In a highly connected world like ours is trust one of the most important assets. But what if the root to trust is not trustworthy? 2011 was the year where one Certificate Authority (CA) after the other came to fall. The cases of the Dutch DigiNotar and the Malaysian DigiCert are the best know. The system of commercial CAs depends on a wrong understanding of liability and trust. CAcert's web of trust tries to overcomes the liability issues by trusting a group of trusted people wherein each individual is liable for its own action. This talk enlightens why most commercial CAs are not trustworthy by default, what we can learn from 2011's cases, what makes CAcert different, why CAcert is not in the browsers by default and what we do to make it happen.
Speakers: Benedikt Heintel