[CentOS-promo] Summary of Linuxtag meeting on sunday-evening

Tue May 22 06:25:51 UTC 2007
Daniel de Kok <danieldk at pobox.com>

On Tue, 2007-05-22 at 03:41 +0200, Dag Wieers wrote:
>   - One system to show of anaconda-loop installations in step mode
>     -> Action Danieldk (?): prepare this demo

Confirmed.

> Social activities:
>  + Keysigning and CACert
>     -> Action Ralph and Danieldk: lecture Dag and make it happen !

Here's the deal: get an account on CACert.org. With this account and an
e-mail probe, you can create certificates with your e-mail address. To
be able to make certificates with your name in it, you need at least 50
points. You can get points by getting your identity checked by an
assurer (e.g. Ralph or me). I can give you 15 points, and I think Ralph
25 (according to CACert.org), so you will have to visit the CACert booth
to get 50 points (with 100 points you can assure others too).

Advantages:

- You can create X.509 certificates with your name and e-mail address in
it to sign/encrypt e-mails.
- You can sign GPG keys with your CACert identity.
- Because trust is central, it has less hassle than GPG keys.
- If you have enough points, you can also create certificates for SSL
webservers.
- It's you and your account that are trusted, so you can create new
certificates when you want them, without having to build trust for that
key again a la GPG.

Disadvantages:

- Not every distro includes the CACert root cert (but CentOS and a few
others do!).
- Some people trust GPG more, because they personally signed other
people's keys. Of course, this has the downside that you check a lot of
keys personally to build a proper trust web.

Personally, I use both GPG and CACert. When the use of GPG is required,
I have my GPG key signed by CACert.

Required arrangements (if someone is interested):

- You need a CACert acccount.
- You have to bring it least one proper ID, preferably more than one.
- We have to bring a few CACert forms. If there is interest, I can print
and bring along a bunch.

-- Daniel