[LCA2015-Chat] CACert BoF

Jim Cheetham jim at gonzul.net
Fri Dec 19 10:10:12 EST 2014

> On 18 Dec 2014, at 8:29 pm, Jeremy Visser <jeremy at visser.name> wrote:
> Honest question: how relevant is CAcert these days?

On Thu, Dec 18, 2014 at 11:17 PM, Geordie Millar <gm at stackunderflow.com> wrote:
> ... and it's only going to get less relevant when https://letsencrypt.org/
> launches soon...

That's difficult to answer :-) which makes it a good question.

I *never* saw CACert as a way to get "free SSL" certificates; although
that outcome was initially an expected benefit of CACert, it has never
materialised, for a whole bunch of reasons, some good, some bad.

So if your understanding of CACert is "free SSL" it isn't relevant,
especially if letsencrypt.org gets traction (although note that you
already have startssl.com to turn to if you know how to drive the
command line)

What CACert is really, is a community that has strong identification
of its members. The process of understanding what identification
actually is, and how it needs to be done in the current world, to me
is very valuable as a infosec practitioner. So I treat it as a
learning experience, rather than as a technical output provider.

In many ways the identity requirements of CACert are similar to
Debian's use of the OpenPGP web of trust, only much more stringent.


More information about the Chat mailing list