Talk:CAcert.org

CAcert has been
CAcert has been running nearly for 4 years now Wildcat paris 12:53, 14 September 2007 (UTC)

False certifiers

 * Q. Suppose 3 persons go through the trouble of being assured with 150 points. Is there anything that prevents them from certifying 3 times ( 105 points ) other 25 non-existent names, who also certify amongst themselves to reach 150 points and so on ?
 * A. Unfortunately No.

So, from a certain point, it could be just fake certifications? Doesn't it make CAcert certificates useless?


 * You can do this with the Thawte web of trust as well. The only thing you can do about it is remove the accounts and revoke the certs, if someone reports the fraud. —Preceding unsigned comment added by 62.163.167.174 (talk • contribs)


 * This is what the trust metric of Advogato is intended to discourage. --Damian Yerrick (☎) 17:51, 13 August 2006 (UTC)


 * Plus any assurer has to accept the CAcert community agreement which states that any assurer is liable with a fee of up to 1000 € for every false assurance made. --Natureshadow (talk) 21:12, 12 January 2010 (UTC)

Robot CA vs. web of trust
How can I tell these certificates apart? How can I instruct my computer to e.g. trust the web of trust certificates, but distrust the robot certficates? Do they use a different root certificate? What is the use of robot certificates? Shinobu 07:40, 24 December 2006 (UTC)


 * This is a valid concern. Presently, the "class 1" (email verification only) root certificate (their primary one) is used for signing all certificates (server, email, code, etc.). They've created a "class 3" (higher verification, such as the web of trust) signing certificate that is chained to the class 1 root. In Mozilla products, you can change what you trust root certs for, so you'd be able to say "don't trust the root CA for anything, but trust the class 3 root for web sites, email, and code signing" if you wanted.


 * The class 3 root is not as widely used; the class 1 root is much more widely distributed (such as in some browsers, operating systems, etc.). You can install either root at the CAcert website. Many (most?) of the issued certificates, including Web of Trust-verified ones, are signed with the class 1 root for wider compatibility, so it might not be truly possible to have the computer discriminate between robot and WoT-verified certs. Your best bet is seeing if the certificate contains the user's full name, as this means they're verified through the WoT. Pete —Preceding comment was added at 19:54, 16 October 2007 (UTC)

Update
150,000 as of September 2006? Can someone update this? — Bob • (talk) • 08:28, July 29, 2007 (UTC)
 * Updated to January 2010 ;) --PabloCastellano (talk) 02:22, 9 February 2010 (UTC)

CAcert Agreement Defined - Included in main browsers?
I'm a bit vague on the details, but according to this announcement by CAcert they have decided on a Community Agreement and have "conquered that monumental task", I assume referring to "... the need to have CAcert Root Key included in the browsers. For this CAcert started the Audit process ..."

Can the article be updated, is it ready to be modified? M. W. Holt (talk) 01:54, 16 March 2008 (UTC)

Article name
Why is this names CAcert.org rather than CAcert? --Chealer (talk) 09:02, 26 October 2008 (UTC)
 * If you go and visit their site you will see Join CAcert.org and About CAcert.org in the menu, so we can fairly asume that is the official name of the community project. On the other hand, behind CAcert.org there is an association, CAcert Inc., but the article is currently only talking about the community project. —mnemoc (?) 14:45, 31 October 2008 (UTC)

Inclusion Status
I have the root certificate for cacert.org showing in a default install of Mozilla Firefox 3.0.13 (Windows XP). This section could be updated. I have neither the time nor interest to search out when it was first included. 64.90.193.188 (talk) 14:57, 11 August 2009 (UTC)

It is not included in FF 14.0.1. If asking users to import it into FF would make all WOT certificates be recognized as valid, this should be documented in the article. It might make distributed applications without the great expense of renting security certificates possible without much risk of viruses or malware, yes? What a wonderful possibility for all small software providers! David Spector (user/talk) 15:40, 20 August 2012 (UTC)

What is Ark Linux? Typo? :)108.184.91.123 (talk) 00:17, 16 March 2013 (UTC)


