1. the mailing list cacert-root [*]. This means all board members have to subscribe to this list.
  2. Two acting groups are formed:
    • "Actors Groups"
    • Group A1: Board (CA) member, two administrators
    • Group A2: Two Administrators of the signing server plus a CA member out of group 2 below.
  3. Two other groups which will know half of the private key each. The number of members depends on redundancy demands:
    • "Password Groups"
    • Group P1: Administrators of groups A1 and A2
    • Group P2: Board members or general CA members, preferably in vicinity of signer server and/or root ceremony location
  4. Group A2 creates CSRs for a previously defined set of intermediate certificates on the signer server, and publishes the CSRs on the mailing list cacert-root [*]. The private key will not leave the signing server.
  5. Meanwhile each groups P1 and P2 separately select a passphrase part. The parts may exclusively shared with members of the same group. This is the only communication that is strictly private and will not be logged.
  6. Group A1 creates the certificates on a freshly installed netbook. Analog to [1] each member of group a has a CD with the OS chosen for operation, each tested for integrity. Randomly choose CD, install without access to any network. Create the root certificate: members of P1 and P2 enter their part of the password secretly.
  7. The CRLs for the intermediate certificates will be signed: stored on a USB stick which must be checked by all three persons involved to be empty, except the CSRs. The signed public keys (PKCS-7 files) will be copied back to the USB stick and distributed on the mailing list cacert-root [*].
  8. All actions will be logged, the logs will be published [*].
  9. A sealed envelope gets the external medium with the generated root certificate and a print on paper, and is stored together later with the netbook in the safe. If a backup at an external location is required, a second envelope must be prepared.
  10. The netbook gets physically sealed and stored together with one sealed backup in a safe (on storage medium plus one printed paper in one envelope). This safe is located at one of the CAcert.org members (institutional member).
  11. Contract with the chief security officer ensures, that only authorized CAcert members can access the safe content after a board resolution for this access exists on list cacert-root [*].
  12. Both groups A1 and A2 personally sign a protocol with all actions performed during the signing ceremony to hand of the board.

[*] Communication is public and secured with signature and fingerprint [1] https://wiki.cacert.org/Roots/CreationCeremony [2] https://wiki.cacert.org/Roots/Contents

Left open (but discussions in progress):

The password split means that it does not have to be changed if members in possession of one part of the password leave CAcert. If CRLs don't have to be signed with the root certificate and a suitable set of intermediate certificates has been set up, there will be no need to access the root certificate for years.

However, if the root has to be accessed, the board has to publish decision and authorization on cacert-root (current board members are always listed on website). One member of group P2 together with administrators (P1) are granted access from the chief security officer. Do work, reseal and document as during root creation.-

Assessment against Requirements



Key Storage

Key Escrow


Community Member Assessment

Community Member Assessment by Daniel Black