CAcert.org
Encyclopedia
CAcert.org is a community-driven certificate authority
that issues free public key certificate
s to the public (unlike other certificate authorities which are commercial and sell certificates). CAcert has nearly 200,000 verified users and has issued over 700,000 certificates .
These certificates can be used to digitally sign
and encrypt email, authenticate and authorize users connecting to websites and secure data transmission over the Internet
. Any application that supports the Secure Socket Layer (SSL) can make use of certificates signed by CAcert, as can any application that uses X.509
certificates, e.g. for encryption or code signing and document signatures
.
(Australia) since July 2003 which runs CAcert.org. It has members living in many different countries and a board of 7 members.
. These certificates are considered weak because CAcert does not emit any information in the certificates other than the domain name or email address (the CommonName field in X.509 certificates).
system whereby users physically meet and verify each other's identities. CAcert maintains the number of assurance points for each account. Assurance points can be gained through various means, primarily by having one's identity physically verified by users classified as "Assurers".
Having more assurance points allows users more privileges such as writing a name in the certificate and longer expiration times on certificates. A user with at least 100 assurance points is a Prospective Assurer, and may—after passing an Assurer Challenge -- verify other users; more assurance points allow the Assurer to assign more assurance points to others.
CAcert sponsors key signing parties
, especially at big events such as CeBIT
.
s as certificates issued by commercial CAs such as VeriSign
, because most installed web browsers do not distribute CAcert's root certificate
. Thus, for most web users, a certificate signed by CAcert behaves like a self-signed certificate
. There was discussion for inclusion of CAcert's root certificate in Mozilla
and derivatives (such as Mozilla Firefox
) but CAcert withdrew its request for inclusion at the end of April 2007. This was after an audit was suspended in December 2006 because CAcert needed to improve their management system. There has been progress toward this and a new request for inclusion may be expected in the future.
The following operating systems or distributions include the CAcert root certificate:
Certificate authority
In cryptography, a certificate authority, or certification authority, is an entity that issues digital certificates. The digital certificate certifies the ownership of a public key by the named subject of the certificate...
that issues free public key certificate
Public key certificate
In cryptography, a public key certificate is an electronic document which uses a digital signature to bind a public key with an identity — information such as the name of a person or an organization, their address, and so forth...
s to the public (unlike other certificate authorities which are commercial and sell certificates). CAcert has nearly 200,000 verified users and has issued over 700,000 certificates .
These certificates can be used to digitally sign
Digital signature
A digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit...
and encrypt email, authenticate and authorize users connecting to websites and secure data transmission over the Internet
Internet
The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite to serve billions of users worldwide...
. Any application that supports the Secure Socket Layer (SSL) can make use of certificates signed by CAcert, as can any application that uses X.509
X.509
In cryptography, X.509 is an ITU-T standard for a public key infrastructure and Privilege Management Infrastructure . X.509 specifies, amongst other things, standard formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation...
certificates, e.g. for encryption or code signing and document signatures
Digital signature
A digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit...
.
CAcert Inc. Association
CAcert Inc. is an incorporated non-profit association registered in New South WalesNew South Wales
New South Wales is a state of :Australia, located in the east of the country. It is bordered by Queensland, Victoria and South Australia to the north, south and west respectively. To the east, the state is bordered by the Tasman Sea, which forms part of the Pacific Ocean. New South Wales...
(Australia) since July 2003 which runs CAcert.org. It has members living in many different countries and a board of 7 members.
Robot CA
CAcert automatically signs certificates for email addresses controlled by the requester and for domains for which certain addresses (such as "hostmaster@example.com") are controlled by the requester. Thus it operates as a robot certificate authorityRobot certificate authority
A robot certificate authority is a certificate authority which automatically signs public keys which match some requirement.Typically Robot CAs are set up to validate that the public key belonging to an e-mail address does actually belong to the e-mail address...
. These certificates are considered weak because CAcert does not emit any information in the certificates other than the domain name or email address (the CommonName field in X.509 certificates).
Web of trust
To create higher-trust certificates, users can participate in a web of trustWeb of trust
In cryptography, a web of trust is a concept used in PGP, GnuPG, and other OpenPGP-compatible systems to establish the authenticity of the binding between a public key and its owner. Its decentralized trust model is an alternative to the centralized trust model of a public key infrastructure ,...
system whereby users physically meet and verify each other's identities. CAcert maintains the number of assurance points for each account. Assurance points can be gained through various means, primarily by having one's identity physically verified by users classified as "Assurers".
Having more assurance points allows users more privileges such as writing a name in the certificate and longer expiration times on certificates. A user with at least 100 assurance points is a Prospective Assurer, and may—after passing an Assurer Challenge -- verify other users; more assurance points allow the Assurer to assign more assurance points to others.
CAcert sponsors key signing parties
Key signing party
In cryptography, a key signing party is an event at which people present their PGP-compatible keys to others in person, who, if they are confident the key actually belongs to the person who claims it, digitally sign the PGP certificate containing that public key and the person's name, etc...
