... we remember

The Central Ohio Linux User Group

Ohio's Oldest Linux User Group
  This site is powered by:  
[perl]
Home Page Mailing List Meetings Links Topics Source Code Presentations Knowledge User Groups Adminstrivia Click for Columbus, Ohio Forecast
NWS Port Columbus

   [ Up ] 

Central Ohio CAcert Assurance serviceRemote - principal CAcert site logo

Who, What, When, Where, Why and How?
In Columbus, OH, several members of COLUG, and all of its leadership, have been identified and had their identity verified, through the CAcert process to serve as 'Assurors'. This permits an interested attendee at the monthly meeting to meet with them, and complete the identity verification process needed for an end user to obtain a 'Assured' rather than a 'un-assured' status and product from CAcert.

Setting security free - ending the CA monopoly
Please review the CAcert site for a more formal discussion as to how and why this is a desirable thing. Bottom line is: it breaks the monopoly of the commercial and governmental 'Certificate Authorities' ("CA") to issue generally accepted 'Assured' with a 'recognized' external CA for mainstream web-browsers. Supported products:

Supporting older browsers
But I have to use an older browser, and need to import the CAcert certificate. How can I? Just visit this page and load the appropriate root certificate for your browser after you are satisfied with its authenticity. (Mozilla takes the 'PEM; konqueror takes the .DER format)

Getting Ready
Before coming to the meeting, you should take some preparatory steps::
  1. Complete a registration at the web form and respond to the confirmation email it sends to verify that you indeed have rights in the email account, or in the domain you assert control rights over. [see: "Client certificates (un-assured)"]
  2. Download, print, and complete the basic validation paper trail PDF [see: "Assured client certificates"]. -or- Better, once authenticated, use the custom pre-completed PDF.
  3. Gather proper photo identification, issued by a governmental authority; preferably at least a passport, and driver's license, to attain a higher point assignment - at least one, preferably two pieces

Have your identity verified by an Assuror at the meeting
As part of the monthly meeting process, a couple of duly qualified COLUG members will offer to freely review presented documentation: a governmental issued passport, driver's license, military ID, and like 'official' photo identification, and the completed paperwork, to assure themselves of the validity a proffered credential set.

All Set
The quantity of points issued is up to the sound discretion and comfort level of the individual Assuror under the CAcert guidelines. Customarily each Assuror will grant up to 35 assurance points for a previously 'unknown' applicant, and often more to someone already 'known'. This means that usually two such verifications are performed to avoid issues of collusion (this can and usually does occur at a single meeting, however.) The Assuror's each then send along the appropriate paperwork to the CAcert offices. Most blank CACert forms live at: http://www.CAcert.org/docs/

Ready to Go
More importantly from the end user's point of view, the Assuror's also 'counter-sign' and activate the end user's capability to begin 'self-service' issuance and use CAcert products, usually later that same day.

Doing more
We are interested in seeing the widespread availability of Assurors, and Assuring organizations. As part of the process, if you obtain cross-identification at higher 'point' levels, you can act as a seed to continue the process outside of the meeting context. PGP/GPG key-signing is also in planning as a regular COLUG meeting service. See also: the section 'Crib this text - set your own LUG up' below.

Keeping current
The Verifications by Assurors 'decay' and expire after an expiration interval, which varies by trust level. This is intentional, as periodic re-verifications are part of a well-designed trust process in using these certificates. Our meetings are lively and informative. Stick around for the presentation, and come back from time to time.

But I cannot wait until a meeting ...
No problem. Same day service (or re-Verifications) are usually freely available. Join the 'colug-lunch' mailing list and offer to buy lunch for the first two Assurors who confirm that they are available to review your materials. Odds are, you will find willing potential Assurors within the hour. TANSTAAFL, indeed ;) Please remember, however, that even though you are buying them lunch, they still have obligations to properly validate as with the process above. Be prepared.

Commercial use
Fine by us. While there is no charge at a regular COLUG meeting, Assurors are free to charge for and to sell 'value added' services, as with most other FOSS oriented projects. Of course the market may thin after a while, but that discussion is for another day.

Learning more
Review the website and FAQ at CAcert. Join the CAcert general mailing list for specific questions on the program, or the general COLUG list for local logistic and meeting time notifications.

Helping spread the word
  
Go for it. Part of the project model is 'viral marketing' to attain mind-share. Please feel free to crib this text and set your own LUG up. Here is a down-loadable copy of the 'meat' of this page. Let us know a User Group URL with a like program in an email to: colugx at colug dot net and we will add your LUG, and a 'finder' bug like this: local cacert logo to our LUG compilation. We are deeply indexed by Google; their indexing spiders walk that compilation regularly, and would soon permit people to find your local CAcert Verification service with greater ease.
    We make representatives with high point award capacity available without direct charge, as a matter of outreach, to run a booth at your convention or event, requesting only the cost of transporation and lodging. Please inquire of orc_orc in #centos in the IRC channel on: irc.freenode.net, or by an email to: colugx at colug dot net		Cacert at the 2005 Ohio Linuxfest
Russ Herrold manning the Cacert booth, and pitching the _portable key fingerprint verification device_

Please help us spread the word, and afford us the courtesy of leaving this notice, and the lower tracking image intact.

  Copyright © 2000 The Central Ohio Linux User Group. Hunh?
All rights reserved.
Search