Incident i20130810.1

History Log

1. Incident Response Team

2. Incident Description

An external party informed CAcert about statements claiming to have evidence, that CAcert has "no idea what was happening with their root certificate.", that CAcert's root certificate keys (root keys) have been stolen and are for sale on the black market.

3. Containment Actions

4. Root Causes

The statement could not be proven right, it seems to rely on another statement with no clear source. However, the auditor cannot be sure, that the root keys are not copied. What makes it unlikely that an leak happened is, that since 2008 we did not encounter any unauthorized used of the CAcert root keys.


The internal auditor cannot see any evidence for this claim. He proposes to create and execute a project to generate new root certificates (see 8.) to keep a clean track record until the End of 2014.

5. Permanent Corrective Actions

No permanent corrective actions apply.

6. Verify Corrective Actions


7. Preventive Actions

To prevent that potentially leaked root keys can be abused, the New Roots & Escrow Project has been started in order to create new root certificates with securely kept root keys.

8. Approval & Closure

Approved by Board

2014-04-13 in m20140413.5

Date closed


Audit/Incidents/i20130810.1 (last edited 2014-07-05 17:05:54 by BenediktHeintel)