 * Seems genuine, possibly not notable: http://distrowatch.com/table.php?distribution=ark David Spector (talk) 21:18, 18 March 2013 (UTC)

German article
The german article is more complete than the rest of languages. I have left them a comment asking to add the extra information they have to the english article. If you are reading it and you can translate from german, $USERS will thank you ;) --PabloCastellano (talk) 02:25, 9 February 2010 (UTC)

Objection to added paragraph in introduction
I object to this paragraph: In December 2015, the CAcert Inc. Board of Directors took action to disregard an adverse ruling the board received in an arbitration case submitted according to the CAcert Community dispute resolution policies. The board subsequently suspended the hearing arbitrator in the case. This action by the board has caused several members to discuss creating a new organization distinct from CAcert Inc. The Board has taken further action to suspend at least one community member for discussing the legality of these actions on a public CAcert mailing list. , which was added by User:Neoeinstein, on the following grounds:


 * 1) The paragraph conflates two completely unrelated events. CAcert Phoenix is explicitly not a reaction to the ”current developments”.
 * 2) The purpose of CAcert Phoenix is badly misrepresented. The goal of CAcert Phoenix is not to create “a new organization distinct from CAcert Inc.”, it is to discuss moving the CAcert organization to a different legal entity. CAcert phoenix does not intend to fork CAcert (as the article makes it sound) , and it does not intend to actually create any organization.
 * 3) I doubt the relevance of the information in the paragraph. At the very least, I don’t think it belongs into the introduction at all, but rather into a section further down the article. But I also am not convinced that this should be mentioned at all at this point. This entire matter is still in progress.
 * 4) I question the quality of the paragraph. It is a loose and incomplete collection of vague statements (“a ruling”, “a case”, “several members”) without context, and is in my opinion more confusing than illuminating. The first sentence is badly missing citations (which case? disregard where?). The second sentence fails to explain the reason for the suspension (which board gave ), making it seem like a baseless out-of-spite reaction. Board’s plans to instate an investigation committee are not mentioned at all.

As a member of CAcert Inc., I have a conflict of interest with the subject, and am hesitant to make edits to this paragraph. I would therefore be very thankful if User:Neoeinstein or someone else could address these issues. Otherwise, if there is no reaction within one week, I plan to remove the entire paragraph by reverting this edit. I would consider that revert to be an edit with little risk of bias, and one that would improve the article. —Lucas Werkmeister (talk) 21:37, 23 March 2016 (UTC)


 * One week has passed (± a few hours), but I’ve decided to ask the COIN for guidance before reverting. —Lucas Werkmeister (talk) 15:24, 30 March 2016 (UTC)
 * I've removed it per WP:LEAD -Roxy the dog™ woof 21:15, 30 March 2016 (UTC)
 * Thanks! —Lucas Werkmeister (talk) 22:21, 30 March 2016 (UTC)

Third-party sources
CAcert itself has a press review, with third-party sources: https://wiki.cacert.org/PressPass — Preceding unsigned comment added by Eruedin (talk • contribs) 14:21, 29 December 2021 (UTC)

Some potential sources via ProQuest:
Some (unchecked) sources via ProQuest, though some are only passing mention.
 * Richters, O., & Peixoto, T. P. (2011). Trust transitivity in social networks. PLoS One, 6(4) doi:http://dx.doi.org/10.1371/journal.pone.0018384
 * How to deal with security certificates. (2016, Aug 01). Arizona Republic Retrieved from https://www.proquest.com/newspapers/how-deal-with-security-certificates/docview/1807910443/se-2?accountid=196403

Thankyou Djm-leighpark (talk) 08:26, 31 December 2021 (UTC)
 * Rist, O., & Bernstein, J. (2005). Build your own open source messaging server. InfoWorld, 27(7), 36-37. Retrieved from https://www.proquest.com/trade-journals/build-your-own-open-source-messaging-server/docview/194363372/se-2?accountid=196403
 * Snyder, J. (2005). X GAMES. Network World, 22(13), 36-38. Retrieved from https://www.proquest.com/trade-journals/x-games/docview/215987125/se-2?accountid=196403