@wedistribute Congratulations, you just cloned the #WebOfTrust that #CAcert tried to establish but got cockblocked by #GAFAMs and even @mozilla from getting off the ground because they didn't bribe said platforms with $$$$$$ to accept their certificate the same way @letsencrypt did - or at least got blessed for...

Sicherheit im Internet, signierte E-Mails, spannende Gespräche. #CAcert auf der #FrOSCon - am 5. und 6. August in Sankt Augustin nahe Köln/Bonn. http://blog.cacert.org/

Sicherheit im Internet, signierte E-Mails, spannende Gespräche. #CAcert auf der #FrOSCon - am 5. und 6. August in Sankt Augustin nahe Köln/Bonn. https://blog.cacert.org/

@yuki2501 for contrast, it is far easier, faster and cheaper to get an EV-SSL cert from one of the major resellers than to install sufficient amounts of people in #CAcert to even "fully assure" fake identities...

And no I'll not tell you how I know...

@yuki2501 I know, but I also know how the internet works and that blocking PRISM snitches like all the #GAFAM|s is more realistic than manually allow-listing.
https://github.com/greyhat-academy/lists.d/blob/main/activitypub.domains.block.list.tsv

#Reputation-based systems failed due to universal blockade by corporate interests - espechally the #GAFAMs...
Otherwise #CAcert would've rightfully taken the place that #LetsEncrypt has, because #AllowListing as the norm of CAs has nothing to do with #ITsec at all...
https://en.wikipedia.org/wiki/CAcert.org

"1 Identität to rule them all" #identity #identität #openid #cacert 👍🏻 Tolle Inspirationen und ein super Vortrag ❤️

@q Which reminds me how fucked up and fundamentally broken #SSL is and that the entire #RentSeeking businesses of #CA's must be abolished.

Instead of @letsencrypt, we should've pushed for #CAcert since the latter one actually does #DueDiligence and is harder to penetrate or even abuse than getting an EV-SSL - cert fraudulently via #SocialHacking...

2/2
Die für IT-Laien bedienbaren Tools bzw. die Integration in die Anwendungen kommen dann quasi von allein. Mehr zum Thema bei mir oder beim Verein https://wiki.cacert.org/CAcert #CACert

@cryptoparty #SSL ist unfixbar kaputt und #LetsEncrypt ist und bleint schlechter als #CACert vom Prinzip!

So, die #CACert Identity Verification Forms hab ich jetzt lange genug aufbewahrt. Ab in den Schredder damit. Auf das Verbrennen verzichte ich.

Hat denke ich seit #letsencrypt sowieso keine praktische Relevanz mehr.

@kusuriya @mail At this point I'd like to point out that the ideological predecessor of #LetsEncrypt, #CAcert, only failed due to #GAFAM|s + x - espechally #Apple and #Microsoft - refused to integrate their CA certificate.

Otherwise we'd have an even easier and more versatile option that would also allow S/MIME and code signing certificates whilst not being prone to abuse and nefarious users like LetsEncrypt is...

@mail I do and I nag everyone to fucking use it.

At this point I'm so done with it that I want to make a service that FORCES ALL EMAILS TO BE ENCRYPTED PROPERLY and not only deletes and blocks unencrypted eMails but flat-out tells senders that they MUST encrypt it with links on how to do it.

It's the same as with #LetsEncrypt [or #CAcert before them]: Just nag people hard and long enough to comply with basic #ITsec / #InfoSec / #OpSec / #ComSec until they comply!

@jwildeboer @kikobar I wouldn't recommend #cacert even if they get their root cert in the certificate store. You just need to take a closer look at their bug tracker.

@kikobar @jwildeboer #cacert and back in the days StartCom (I think) support(ed) such an approach:
http://wiki.cacert.org/EmailCertificates#Simple_way:_Use_a_browser

@benaryorg yeah, the.only hack if #LetsEncrypt / #Certbot ain't an option is buying a fecking expensive #wildcard cert.

Sadly #CAcert got boycotted by big tech cuz they did wildcard certs.

@SteffoSpieler no, it's better than no SSL whatsoever.

I just think that it's proving the reservations against #CAcert to be flat-out lies, since #LetsEncrypt doesn't do any verification whatsoever.

@SteffoSpieler I'm still mad about big corporations - espechally Microsoft and Apple, but also Mozilla - cockblocking #CAcert back in the day yet being total supporters of #LetsEncrypt when in fact the latter one does nithing against abuse and literally issues certs to everyone with no records but CACert which exceed "Extended Validation" in most cases get denied recodnition despite having excellent InfoSec & ITsec.

@stux @SwiftOnSecurity @shanselman *nodds in agreement*

And whilst I've prefered if #CAcert and it's #EV-alike #identification & #assurance would've taken ocer instead of #LetsEncrypt, I'd rather see a sloppy "free #SSL for everyone" than paywalling of said feature.

This is genuinely fascinating watching a company basically destroy a large part of itself, not so much for what they originally did, but how they reacted when asked about it: https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/etbBho-VBQAJ?pli=1 #cacert #rootca #certificates #trustcor

@ebildungslabor @digitalcourage
Ich bin bzw. war #CAcert-Assurer und habe jahrelang meine Mails mit deren S/MIME-Zertifikat signiert. Es können nur vereinzelte Mails gewesen sein, die ich verschlüsselt bekommen habe.
Für #OpenPGP habe ich immerhin zwei Kontakte, mit denen ich verschlüsselt mailen kann – jetzt endlich auch auf dem Telefon.

Bei S/MIME würde m.E. nur eine staatl. Zertifizierungsstelle helfen – eins der verpennten Themen der Digitalisierung, siehe #AusweisApp & Co.