[SGVLUG] CAcert Web of Trust?
jskeys at gmail.com
Tue Mar 28 18:51:08 PST 2006
That would be great. I am "fully assured" with 150 points which means
I can give 35. I hope to bring another who I think also has 150. She
would be coming from Irvine, so I am hoping. It appears that I could
request Super Assurer status for this meeting.
And by the way, thanks for posting that info, Greg. I was going to do
that, but I am going in too many directions right now. For the Web of
Trust model, photocopies of IDs are *not* required--the assurer is
responsible for verifying that what is on the Identity Verification
Form matches what the IDs say.
She/he then verifies that the Form matched what the person has entered
in CACert's web site when they signed up. The Assurer keeps the Forms,
but doesn't need photocopies of IDs.
On their website, this Form, for the Web of Trust, can be found within
the tab on the right labeled "CACert Web of Trust"; and the form
itself is found at the link titled "US- WoT Form" . It is a PDF
form--print at least two after you have created your registration. It
prints with your name, birthdate and e-mail address already included.
You want one for each person who will assure you. Somewhere there is a
link to a blank form-- I'll find and post it. It may prove very useful
if everyone brought a few of those. We may be able to reach the point
where you can assure one another, and us. Note that this "US- WoT
Form" is *not* the same as the TTP form, found at the link, "US - TTP
That form, the "US - TTP Form", is needed for Trusted Third Parties
(TTP), such as notaries. With the TTP method, you *do* need the
photocopies of the two IDs. I am not a notary, nor am I real familiar
with CACert's process for it, but the form is different, and the
notary has to sign, notarize, and mail them to Australia.
Come to think of it, my friend, who I hope can make it, is a notary.
I'll ask her about that too.
Here are the "Rules" as found at https://www.cacert.org/wot.php?id=3:
CAcert Web of Trust Rules
It is essential that CAcert Assurers understand and follow the rules
below to ensure that applicants for assurance are suitably identified,
which, in turn, maintains trust in the system.
* You must meet the applicant in person;
* You must sight at least one form of government issued photo
identification. It's preferable if 2 forms of Government issued photo
ID are presented, as less points may be issued if there is any doubt
on the person by the person issuing points;
* Compare and verify that the copy of the identification sighted is a
true and correct copy;
* Complete the assurance form if the applicant has not already done
so. Ensure that all information matches.
After the meeting, visit the CAcert Web site's make an Assurance page and:
* Enter the applicant's email address;
* Compare the online information to the information recorded on the paper form;
* If, and only if, the two match completely - you may award trust
points up to the maximum points you are able to allocate;
It is imperative that you maintain the confidentiality and privacy of
the applicant, and never disclose the information obtained without the
You may charge a fee for your expenses if the applicant has been
advised of the amount prior to the meeting.
A CAcert Assurer who knowingly, or reasonably ought to have known,
assures an applicant contrary to this policy may be held liable.
CAcert may, from time to time, alter the amount of Assurance Points
that a class of assurer may assign as is necessary to effect a policy
or rule change. We may also alter the amount of Assurance Points
available to an individual, or new class of assurer, should another
policy of CAcert require this.
On 3/29/06, Greg Stark <gstark at electrorent.com> wrote:
> If there are no objections, I will post an announcement to the CAcert BLOG, that SGVLUG will have a registration at the April meeting. I will also see if we can get a "Super Assurer" to participate.
> This should be added to the CalTech Calendar notice.
> Persons wish to participate should have registered at CAcert.org and printed out at least two(2) copies of the TTP(see website), photo copies of the ID's(again read website), and bring the two photo ID's. We could improve on Trust Points Awarded if we can get at least two Trusted Third Parties to attend.
> Greg Stark
> Trusted Third Party?
> A trusted 3rd party is simply someone in your country that is responsible for witnessing signatures and ID documents. This role is covered by many different titles such as public notary, justice of the peace and so on. Other people are allowed to be authoritative in this area as well, such as bank managers, accountants and lawyers.
> More Points, More Privileges
> Depending on the number of points you have you can do different things on CAcert.org.
> • 0-49 points - Person considered "unassured" and their name is not included in any CAcert cert. You can get a ClientCert (Client Certificate used for email encryption or signing) valid for 12 months. A ServerCert (used for SSL in your webserver) for 6 months.
> • 50 points - Your full name is included in your ClientCert. ServerCerts are valid for 24 months. You can get your PGP/GPG Key signed by CAcert (PgpSigning).
> • 100 points - This is the maximum number of points you can reach via WOT. Now you can put your name on the WoT Assurer list on CAcert.org. You can apply for a CodesigningCert now. You can no longer change your personal data (Name, Date of Birth, ...).
> • 150 points - This means "fully assured". It's the maximum number of points that may be reached via the TTP program or by assuring others. You now can issue up to 35 points to other users.
> • 200 points - "Super Assurer". Used to 'seed' new areas where there are no other assurers present or to mass assure at big events. To receive 200 points, you must be fully assured already and make a request to the CAcert Board of Directors stating the reason and length of time for the requested increase. If granted, the value is only temporary for a set time.
> From: sgvlug-bounces at sgvlug.net [mailto:sgvlug-bounces at sgvlug.net] On Behalf Of Jeff Keys
> Sent: Wednesday, March 22, 2006 6:25 PM
> To: SGVLUG Discussion List.
> Subject: Re: [SGVLUG] CAcert Web of Trust?
> I'll send info to the list about what to do beforehand.
> After getting in touch with my inner introvert, I asked myself, "What does a guy with two government issued IDs in his wallet know about SSL anyway?" I know what it is, and I guess I could do a short talk--sort of an overview. After that, I would be more familiar with it. :-)
> PS to Tom: I'll bring a GPG key too!
> On 3/19/06, Dustin Laurence <dustin at dogbert.laurences.net> wrote:
> On Sat, Mar 18, 2006 at 04:44:10AM +0000, Jeff Keys wrote:>
> > I didn't know about it until I got there, but I did become an
> > assurer at SCALE. I listed myself today; you will now see me llisted
> > as "Jeffrey K" when you click "find assurers" within 50km of Pasadena.
> > I wanted to add this to the GPG key signing last week, but I was out
> > of town and couldn't make the meeting. I should be there in April.
> Hmm. How about some explanation of what is involved and what people
> would need to bring to the meeting? In fact...a talk on SSL itself
> would be pretty cool (hint, hint).
More information about the SGVLUG