CA Cert Involvement

I recently up’d my CA Cert involvement and became a CA Cert Assurer, meaning that I can now enter people into the CA Cert system so that they can autogenerate their own PKI security certificates. For those who’ve been around the block, think of CA Cert as PGP + a notary system.  For those who don’t know what that is, it is basically a way of doing the following:

(1) Ensuring people are who they say they are, via government issued IDs (aka the “assurance” process).
(2) Giving them “assurance points”.
(3) Giving them an online tool which they can now use to create PKI certificates for certain lengths of time, given the amount of “assurance points” they’ve racked up.

The biggest downside to CA Cert is that the cert is not officially recognized by browsers, so getting it to work means going to their web page and knowing to download and install the root cert (e.g. this PEM file). Then after you do that, you must login the website, confirm all your email addresses, generate private keys for those email addresses, and then know how to import all of those keys into your various applications. Unfortunately, many people don’t instinctively know how to do all of these little steps, so it’s not very accessible to someone who wants something quick and easy.  As with most community driven projects, it’s a work in progress that is a labor of love for those who like it, and a PiTA for others who want something quick ‘n’ easy.

It will be interesting to see where this goes, and I’d be curious what others think about the project, as well.