A better approach to security

[Pieter van Emmerik <pve.cacert AT gmail.com>]

At this moment the CAcert root certificate is not yet included in the 
maim browsers,
but we are working on that, look at the next link for more information:
Inclusion Status: Which browsers/Os includes the CAcert root certificate
http://wiki.cacert.org/InclusionStatus

You can make your browser trust the CAcert root certificate by importing 
it yourself,
see the links below for instruction±
HowTo: Import the CAcert Root Certificate into Client Software
http://wiki.cacert.org/BrowserClients

How can I trust CAcert's root certificate?
http://wiki.cacert.org/ImportRootCert

The fact that a certificate is trusted by your browser because your browser
contains the root certificate that was used to sign the SSL or Client 
certificate
does NOT mean that the certificate is trust worthy!
To know how much trust you can place on a certificate you should read the
CPS (Certification Practise Statement) of the CA (Certificate Authority)
that signed the certificate.
For some certificates the only identity check that has been performed is 
to check
you own the email address you used to request the certificate at the 
time you
made the request.
CAcert is somewher on the other side of the spectrum, to get a Client 
certificate
you must have been assured by at least 2 assurers in a face to face 
meeting, see:
Getting Assured by a CAcert Assurer
http://wiki.cacert.org/FAQ/AssuranceByCAP

To find some more information on differen CA's and their CPS have a look at:
Mozilla Included Certificate List
http://www.mozilla.org/projects/security/certs/included/

An other point may be the nunber of available Notaries/Assurers available.
Compare StartSSL (https://www.startssl.org/) with 8 notaries in Australia to
CAcert (https://secure.cacert.org/wot.php?id=1 sorry you need an account 
to see this list)
with 132 ussures.

An other aspect, which is very important to me, is the fact that CAcert 
is a fully transparent
and not for profit organisation run by its members and community.
If you want to have control over your CA (in the sense you can check 
everithing they do)
and maybe even want to learn about security by the use of encription 
techniques
CAcert is the place to be.
Have a look at the CAcert wiki for more information: http://wiki.cacert.org

Maybe a good start is to have a look at our flyers at:
http://wiki.cacert.org/PublicRelations
http://wiki.cacert.org/comma/Arsenal/PrintMaterial#flyers

You need certificates for an organisation you will need an Organisation 
Assurence.
I do not know much about that but have a look at:
http://wiki.cacert.org/OrganisationAssurance/Overview

If you need an organisation assurance or have any other questions ask the
CAcert support mailing list at: cacert-support AT lists.cacert.org

Kind regards,
Pieter van Emmerik

Op 21-2-2010 6:47, Philip Rhoades schreef:
> People,
>
> Value of CAcert certificates?:
>
> I am interested in joining your community because I have just discovered the
> problem with self-signed certificates (for a private, non-profit, 
> non-financial
> site) and
> FF3 etc.  However, when I click on your "Join" link I get FF3's "This
> Connection is Untrusted" message - does this mean that CAcert is not accepted
> as a major CA?
>
> Contact us:
>
> I tried to fill in the form for this in three different browsers on Fedora 12 
> -
> FF3, Google-chrome and Midori and all told me that I had cookies or javascript
> disabled - which can't be correct . .
>
> So I decided to post to this list but when I used the password that was
> provided I got this error message:
>
>    INTERNAL SERVER ERROR (login) -
>    ERROR () - Provided password is incorrect
>
> so I used the link provided to first change my password and then was able to
> login so I could post this message!  You need to make it easier to make 
> contact
> and get involved . .
>
> Thanks,
>
> Phil.
>
>    


--
Pieter van Emmerik
Email: pve.cacert AT gmail.com

CAcert assurer 000419

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature