Background

CAcert uses roots as described at Structure of Roots and many other places. Because the existing roots have been deemed to be Audit Fail here, we have to create new ones.

Work List

This then means we need these things:

  1. technical organisation of roots:
  2. ceremony for creation of root (s)
  3. storage securely on signing server
  4. escrow root securely for disaster recovery
  5. finally, when all is good, start the rollout procedure

Note that as we decide on the way to do this, the process should be transferred to the wip CPS and the wip Security Manual. These pages are the works-in-progress of the New Roots Task Force.

Proposals

Root cert chain testing

Please have a look on Roots/TestNewRootCerts to help testing the new model of root certificates.