, especially at big events such as CeBIT
CeBIT
CeBIT is the world's largest and most international computer expo. CeBIT is held each year on the world's largest fairground in Hanover, Germany, and is a barometer of the state of the art in information technology...
.
Inclusion status
, certificates issued by CAcert are not as useful in web browserWeb browser
A web browser is a software application for retrieving, presenting, and traversing information resources on the World Wide Web. An information resource is identified by a Uniform Resource Identifier and may be a web page, image, video, or other piece of content...
s as certificates issued by commercial CAs such as VeriSign
VeriSign
Verisign, Inc. is an American company based in Dulles, Virginia that operates a diverse array of network infrastructure, including two of the Internet's thirteen root nameservers, the authoritative registry for the .com, .net, and .name generic top-level domains and the .cc and .tv country-code...
, because most installed web browsers do not distribute CAcert's root certificate
Root certificate
In cryptography and computer security, a root certificate is either an unsigned public key certificate or a self-signed certificate that identifies the Root Certificate Authority . A root certificate is part of a public key infrastructure scheme...
. Thus, for most web users, a certificate signed by CAcert behaves like a self-signed certificate
Self-signed certificate
In cryptography and computer security, a self-signed certificate is an identity certificate that is signed by its own creator. That is, the person that created the certificate also signed off on its legitimacy....
. There was discussion for inclusion of CAcert's root certificate in Mozilla
Mozilla Application Suite
The Mozilla Application Suite is a cross-platform integrated Internet suite. Its development was initiated by Netscape Communications Corporation, before their acquisition by AOL. It is based on the source code of Netscape Communicator...
and derivatives (such as Mozilla Firefox
Mozilla Firefox
Mozilla Firefox is a free and open source web browser descended from the Mozilla Application Suite and managed by Mozilla Corporation. , Firefox is the second most widely used browser, with approximately 25% of worldwide usage share of web browsers...
) but CAcert withdrew its request for inclusion at the end of April 2007. This was after an audit was suspended in December 2006 because CAcert needed to improve their management system. There has been progress toward this and a new request for inclusion may be expected in the future.
The following operating systems or distributions include the CAcert root certificate:
- Arch LinuxArch LinuxArch Linux is an independently developed, Linux-based operating system for i686 and x86-64 computers. It is composed predominantly of free and open source software, and supports community involvement....
- Ark LinuxArk LinuxArk Linux is a Linux distribution maintained by a group of volunteers and aims to be easy to install and use. Its default desktop environment is KDE.Ark Linux is available both as an installable CD and as a Live CD, and is free software.-Principles:...
- CentOSCentOSCentOS is a free operating system based on Red Hat Enterprise Linux . It exists to provide a free enterprise class computing platform and strives to maintain 100% binary compatibility with its upstream distribution...
- DebianDebianDebian is a computer operating system composed of software packages released as free and open source software primarily under the GNU General Public License along with other free software licenses. Debian GNU/Linux, which includes the GNU OS tools and Linux kernel, is a popular and influential...
- FreeWRT
- GentooGentoo LinuxGentoo Linux is a computer operating system built on top of the Linux kernel and based on the Portage package management system. It is distributed as free and open source software. Unlike a conventional software distribution, the user compiles the source code locally according to their chosen...
- MaemoMaemoMaemo is a software platform developed by the Maemo community for smartphones and Internet tablets. It is based on the Debian Linux distribution, but has no relation to it...
(installed on Nokia Internet Tablets) (not on Nokia N900Nokia N900The Nokia N900 is a smartphone made by Nokia. It supersedes the Nokia N810. Its default operating system, Maemo 5, is a Linux-based OS originally developed for the Nokia 770 Internet Tablet. It is the first Nokia device based upon the Texas Instruments OMAP3 microprocessor with the ARM Cortex-A8...
) - KnoppixKnoppixKnoppix, or KNOPPIX , is an operating system based on Debian designed to be run directly from a CD / DVD or a USB key , one of the first of its kind for any operating system. Knoppix was developed by Linux consultant Klaus Knopper. When starting a program, it is loaded from the removable medium...
- Mandriva LinuxMandriva LinuxMandriva Linux is a Linux distribution distributed by Mandriva. It uses the RPM Package Manager...
- MirOS BSDMirOS BSDMirOS BSD is a free and open source operating system, which started as a fork of OpenBSD 3.1 in August 2002. It is intended to maintain the security of OpenBSD - from which it frequently synchronises code updates - with better support for European localisation...
- OpenBSDOpenBSDOpenBSD is a Unix-like computer operating system descended from Berkeley Software Distribution , a Unix derivative developed at the University of California, Berkeley. It was forked from NetBSD by project leader Theo de Raadt in late 1995...
- openSUSEOpenSUSEopenSUSE is a general purpose operating system built on top of the Linux kernel, developed by the community-supported openSUSE Project and sponsored by SUSE...
See also
- StartComStartComStartCom is a company based in Eilat, Israel that has three main activities: StartCom Linux Enterprise , StartSSL and MediaHost .- StartSSL :...
- Also provides free SSL certificates for webservers as well as for e-mail - Comodo Group - Also provides free personal e-mail certificates