[Cryptography] New free TLS CA coming

Ralph Holz ralph-cryptometzger at ralphholz.de
Fri Nov 21 11:47:18 EST 2014

Hi Ian,

> It all took a while, like about 3-4 years.  Now they are doing it, and
> now it is pretty good, and would likely pass the audit of that time. For
> example of how good their governance is, CAcert have more or less
> defeated a steady run of intel attacks to insert trusted spooks into the
> operation, which cannot be said for any other organisation that has been
> named recently as having been insider-breached, e.g., google, Mozilla,
> not to mention the happily owned slaves such as Cisco.

Can you elaborate on that 'spooks' thing a bit? It certainly goes beyond
what you've written up on the Web so far.

>  This then caused the CAs to get spooked, who were already running
> around trying to set up a cozy new cartel, so they headed the rebellion
> off at the pass, brought the vendors into the fold, and then worked in
> secret for 2 years to craft "Baseline Requirements."

I thought the CABF was founded in 2005 and the BR took effect in 2012?

> Right, so this is the other path.  CAcert could in theory purchase a
> sub-root access from a bigger CA.  I'm not sure how viable this is,
> nobody at CAcert really likes that idea, and I've not come across a CA
> that likes it either ;)

The practice is frowned upon, anyway - wouldn't it be covered by Moz's
Problematic Practices?


More information about the cryptography mailing list