[TriLUG] CAcert meeting -- how to prepare

Carl Lindner cal3 at clindner.com
Thu Feb 5 15:12:57 EST 2009


With a potential large number of individuals bringing multiple id's, is
there any chance of also using this as an opportunity for a pgp/gpg key
exchange?

thanks
carl

Alan Porter wrote:
> The February TriLUG meeting is rapidly approaching (next week),
> and I wanted to send out a quick note that might help you get
> the most out of the talk.
> 
> First of all, some background.  What is "CAcert"?
> 
> It is a certificate authority, just like Verisign or Thawte or
> GoDaddy.  You can generate certificates to use on your web
> server or mail server, and they will sign it.
> 
> Many people use self-signed certificates on their web servers
> and mail servers.  This provides HTTPS/IMAPS (SSL) encryption,
> but it is trivial to spoof.  An attacker just sits in between
> you and your server, providing you with his own self-signed
> certificate.
> 
> YOU <---encrypted---> SPOOFER <---encrypted---> WEBSERVER
> 
> For this reason, on Firefox 3, you get the screen with the
> yellow passport man icon saying "Secure Connection Failed".
> And then they make you jump through several hoops before
> you can accept the certificate and see the page.  In theory,
> you're supposed to verify fingerprints and what-not, but
> who does?
> 
> If you want to avoid this problem, you can get your certificate
> signed by somebody: Verisign, Thawte, GoDaddy, or CAcert.
> 
> There are two main differences between these CA's:
> 
>    (1) price... CAcert is free, the others are not
> 
>    (2) ease-of use... most browsers already know who the
>        other guys are, but you have to tell it who CAcert is
>        (by downloading their root certificate and importing
>        it into your browser).
> 
> We'll talk a lot about these points at the meeting.
> 
> BUT... if you follow these steps, you will be able to generate
> your own certificates, and then have your certs signed by CAcert.
> 
> I did it today, and it was very easy.
> 
> ------------------------------------------------------------------
> 
> THE STEPS -- DO THIS BEFORE THE MEETING
> 
> 0) See the detailed instructions here:
> 
>    http://wiki.cacert.org/wiki/FAQ/AssuranceByCAP
> 
>    If you have a concern or spot a conflict between those
>    instructions and these in this email, contact Cristóbal
>    Palmer, cmp at cmpalmer.org
> 
> 1) SIGN UP with CAcert here:
> 
>    https://www.cacert.org/index.php?id=1
> 
> 2) PRINT out a CAP form. See here:
> 
>    http://wiki.cacert.org/wiki/FAQ/AssuranceByCAP
>    Click on item #4.
> 
> 3) BRING two forms appropriate government-issued ID.
> 
>    Examples: passport, id-card, driver's license
> 
>    The names should match on both.  One must have a photo,
>    but both is ideal.
> 
> 4) COME to the meeting! Enjoy the show! Get assured!
> 
> 
> 
> Alan and Cristóbal
> 
> 
> 
> 



More information about the TriLUG mailing list