[Wolves] Fw: [StaffsLUG General] CAcert event in TWO WEEKS

John Alexander acontractornow at yahoo.co.uk
Tue Jan 28 16:22:50 UTC 2020

 A few of you mentioned an interesting CAcert at dinner last week so I hope this email isn't too off topic or out of manor !!:)

   ----- Forwarded message ----- From: Steven Maddox via StaffsLUG General <general at lists.staffslug.org.uk>To: "meetings at lists.staffslug.org.uk" <meetings at lists.staffslug.org.uk>Cc: "general at lists.staffslug.org.uk" <general at lists.staffslug.org.uk>; Steven Maddox <s.maddox at lantizia.me.uk>Sent: Tuesday, 28 January 2020, 16:01:14 GMTSubject: [StaffsLUG General] CAcert event in TWO WEEKS
(I've CC'd general@ as we've got a fair few people travelling from afar who'd not normally go to regular meetings)
The CAcert event is in TWO WEEKS!  AAAND that might be a little too much excitement for some top notch nerdy bureaucracy!
Here is what CAcert *is* and *why* you should care...
CAcert is a global non-profit certificate authority that can issue certificates for use with TLS (commonly still known as SSL).  But unlike commercial certificate authorities (like Digicert, Comodo, IdenTrust, GoDaddy) they're completely free!
CAcert predates Let's Encrypt (abbreviated "LE", who also do free certificates) and has 5 key advantages...
   - Certificates can be issued for 2 years rather than only 3 months with automation scripts   
   - E-mails, code and other things can be signed rather than just websites
   - Certificates can be issued in your name or your organisations rather than just in the name of your domain
   - Isn't reliant upon cross-signing with another profit making CA (e.g. IdenTrust cross-signs LE)
   - Supports wildcards so you can cover many subdomains!   
Since your identity needs proving before they can be issued... CAcert users physically meet one another to verify we're who we say we are.  The more you've been "assured" by someone, the more points you get until you've got enough to generate free certificates and also assure other people... effectively it's "crowd sourced" trust.
After the presentation is over (presented by Alex Roberton, who presented a UK CAcert event in 2012) there'll be time to "assure" people and get "assured".
We've got all the forms here... so bring government-issued ID that has your photo on it, as many as possible (e.g. UK passport and UK drivers license).  Failing that, bring anything that confirms your ID (in an official way) especially something like your birth certificate, plus any documentation for marriage or "change of name" too if it applies.  If you're unsure there is a page on it here... http://wiki.cacert.org/AcceptableDocuments/UnitedKingdom
CAcert has fell on some hard times lately and I'm hoping to help bring this excellent project some new blood.  Work continues in being accepted by the "CA/Browser Forum" so their root certificates can get widely distributed.
"SSL certificates" are a RIGHT RACKET for the price you pay and it's shocking the small number of commercial players involved!  LE helps somewhat but as it's aims are different, it can only go so far.  Not far enough if we actually want to combat phishing involving misspelt domains (especially when people get a false sense of security seeing a padlock!  some re-education needed there, not helped by the browsers!).
It's advisable to make yourself a free CAcert account before coming along.  It's also helpful to know how to install their root certificate and generate your own client certificate.
If you want to assure people, you'll also need to pass a "challenge" online.  If you get stuck on this, just come to the presentation first and then try to take this after while you're here (we've got plenty of PC's).  If you've already generated a client certificate, just remember you'll need to have access to it (or create another) when you get here!
I've detailed any steps you might want to follow before the presentation (from making an account, to taking the "challenge") in the below blog post...
Hope to see you all there :)
Steven Maddox
Lantizia _______________________________________________
StaffsLUG General mailing list -- general at lists.staffslug.org.uk
To unsubscribe send an email to general-leave at lists.staffslug.org.uk

More information about the Wolves mailing list