CAcert System Admins discussion list

[Roberto Mazzoni <roberto.mazzoni AT id.uzh.ch>]

Hy all

>>> How important is this now?
>>
>> I guess fair wording does not change importance.
> 
> 
> Sorry, I still don't understand why it is important to you. Everything's
> important, what is not clear is why this is more important than anything
> else?

Believe me, it's not important for me but may be it could be important for
CAcert. I'll try to give an explanation without any technical arguments, may
be this clarifies my point of view.

At the Universtity of Zurich we are running two Certificate Authorities, one
for servers and one for clients. Both root certificates are installed in users
browser and email clients and are well working. In addition, we are
introducing Lotus and within Lotus all users can sign and encrypt emails out
of the box. Nothing must be installed, no certificates must be issued.
Everything is working well within the University and we don't need anything
else for secure communication.

But the University ist not alone. And not in an ivory tower. So our idea was
to use in future CAcert certificates and enabling people also to have the same
options with people outside the University. Doing it together with ETH would
mean that we get a lot of students and employess in a WOT and instead of
install the root certificates of the University and the ETH, only CAcert Root
and intermediate certificates would be needed. Helping the WOT and awareness
regarding security measures and acceptance if only CAcert Root and
intermediate certificate can be installed.

Both institutions have not only IT Services, but also IT departments and
strong Schools of Informatics. And they both teach also IT security. You may
imagine what would be the result, if IT Services are offering certificates
that could be used to show vulnerability based on MD5 hashes?

Daniel sketched a roadmap for having the MD5 problem avoided. If CAcert is
willing to do it, fine. If not, also fine, we will find an other solution.

Kind regards

Roberto

-- 
-----------------------------------------------------------------------------
                        Roberto Mazzoni             
roberto.mazzoni AT id.uzh.ch
                                             http://www.id.uzh.ch/home/mazzo/
       -   ,__o         Universitaet Zuerich
     --  _-\_<,         Informatikdienste                Tel: +41 44 63 54520
   ---  (*)/'(*)        Winterthurerstrasse 190               +41 44 63 43333
                        CH-8057 Zuerich                  Fax: +41 44 63 54505

  PGP PUBLIC KEY & S/MIME CERTIFICATE: see https://www.uzh.ch/id/home/mazzo/

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature