CeBIT Open Source Project Lounge -- CAcert
CAcert -- community based certificate authorityBy
CAcert is among the 15 projects that will present their work at CeBIT, offering community based security certificates.
In a nutshell - describe your project in a few words:
CAcert is a community based certificate authority with the objective of providing a free, open and transparent public key (PK) infrastructure for all its community members. It seeks to provide an enhanced experience in the virtual world by connecting the virtual identities of the Internet with real world entities.
When did the project begin?
In 2002 with CAcert.org and in 2003 with CAcert, Inc.
How many active members does the project have?
3,257 active assurers (those passing our Assurance Challenge) and 19,067 participants, as of January 18, 2010.
How did the project come about?
Duane Groth wanted to secure the WLAN network of his hometown, which was too expensive, so started the community.
What would make a CeBIT visitor interested in your booth?
1. Anyone can become a community member to use free certificates as long as they get assurance of identity as part of our Organization Assurance program.
2. Small companies, organizations and schools with smaller budgets can get information about how they can add value for their customers or members with the help of client certificate logins to their Internet portals.
3. Linux distributions and software developers can learn how to extend their software with features so that Internet portal or application users are assured secure access.
Who do you make your software for?
Community members have the choice to create client certificates, e-mail certificates (signing and encryption) or server certificates (SSL and TLS) and sign documents or code. They can also sign PGP/PGP keys (engage in keysigning parties).
Where do you see your biggest current challenge?
Browser integration of root certificates into the operating systems require audits handled by the community. These audits are time consuming.
If you were to hire a full-time project developer now, what problem should he or she be ready to solve?
The requirement for audits spawned a new software development project called "Birdshack" during the spring of 2009. We need developers to implement this project.
Under which license is the software currently offered?
GNU General Public License v2, June 1991.
Internet adress: http://www.cacert.org
New release comes with better semantic search and improvements to Kontact.
Annual code quality report shows FOSS is more secure at all project size levels.
The Raspberry Pi Foundation has announced an even smaller version of the tiny computer that will fit into a DIMM slot.
A new class of problems lets a malicious app pre-configure an invisible privilege update.
New Hack language adds static typing and other conveniences.
New crypto policy system will offer easier configuration and more uniform security.
Ubuntu founder denounces insecurity in proprietary, close-source software blobs.
Vulnerability affects many Linux web servers
The Bavarian capital shuns Microsoft, Google, and other alternatives to implement an open source groupware solution.
Phone vendor partnerships bring Mark Shuttleworth's dream of Ubuntu on a phone a step closer to reality.