Talk:CAcert.org

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
WikiProject Cryptography / Computer science  (Rated Start-class, Mid-importance)
WikiProject iconThis article is within the scope of WikiProject Cryptography, a collaborative effort to improve the coverage of Cryptography on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
Start-Class article Start  This article has been rated as Start-Class on the quality scale.
 Mid  This article has been rated as Mid-importance on the importance scale.
Taskforce icon
This article is supported by WikiProject Computer science (marked as Mid-importance).
 
edit·history·watch·refresh Stock post message.svg To-do list for CAcert.org:


Here are some tasks awaiting attention:
  • Cleanup : Use CAcert.org and CAcert consistently.
  • Expand : Add a section about the association
  • Other : Correct misleading statement about Robot CA not including SubjectName - this is only true for server certificates!

CAcert has been[edit]

CAcert has been running nearly for 4 years now Wildcat paris 12:53, 14 September 2007 (UTC)

False certifiers[edit]

Q. Suppose 3 persons go through the trouble of being assured with 150 points. Is there anything that prevents them from certifying 3 times ( 105 points ) other 25 non-existent names, who also certify amongst themselves to reach 150 points and so on ?
A. Unfortunately No.

So, from a certain point, it could be just fake certifications? Doesn't it make CAcert certificates useless?

You can do this with the Thawte web of trust as well. The only thing you can do about it is remove the accounts and revoke the certs, if someone reports the fraud. —Preceding unsigned comment added by 62.163.167.174 (talkcontribs)
This is what the trust metric of Advogato is intended to discourage. --Damian Yerrick () 17:51, 13 August 2006 (UTC)
Plus any assurer has to accept the CAcert community agreement which states that any assurer is liable with a fee of up to 1000 € for every false assurance made. --Natureshadow (talk) 21:12, 12 January 2010 (UTC)

Robot CA vs. web of trust[edit]

How can I tell these certificates apart? How can I instruct my computer to e.g. trust the web of trust certificates, but distrust the robot certficates? Do they use a different root certificate? What is the use of robot certificates? Shinobu 07:40, 24 December 2006 (UTC)

This is a valid concern. Presently, the "class 1" (email verification only) root certificate (their primary one) is used for signing all certificates (server, email, code, etc.). They've created a "class 3" (higher verification, such as the web of trust) signing certificate that is chained to the class 1 root. In Mozilla products, you can change what you trust root certs for, so you'd be able to say "don't trust the root CA for anything, but trust the class 3 root for web sites, email, and code signing" if you wanted.
The class 3 root is not as widely used; the class 1 root is much more widely distributed (such as in some browsers, operating systems, etc.). You can install either root at the CAcert website. Many (most?) of the issued certificates, including Web of Trust-verified ones, are signed with the class 1 root for wider compatibility, so it might not be truly possible to have the computer discriminate between robot and WoT-verified certs. Your best bet is seeing if the certificate contains the user's full name, as this means they're verified through the WoT. Pete —Preceding comment was added at 19:54, 16 October 2007 (UTC)

Update[edit]

150,000 as of September 2006? Can someone update this? — Bob • (talk) • 08:28, July 29, 2007 (UTC)

Updated to January 2010 ;) --PabloCastellano (talk) 02:22, 9 February 2010 (UTC)

CAcert Agreement Defined - Included in main browsers?[edit]

I'm a bit vague on the details, but according to this announcement by CAcert they have decided on a Community Agreement and have "conquered that monumental task", I assume referring to "... the need to have CAcert Root Key included in the browsers. For this CAcert started the Audit process ..."

Can the article be updated, is it ready to be modified? M. W. Holt (talk) 01:54, 16 March 2008 (UTC)

Article name[edit]

Why is this names CAcert.org rather than CAcert? --Chealer (talk) 09:02, 26 October 2008 (UTC)

If you go and visit their site you will see Join CAcert.org and About CAcert.org in the menu, so we can fairly asume that is the official name of the community project. On the other hand, behind CAcert.org there is an association, CAcert Inc., but the article is currently only talking about the community project. —mnemoc (?) 14:45, 31 October 2008 (UTC)

Inclusion Status[edit]

I have the root certificate for cacert.org showing in a default install of Mozilla Firefox 3.0.13 (Windows XP). This section could be updated. I have neither the time nor interest to search out when it was first included. 64.90.193.188 (talk) 14:57, 11 August 2009 (UTC)

It is not included in FF 14.0.1. If asking users to import it into FF would make all WOT certificates be recognized as valid, this should be documented in the article. It might make distributed applications without the great expense of renting security certificates possible without much risk of viruses or malware, yes? What a wonderful possibility for all small software providers! David Spector (user/talk) 15:40, 20 August 2012 (UTC)

What is Ark Linux? Typo? :)108.184.91.123 ([[User talk:108.184.91.123|talk]]) 00:17, 16 March 2013 (UTC)

