Static in the Ether

Having finally completed my points transfer from my Thawte web of Trust to CaCERT, I thought it would be worth documenting the process.  I am already  Thawte WOT notary, and as such a trusted and assured person in the sense of their Web of Trust. details of this migration process can be found here, although my understanding is it applies to ordinary thawte users too.

The following a is a shorthand ticklist of the steps required.

1. sign up with cacert.org
2. On the thawte website make sure your notary details include the email address that you have used for the cacert.org signup.  This may involve just editing your details within the WOT console, and waiting for approval/verification, or having to do this and a ping to the mail address.  having the details verified can take 2-5 days, if the info is not already on your notary page.
3. Generate a certificate compatible for use with Internet Explorer.  This is the tricky part, as even Firefox 3 doesn’t support their client based authentication required by the tverify.cacert.org website  this should also be for the email address you are signed up to cacert.org with.
4. Go to the Thawte verification site (tverify.cacert.org), and choose the appropriate certificate to present to the server. make sure to use your IE browser witht he right client cert installed.
5. Fill in your email address, ( grants you 50 points since youare trusted within the Thawte WOT
6. Wait while a manual verification takes place.
7. Once email is received either notifying you of an error or noting you have succeded, either rinse and repeat, or proceed to the next step.
8. You are now ‘Assured’ but need to take the Assurer Challenge in order to prove your basic knowledge about the system, in oorder to be able to actually start Assuring people.  The link above also includes some background material one may need in order to attain the 80% mark required.

The Assurer Challenge is a relaly nice idea, and although anyone familiar with the concepts around the Thawte WOT system and general CA operations should have no problems witht he the majority of the 25 random questions, there are some which trelate closely to the CA specific rulings etc.

So now I have a full 150 assurance points since I was procesed by the Trusted Third Party (TTP ) system ( and it appears this is the maximum one can get as otherwise ones points are rounded down), as opposed to the 100 point maximum one gets for gathering points via the WOT method.

So now I’m able to embed my name in client certificates (50 points minimum), get server certificates for 2 years, and also get code signing bits on my certificates.

Tags: cacert, trust, x509

This entry was posted on Monday, August 25th, 2008 at 8:21 am and is filed under Security, Systems Administration. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.