CAcert BoF USENIX'09 San Diego

Event Information

USENIX'09 San Diego
CAcert Birds of a Feather(BoF) Session
Thur June 18
Royal Palm Salon #6, 8-10PM

CAcert Blog USNEX'09 USNEX'09 BoF

Town & Country Hotel
500 Hotel Circle North
San Diego, CA 92108
Telephone (toll free): 800.77.ATLAS
Telephone (local): 619.291.7131

Google Maps

This will be more than just an Assurance event, it will also be a "Report to the Community", Assurance Training Event (ATE), Assurance Event and most importantly audited event.

Assurance WoT Event and Key signing party

PGP public key and CAcert certificate identification is based on multiple (the more the better) persons doing an identification check with official identity documents, like a driver license, passports, identity cards, etc.: the Web of Trustworthy. The Web of Trust is basically a reciprocal process: one has to identify to each other.

This is essential to strengthening the Web of Trust and keeps the security technique open and freely available.

CAcert Assurances

Get Ready Now - Arive Ready

  1. Go to the CAcert web site to register an account (primary email address and your full name as it is on your official identity document.

  2. Download the CAcert Certificate Assurance Program form (pdf format):
    • 2009 CAP pdf form. This form can be completed with a pdf reader.

    • Or use the on-line HTML CAP form which form can be used to fill out the forms fields and print that form on your local printer. Notice that these forms are new (and so in test phase).

  3. Read also the CAcert Community Agreement which you need to agree to.

For every assurance you need a completed form. At least 3 printed forms are recommended to bring with you. You need at least 50 assurance points (2 Assurances) to have your name on the certificate, and 100 points to be eligible to become an Assurer yourself and help to establish the web of trust. More official proofs of identity give you more Assurance Points.

For CAcert Assurers

Assurers are those who have collected at least 100 Assurance Points and passed the Assurer Challenge (make sure you did). As multiple names as on the identity papers are allowed but not implemented yet, the Assurer is asked to note the shown name as well the "similar" name on the web interface on the signed form. If the CAcert Community Agreement has been agreed (tick on the form) the Assurer is asked to add +CCA on the location field on the web interface. The Assuree needs to understand the CCA. Read the Certificate Policy Statement of CAcert (CPS) and the Assurance Policy (AP) and handbook.

For CAcert Assurers there will be available free Assurer pins to help you to identify as Assurer.

More CAcert information

GPG/PGP key signing

The procedures for the signing are simple.

Visitors willing to have their fingerprint signed will pass and show their identity papers. The name on the identity paper should be exactly the same as on the assurance form.

Make sure you use the excuse of "can you sign my PGP key" to start a chat with a random person.

Be prepared

GPG/PGP is a en/decryption and signing applications. GPG is merely used in securing open source software package distributions. The open source technique is GNU GPG.

Detailed instructions on how to join the PGP Keysigning Party are published at

Stuff to do right now

Submit your PGP public key to the HKP keyserver e.g. at, to do this run:

gpg --keyserver hkp:// --keyserver-options export-minimal --send-keys yourkeyid

Where yourkeyid is e.g. 0B86B067.

See e.g. the output of "gpg --fingerprint 'Your Name'", which looks like:

pub 2048D/0B86B067 2006-02-27
uid Joost van Baal [...]
sub 2048g/F0B86553 2006-02-27

You need the key id "0B86B067" on the line with "pub".

Make sure you print off at home a bunch of finger print slips and bring them with you to the event. For every PGP signature you need one slip. Doing this by hand if you run out is time consuming.

Events/090614_Usenix09-San-Diego_user (last edited 2009-06-06 21:08:38 by GregStark)