Seems genuine, possibly not notable: http://distrowatch.com/table.php?distribution=ark David Spector (talk) 21:18, 18 March 2013 (UTC)

German article[edit]

The german article is more complete than the rest of languages. I have left them a comment asking to add the extra information they have to the english article. If you are reading it and you can translate from german, $USERS will thank you ;) --PabloCastellano (talk) 02:25, 9 February 2010 (UTC)

Objection to added paragraph in introduction[edit]

I object to this paragraph:

In December 2015, the CAcert Inc. Board of Directors took action to disregard an adverse ruling the board received in an arbitration case submitted according to the CAcert Community dispute resolution policies. The board subsequently suspended the hearing arbitrator in the case.[1] This action by the board has caused several members to discuss creating a new organization distinct from CAcert Inc.[2] The Board has taken further action to suspend at least one community member for discussing the legality of these actions on a public CAcert mailing list.[3]

, which was added by User:Neoeinstein, on the following grounds:

  1. The paragraph conflates two completely unrelated events. CAcert Phoenix is explicitly not a reaction to the ”current developments”.[4][5]
  2. The purpose of CAcert Phoenix is badly misrepresented. The goal of CAcert Phoenix is not to create “a new organization distinct from CAcert Inc.”, it is to discuss moving the CAcert organization to a different legal entity. CAcert phoenix does not intend to fork CAcert (as the article makes it sound)[6][7], and it does not intend to actually create any organization[8].
  3. I doubt the relevance of the information in the paragraph. At the very least, I don’t think it belongs into the introduction at all, but rather into a section further down the article. But I also am not convinced that this should be mentioned at all at this point. This entire matter is still in progress.
  4. I question the quality of the paragraph. It is a loose and incomplete collection of vague statements (“a ruling”, “a case”, “several members”) without context, and is in my opinion more confusing than illuminating. The first sentence is badly missing citations (which case? disregard where?). The second sentence fails to explain the reason for the suspension (which board gave[9]), making it seem like a baseless out-of-spite reaction. Board’s plans to instate an investigation committee[9] are not mentioned at all.

As a member of CAcert Inc., I have a conflict of interest with the subject, and am hesitant to make edits to this paragraph. I would therefore be very thankful if User:Neoeinstein or someone else could address these issues. Otherwise, if there is no reaction within one week, I plan to remove the entire paragraph by reverting this edit. I would consider that revert to be an edit with little risk of bias, and one that would improve the article. —Lucas Werkmeister (talk) 21:37, 23 March 2016 (UTC)

One week has passed (± a few hours), but I’ve decided to ask the COIN for guidance before reverting. —Lucas Werkmeister (talk) 15:24, 30 March 2016 (UTC)
I've removed it per WP:LEAD -Roxy the dog™ woof 21:15, 30 March 2016 (UTC)
Thanks! —Lucas Werkmeister (talk) 22:21, 30 March 2016 (UTC)

References[edit]

  1. ^ Mailing list email (retrieved 2016-02-28)
  2. ^ CAcert Phoenix proposal (retrieved 2016-02-28)
  3. ^ CAcert Board confirmation of action to suspend community member (retrieved 2016-02-28)
  4. ^ Stöwe, Eva (16 Feb 2016). "work on new association ... CAcert Phoenix". Retrieved 23 Mar 2016. Please note: This is not based on current developments. The request for a new association is there for years and CAcert Inc wants to have it.
  5. ^ Stöwe, Eva (18 Feb 2016). "[phoenix] Welcome to the list for the CAcert Phoenix (new association) approach". Retrieved 23 Mar 2016. Again I want to emphasise that this is meant to be to discuss the future of CAcert it is not meant to be against CAcert Inc.
  6. ^ Jantzen, Bernd (21 Feb 2016). "Re: start requirement analysis ;-) - Use Cases". Retrieved 23 Mar 2016. As I understood Eva's mail, she does not want to set up an alternative to CAcert Inc ... Anyway, I agree: We are not here to start setting up an alternative organisation instead of CAcert Inc. We are only here for discussing how such a future association in Europa should look like and in which country it could be located.
  7. ^ Stöwe, Eva (21 Feb 2016). "Re: start requirement analysis ;-) - Use Cases". Retrieved 23 Mar 2016. yes, Bernd explained it in a good way. It is to identify the minimalist core of an association ...
  8. ^ Stöwe, Eva (21 Feb 2016). "Re: start requirement analysis ;-) - Use Cases". Retrieved 23 Mar 2016. Most certainly this is NOT a fork! The procedure you described [quoted email: We would talk about this move here ... and then take the results of these discussions back to CAcert proper ... and make decisions there] is pretty much what is intended.
  9. ^ a b Mutz, Reinhard (9 Dec 2015). "CAcert: important information". Retrieved 23 Mar 2016.