At this year's USENIX'04 conference, AU-based nonprofit CAcert.org (Inc) is making waves. It plans to offer the same type of digital certificates (X.509) sold by Commercial Certificate Authorities (who sometimes charge as much as $10,000 per cert) but without the hefty pricetag: They're doing it for free. http://www.cacert.org
BOSTON, MA June 30, 2004 -- Warm midsummer days in this historic city have an almost magical quality about them. Centuries have come and gone, but even the passage of time seems unable to quell the rebellious spirits that live here. Sirens stir men and women alike to challenge the status quo and strike out to change the world.
Nonprofit CAcert Inc couldn't have selected a more apropos backdrop for its own revolution.
And if the excitement level at this year's USENIX conference is any indicator, the Australia-based firm's impact should be turning heads long after its 7-day stay in Boston. Said CAcert President Duane Groth: "We're at the precipice of a monumental change, a paradigm shift that will alter the tech security theatre in on a very real and fundamental level."
No, the Aussies aren't throwing tea into the harbor. Still, yet another unnecessary "tax" seems ripe for the chopping block.
The Australia-based "Community-Based Certificate Authority" took its first shot across the bow this Sunday, appearing as a featured guest at the widely respected Advanced Computing Systems Association USENIX Annual Tech 2004. The firm is spending their entire week here in Boston (and the surrounding areas) leading info sessions, tutorials, and registering new members at a furious pace. Said one new CAcert user: "I've been waiting for a group like you for years! Where do I sign?"
Before CAcert emerged, there was no alternative to commercial Certificate Authorities (CAs), who exploited their de facto oligopoly over the digital certificates market to demand outrageous fees for simple text files that cost virtually nothing to create. In the US and many other countries, a certificate might easily cost more than $10,000¡to be renewed each year.
Digital certificates are required by almost every modern network/Internet security technology. Certificates are used to encrypt and decrypt data, digitally "sign" documents, and much more. Every popular web retailer¡ªfrom Amazon to eBay¡ªuses the certificate-based Secure Sockets Layer (SSL) protocol to enable customers to safely transmit sensitive information (e.g. credit card numbers, SSNs, bank account IDs) across the Internet.
Without certificate-driven technologies such as SSL, today's Internet would never exist. The 90's Internet retailing boom would never have occurred¡ªnot to mention advents like online banking, electronic bill payment, web-based tax services, and more. All of this is possible only because certificates are constantly at work behind the scenes, keeping information safe from identity thieves and other prying eyes.
Because they use the same X.509 digital certificate formatting standards as other industry leaders, CAcert's offerings can very easily "drop in" and replace the overpriced solutions currently hawked by commercial CAs. Said Public Relations Director Adam Butler: "It's great fun to explain Internet security to end users and then tell them, 'Oh, by the way¡they're free.' They always want to know what the catch is."
But there's no catch. Officially incorporated and registered as a nonprofit entity in Sydney, Australia, CAcert is very much a labor of love. The volunteer effort is supported entirely by donations and the advertising revenue generated by its popular website www.cacert.org.
CAcert representatives will be at the Copley Place Marriott until 2 July 2004. Contact them at e-mail protected from spam bots or simply swing by and sign up. Finally, Internet privacy/security available to everyone, and it's free.
Welcome to the New World.