[TriLUG] OpenCA, anyone else looked into this?
Jon Carnes
jonc at nc.rr.com
Mon Jul 5 17:01:05 EDT 2004
On Sun, 2004-07-04 at 16:59, Tanner Lovelace wrote:
> Kevin Flanagan said the following on 7/4/04 8:20 AM:
>
> > Hi all,
> >
> >
> > I was reading about this on Slashdot the other day,
> > http://www.cacert.org/, and wondered what anyone else thought about it.
> > They ask for ID information that I think twice about handing out,
> > drivers license # or something like that.....
> >
> >
> >
> > Thoughts?
>
> I'm not sure what this would give us over what we've got right now.
> They've created their own certificate authority. That's nice, but
> they still make you install their root certificate. That's
> *exactly* what we have too. We created our own certificate
> authority for our SSL websites. The user also has to install
> our root certificate (http://www.trilug.org/cgi-bin/loadCAcert.cgi).
>
> Now, something we could think about would be to use the CA that
> we've created to sign trilug member SSL certs. That way, members
> wouldn't have to create their own CA, they could just use ours.
> Jon, is that what you were thinking about? That might be an
> interesting member benefit we could offer. We'd need to come up
> with some ground rules and make sure we still remember our
> CA's password O:-), but it's certainly doable.
>
> Any thought on that?
>
> Cheers,
> Tanner
Yep. I think this would be a great benefit for folks who have small
businesses and don't want to create their own certs.
It would have to be done right as Kevin Flanagan pointed out - which
means a bit of work outlining processes and procedures for getting a
cert signed by TriLUG. Plus a process for having folks put a site under
dispute.
TriLUG's plus here is in certifying that the folks are who they say they
are... which might be a lot better than the folks at Thwate do these
days.
Jon :-)
More information about the TriLUG
mailing list