[[!meta title="CACert considered harmful&hellip;"]]
[[!meta author="Daniel Silverstone"]]
[[!meta date="2005-01-11 23:08:02 +0000"]]
[[!tag converted-badly-from-textile tech]]

An organisation exists called [CACert](http://www.cacert.org) whose
primary goals are: “Inclusion into mainstream browsers” and “To provide
a trust mechanism to go with the security aspects of encryption.”
&#8212; Kinda scary to think their stuff may be being added to trusted
sets on your computer eh? If you’re not scared yet, read on&hellip;

Recently [David Pashley](http://www.davidpashley.com/cgi/pyblosxom.cgi)
had a play with CACert and discovered that it was possible to get one’s
PGP/GPG key signed by them while providing them with no conclusive proof
that you own the name you claim on the key and with only tenuous
demonstrations of owning the email address also.

If I were a malicious third-party I could create keys with email
addresses I don’t own (but could intercept), names that were not my own,
get them signed by CACert and theoretically obtain some level of trust
by doing this.

Fortunately those of us using GPG know better than this and this is why
we’re all going to get the CACert <em>Low Security Key</em> and set its
trust level to <em>Do NOT trust</em>. The keyid is
[9E2BD1F2](http://keys.se.linux.org:11371/pks/lookup?op=get&search=0x9E2BD1F2)
and it is a 1024 bit DSA key with a 2048 bit subkey. The subkey is set
to expire in 2033 on the 28th July. Kinda pointless eh?

The following is a copy of an IRC conversation between David (JD) and
evilbuny (the alleged chief of CACert):

22:22:40 &lt; evilbuny&gt; JD a gpg key signing key was implemented a
long time ago, but since very few (relative to the total user base) has
assurance points we had to implement a low security (or minimum trust)
version as well<br />
22:24:32 &lt; JD&gt; evilbuny: but the low security key is worthless, if
not less secure than not signing the key<br />
22:29:24 &lt; evilbuny&gt; JD: it’s what people wanted, they all knew at
the time that is the case…<br />
22:30:06 &lt; evilbuny&gt; we are a request driven organisation, if
enough people want something and it’s semi-sane suggestion we tend to
implement it<br />
22:30:33 &lt; JD&gt; evilbuny: but signing a key without seeing any ID
is not even semi sane<br />
22:31:21 &lt; apropos&gt; I have to disagree<br />
22:31:54 &lt; evilbuny&gt; erm we called it a low trust key for a
reason<br />
22:32:01 &lt; evilbuny&gt; we issue smime certs without seeing ID as
well<br />
22:33:29 &lt; evilbuny&gt; but they’re marked accordingly as well

Unless someone can think of a very very good reason not to; I urge you
all to make sure there’s nothing on your systems implicitly trusting
CACert.org until they clarify their signing practices and demonstrate
them to be sound.