You are here
An Open Audit of an Open Certification Authority
How does a lightweight community Certificate Authority ("CA") engage in the heavyweight world of PKI and secure browsing? With the introduction of Public Key Infrastructure, the Internet security framework rapidly became too complex for individuals and small groups to deal with, and the audit stepped into the gulf to provide a kinder face, in the form of a simple opinion or judgment call. This talk tracks the systems audit of CAcert, an open-membership CA, as a case study in auditing versus the open Internet, community versus professionalism, quality versus enthusiasm. It will look at how CAcert found itself at this point and then will walk through some big-ticket items, such as risks, assurance, disputes, privacy, and security. Can CAcert deliver on its goal of free certs?
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.