CAcert.org

Lua error in package.lua at line 80: module 'strict' not found. CAcert.org is a community-driven certificate authority that issues free public key certificates to the public.^[1] CAcert has over 320,000 verified users and has issued over 1,200,000 certificates as of December 2015^[update].^[2]

These certificates can be used to digitally sign and encrypt email, authenticate and authorize users connecting to websites and secure data transmission over the Internet. Any application that supports the Secure Socket Layer (SSL) can make use of certificates signed by CAcert, as can any application that uses X.509 certificates, e.g. for encryption or code signing and document signatures.

CAcert Inc. Association

CAcert Inc. is an incorporated non-profit association registered^[3] in New South Wales (Australia) since July 2003 which runs CAcert.org. It has members living in many different countries and a board of 7 members.^[4]

Robot CA

CAcert automatically signs certificates for email addresses controlled by the requester and for domains for which certain addresses (such as "hostmaster@example.com") are controlled by the requester. Thus it operates as a robot certificate authority. These certificates are considered weak because CAcert does not emit any information in the certificates other than the domain name or email address (the CommonName field in X.509 certificates). A strong argument can be made however that domain verification is the only element within a certificate that can be trusted and proven and the domain name being the key element on which a user should base their trust with Extended Validation certificates offering a false sense of security. It is therefore the method of verifying domain control that is most important.

Web of trust

To create higher-trust certificates, users can participate in a web of trust system whereby users physically meet and verify each other's identities. CAcert maintains the number of assurance points for each account. Assurance points can be gained through various means, primarily by having one's identity physically verified by users classified as "Assurers".

Having more assurance points allows users more privileges such as writing a name in the certificate and longer expiration times on certificates. A user with at least 100 assurance points is a Prospective Assurer, and may—after passing an Assurer Challenge^[5]—verify other users; more assurance points allow the Assurer to assign more assurance points to others.

CAcert sponsors key signing parties, especially at big events such as CeBIT and FOSDEM.

Root certificate descriptions

Since October 2005, CAcert offers Class 1 and Class 3 root certificates. Class 3 is a high-security subset of Class 1.^[6]

Inclusion status

As of May 2013^[update], certificates issued by CAcert are not as useful in web browsers as certificates issued by commercial CAs such as VeriSign, because most installed web browsers do not distribute CAcert's root certificate.^[7] Thus, for most web users, a certificate signed by CAcert behaves like a self-signed certificate. Discussion for inclusion of CAcert's root certificate in Mozilla and derivatives (such as Mozilla Firefox) started in 2004, when Mozilla had no CA certificate policy. Eventually, Mozilla developed that policy and CAcert withdrew its request for inclusion at the end of April 2007.^[8] At the same time, the CA/Browser Forum was established and Extended Validation Certificates began to be issued. CAcert would need to improve their management system and deepen their formal verifications, auditing in particular. Progress toward this and a new request for inclusion can hardly be expected in the near future.^[9] FreeBSD used to include the root certificate but removed it in 2008 following Mozilla's policy.^[10] In 2014 it was removed from Ubuntu,.^[11]

The following operating systems or distributions include the CAcert root certificate:^[7]

Archlinux
Debian^[12]
FreeWRT
Gentoo
Maemo (installed on Nokia Internet Tablets)^{[citation needed]} (not on Nokia N900)
Knoppix
Mandriva Linux
MirOS BSD
OpenBSD until 2014-04-09, when it was removed from cert.pem following a redistribution licence review
openSUSE
Kali Linux (successor to BackTrack 5 linux security distribution)
Slackware

References

↑ About CAcert
↑ CAcert usage statistics
↑ CAcertInc - CAcert Wiki
↑ CAcert Inc. Board of Directors
↑ Assurance Policy, section 2.3.
↑ FAQ/TechnicalQuestions - CAcert Wiki
↑ ^7.0 ^7.1 CAcert inclusion status page
↑ Discussion by Mozilla on including CAcert root certificate
↑ CAcert audit comment on Mozilla
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.

External links

No URL found. Please specify a URL here or add one to Wikidata.

[1] About CAcert

[2] CAcert usage statistics

[3] CAcertInc - CAcert Wiki

[4] CAcert Inc. Board of Directors

[Assurance_Policy_-_section_2.3-5] Assurance Policy, section 2.3.

[6] FAQ/TechnicalQuestions - CAcert Wiki

[incStatus-7] 7.0 ^7.1 CAcert inclusion status page

[8] Discussion by Mozilla on including CAcert root certificate

[9] CAcert audit comment on Mozilla

[10] Lua error in package.lua at line 80: module 'strict' not found.

[11] Lua error in package.lua at line 80: module 'strict' not found.

[12] Lua error in package.lua at line 80: module 'strict' not found.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

CAcert.org

Contents

CAcert Inc. Association

Robot CA

Web of trust

Root certificate descriptions

Inclusion status

References

External links

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools