Tag Archives: CAcert

Security considerations and Building Trust

Posted on by | Leave a reply
Conclusion slides; the talk covered hashes, cryphography and reproducible builds

In September last year, the Free Software Sydney meet-up group had an inaugural Jitsi Meet videoconference.

My (longer-than-planned) contribution to the conference aimed at introducing trust and security concepts, mainly in showing the prevalent role of hashes, and covered public-key cryptography uses, GPG, SSL CAs, trusting trust and reproducible builds.

The whole video of the conference, also covering Free Software and Tor, can be found on the page of the event. PDF slides are available here.

Continue reading

Reinstalling CAcert root certificates on Debian

Posted on by | Leave a reply

CAcert is an SSL Certificate Authority based on the establishment of a web-of-trust à la PGP: rather than charging to issue certificates to anyone, it issues them only to members who have been vouched for by enough other trustworthy members (assurers).

For historical reasons, they were included in the Debian ca-certificates package. It was however recently removed, for justified reasons (CAcert is conducting an audit, and withdrew their demand for inclusion in the Mozilla chain until it’s done). Most other distributions mirror from this package to ship their root certificate, and have also dropped CAcert as a consequence.

This is however a bit annoying, as many sites started popping up warnings due to their root certificate not being in the trusted chain of the OS anymore. Until, maybe, they are reinstalled but disabled by default, I quickly wrote up a tiny script that downloads CAcert’s root certificates, and re-registers them. It’s quick and dirty, and only does an MD5 sum to make check they are the right ones, so use at your own risks.

Continue reading