[Cryptography] New free TLS CA coming
Ralph Holz
ralph-cryptometzger at ralphholz.de
Fri Nov 21 11:47:18 EST 2014
Hi Ian,
> It all took a while, like about 3-4 years. Now they are doing it, and
> now it is pretty good, and would likely pass the audit of that time. For
> example of how good their governance is, CAcert have more or less
> defeated a steady run of intel attacks to insert trusted spooks into the
> operation, which cannot be said for any other organisation that has been
> named recently as having been insider-breached, e.g., google, Mozilla,
> not to mention the happily owned slaves such as Cisco.
Can you elaborate on that 'spooks' thing a bit? It certainly goes beyond
what you've written up on the Web so far.
> This then caused the CAs to get spooked, who were already running
> around trying to set up a cozy new cartel, so they headed the rebellion
> off at the pass, brought the vendors into the fold, and then worked in
> secret for 2 years to craft "Baseline Requirements."
I thought the CABF was founded in 2005 and the BR took effect in 2012?
> Right, so this is the other path. CAcert could in theory purchase a
> sub-root access from a bigger CA. I'm not sure how viable this is,
> nobody at CAcert really likes that idea, and I've not come across a CA
> that likes it either ;)
The practice is frowned upon, anyway - wouldn't it be covered by Moz's
Problematic Practices?
Ralph
More information about the cryptography
mailing list