Background

CAcert uses roots as described at Structure of Roots and many other places. Because the existing roots have been deemed to be Audit Fail here, we have to create new ones. This then means we need these things:

  1. technical organisation of roots:
  2. ceremony for creation of root
  3. storage securely on signing server
  4. escrow root securely for disaster recovery

Note that as we decide on the way to do this, the process should be transferred to the wip CPS and the wip Security Manual. These pages are the works-in-progress of the New Roots Task Force.

Proposals