- CAcert.org
CAcert.org is a community-driven
certificate authority that issues freepublic key certificate s to the public [ [https://www.cacert.org/index.php?id=12 About CAcert] ] (unlike other certificate authorities which are commercial and sell certificates). CAcert has over 110,000 verified users and has issued over 350,000 certificates as of|2008|July|alt=as of July 2008 [ [http://www.cacert.org/stats.php CAcert usage statistics] ] .These certificates can be used to sign and
encrypt email, authenticate and authorize users connecting to websites and secure data transmission over theInternet . Any application that supports the Secure Socket Layer (SSL) can make use of certificates signed by CAcert, as can any application that usesX.509 certificates, e.g. for encryption or code signing and document signatures.Robot CA
CAcert automatically signs certificates for email addresses controlled by the requester and for domains for which certain addresses (such as "hostmaster@example.com") are controlled by the requester. Thus it operates as a
robot certificate authority . These certificates are considered weak because CAcert does not emit any information in the certificates other than the domain name or email address (the "CommonName" field in X.509 certificates).Web of trust
To create higher-trust certificates, users can participate in a
web of trust system whereby users physically meet and verify each other's identities. CAcert maintains the number of assurance points for each account. Assurance points can be gained through various means, primarily by having one's identity physically verified by users classified as "Assurers" or by "Trusted Third Parties" such as public notaries.Having more assurance points allows users more privileges such as writing a name in the certificate, longer expiration times on certificates. A user with at least 100 assurance points is designated an Assurer, and may verify other users; higher assurance points allows the assurer to assign more assurance points to others.
CAcert sponsors key signing parties, especially at big events such as
CeBIT .Inclusion status
As of|2005, certificates issued by CAcert are not as useful in
web browser s as certificates issued by commercial CAs such asVeriSign , because most installed web browsers do not distribute CAcert'sroot certificate . Thus, for most web users, a certificate signed by CAcert behaves like aself-signed certificate . There was discussion for inclusion of CAcert's root certificate in Mozilla and derivatives (such asMozilla Firefox ) but it was closed without including it, at the end of April 2007. [ [https://bugzilla.mozilla.org/show_bug.cgi?id=215243 Discussion by Mozilla on including CAcert root certificate] ] This was after an audit was suspended in December 2006 because CAcert needed to improve their management system. There has been progress toward this and a new request for inclusion may be expected in the future. [ [https://bugzilla.mozilla.org/show_bug.cgi?id=215243#c158 CAcert audit comment on Mozilla] ] Getting the CAcert root cert included into Mozilla is probably CAcert's largest challenge right now, but one they are actively engaged in. [http://wiki.cacert.org/wiki/InclusionStatus CAcert inclusion status page] ] CAcert is engaged to give more transparency in its [http://wiki.cacert.org/wiki/Board management system] .The following operating systems or distributions include the CAcert root certificate:
*ArkLinux
*CentOS
*Debian
*FreeWRT
* Gentoo
*Internet Tablet OS (installed onNokia Internet Tablet s)
*Knoppix
*Mandriva
*MirBSD
*OpenBSD ee also
Wikimedia Foundation. 2010.
