b. Systems review
Review of the systems was delayed by lack of a secure hosting service. The systems were moved 1st October, 2008 from Vienna to the secure data center at BIT, a company in Ede, NL.

8 CAcert and the Audit b. Systems review (cont.)
A new team of systems administrators Approval of the Security Policy to DRAFT mode => Binding on the systems administrators and the Access Engineers => now possible to review the systems against the policy.

9 CAcert and the Audit b.i On-Site Inspection
1st visit on 4, 5, 6th May, warm-up: personnel, Roots, Access, inventory probably 1st of 3 visits. Next scheduled mid-June

10 CAcert and the Audit b.ii We still lack the CPS (Certification Practice Statement) (which is nearly ready)

11 CAcert and the Audit b.iii Review of the software
Innsbruck software camp Week 20th April Serious difficulties in maintenance, improvement and securing Cannot form a conclusion over software New software development team, new design, new build

12 Audit Background

13 Audit Background One big result of the thinking process we required:
a CAcert Community Agreement and it had to do following things:

14 Audit Background a. make Members a mutually binding Community.
b. to state the Risks/Liabilities/Obligations c. to limit the liabilities 1000 Euros to *allocate the liabilities* back to the Members

15 Audit Background How do we allocate the liabilities?
By making our own „forum of dispute resolution“, agreeing to be bound to that resolution, writing a Policy to control that process: ==> Arbitration.

16 Audit Background Summary: The original “Why” of Arbitration:
Audit (DRC) forced disclosure of Liabilities simple fix: limiting complex fix: allocation the safe and cheap way to allocate is: to use our own Arbitration (Last section discusses „How“.)

17 Summary Remember: This Is All About …
To get CAcert Root Certs. into Browsers → Audit is required → which requires: ....

18 And the Practice? modified CAP forms
Assurer Training Events (audited Assurances) Mailings to inform their members about changes and changed procedures CAcert Community Agreement translations apart from that much paperworks (Policies, Handbooks)

19 Thanks, Questions & Answers
Ulrich Schroeter Questions ?

Download ppt "CAcert A Communities Way To Professionalism"

Similar presentations

EuroCAMP Ljubljana, 3-5 March 2006 TERENA Server Certificate Service Towards the large-scale use of affordable popup-free server certificates for the European.

EuroCAMP Ljubljana, 3-5 March 2006 TERENA Server Certificate Service Towards the large-scale use of affordable popup-free server certificates for the European.
The Camp Audit “Keep your friends close and your auditor closer”

The Camp Audit “Keep your friends close and your auditor closer”
Copyright © 2008, SAS Institute Inc. All rights reserved. What’s New at SAS Belinda Bank, Marketing Assistant SAS Canada.

Copyright © 2008, SAS Institute Inc. All rights reserved. What’s New at SAS Belinda Bank, Marketing Assistant SAS Canada.
Project Tracking. Questions... Why should we track a project that is underway? What aspects of a project need tracking?

Project Tracking. Questions... Why should we track a project that is underway? What aspects of a project need tracking?
LCG CERN David Foster LCG WP4 Meeting 20 th June 2002 LCG Project Status WP4 Meeting Presentation David Foster IT/LCG 20 June 2002.

LCG CERN David Foster LCG WP4 Meeting 20 th June 2002 LCG Project Status WP4 Meeting Presentation David Foster IT/LCG 20 June 2002.
E.H. Pechan & Associates, Inc. Emissions Data Management System for the Western Regional Air Partnership Presentation to the WRAP Emissions Forum April.

E.H. Pechan & Associates, Inc. Emissions Data Management System for the Western Regional Air Partnership Presentation to the WRAP Emissions Forum April.
29 th EUGridPMA meeting, September 2013, Bucharest AEGIS Certification Authority Dušan Radovanović University of Belgrade Computer Centre.

29 th EUGridPMA meeting, September 2013, Bucharest AEGIS Certification Authority Dušan Radovanović University of Belgrade Computer Centre.
© CAcert, 2009 Ulrich Schroeter, Assurer Training Evetns, April 2009, #2 Welcome!

© CAcert, 2009 Ulrich Schroeter, Assurer Training Evetns, April 2009, #2 Welcome!
© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 How Cacert responded to audit...

© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 How Cacert responded to audit...
Digital Certificates Presented by: Matt Weaver. What is a digital certificate? Trusted ID cards in electronic format that bind to a public key; ex. Drivers.

Digital Certificates Presented by: Matt Weaver. What is a digital certificate? Trusted ID cards in electronic format that bind to a public key; ex. Drivers.
Campus Networking Best Practices This Presentation and related materials will be available at: nsrc.org/tutorials/2008/sanog12 Help Desk Services.

Campus Networking Best Practices This Presentation and related materials will be available at: nsrc.org/tutorials/2008/sanog12 Help Desk Services.
© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 What is the CCA?

© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 What is the CCA?
© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Participating in the Community.

© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Participating in the Community.
© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 The Purpose of an Assurance.

© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 The Purpose of an Assurance.
© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 CAcert and the Audit.

© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 CAcert and the Audit.
2.0 Assurance Practice.

2.0 Assurance Practice.
Advanced Software Engineering Dr. Cheng

Advanced Software Engineering Dr. Cheng
SQL Database Management

SQL Database Management
«My future profession»

«My future profession»
Let’s Get Started! Steve Rezhener SQL Malibu and SQL Saturday in LA

Let’s Get Started! Steve Rezhener SQL Malibu and SQL Saturday in LA

Similar presentations

Ads by Google