CACert Tanner Lovelace Triangle Linux Users Group 11/May/2006 - - PowerPoint PPT Presentation

cacert
SMART_READER_LITE
LIVE PREVIEW

CACert Tanner Lovelace Triangle Linux Users Group 11/May/2006 - - PowerPoint PPT Presentation

Apr 16, 2023 280 likes •462 views

CACert Tanner Lovelace Triangle Linux Users Group 11/May/2006 Outline What is SSL and why do we need it? What is a Certificate Authority? What is CACert? How does CACert verify identity? How do I use CACert? Conclusion and Mass Assurance

slide-1
SLIDE 1

CACert

Tanner Lovelace Triangle Linux Users Group 11/May/2006

slide-2
SLIDE 2

Outline

What is SSL and why do we need it? What is a Certificate Authority? What is CACert? How does CACert verify identity? How do I use CACert? Conclusion and Mass Assurance

slide-3
SLIDE 3

How Does the Web Work?

Client-server No verification or encryption (in standard model)

slide-4
SLIDE 4

Problems with Standard Web

Susceptible to eavesdropping Man-in-the-middle (i.e. transparent proxies)

slide-5
SLIDE 5

The Web with SSL

Encryption of Traffic Verification of Identity

slide-6
SLIDE 6

Outline

What is SSL and why do we need it? What is a Certificate Authority? What is CACert? How does CACert verify identity? How do I use CACert? Conclusion and Mass Assurance

slide-7
SLIDE 7

Trusted Third Party

Checks identity Based on identity check, it vouches for a server

slide-8
SLIDE 8

Standard Certificate Authorities

Verisign Thawte AOL GoDaddy Many more...

slide-9
SLIDE 9

CACert

Community driven Certificate Authority Primary goals: Inclusion into mainstream browsers! (Mozilla bug #215243, opened 8/6/03, currently with 63 votes, 107 subscribers)

http://wiki.cacert.org/wiki/InclusionStatus

To provide a trust mechanism to go with the security aspects of encryption.

slide-10
SLIDE 10

Outline

What is SSL and why do we need it? What is a Certificate Authority? What is CACert? How does CACert verify identity? How do I use CACert? Conclusion and Mass Assurance

slide-11
SLIDE 11

CACert Assurance Program

Identify Verification Program CACert Assurer Trusted Third Party Being a notary for another authority

slide-12
SLIDE 12

Point System

0-49 points - Considered “unassured” 50 points - Full name on client certs, Server certs valid for 24 months, GPG key signed by CACert 100 points - Maximum available through WoT, can apply for codesigning cert and assure others 150 points - Fully assured, can issue 35 points 200 points - Super Assurer, temporary increase

slide-13
SLIDE 13

Issuing Points

If you have 100 points, you can assure others. You get 2 points for each assurance The maximum points you can issue is a sliding scale Own points

Issuable points

100 10 110 15 120 20 130 25 140 30 150 35

slide-14
SLIDE 14

Outline

What is SSL and why do we need it? What is a Certificate Authority? What is CACert? How does CACert verify identity? How do I use CACert? Conclusion and Mass Assurance

slide-15
SLIDE 15

Installing the Root Certificate

Go to http://www.cacert.org/ Click on “Root Certificate” Check the fingerprint and if correct... Import into the browser

slide-16
SLIDE 16

Getting a Certificate

Client Certificates Server Certificates Generating the certificate Getting it signed

slide-17
SLIDE 17

Using Your Certificate

Using a client certificate Using a server certificate Installation on a server

slide-18
SLIDE 18

Outline

What is SSL and why do we need it? What is a Certificate Authority? What is CACert? How does CACert verify identity? How do I use CACert? Conclusion and Mass Assurance