In a highly connected world like ours is trust one of the most important assets. But what if the root to trust is not trustworthy?
2011 was the year where one Certificate Authority (CA) after the other
came to fall. The cases of the Dutch DigiNotar and the Malaysian
DigiCert are the best know. The system of commercial CAs depends on a
wrong understanding of liability and trust. CAcert's web of trust
tries to overcomes the liability issues by trusting a group of trusted
people wherein each individual is liable for its own action.
This talk enlightens why most commercial CAs are not trustworthy by
default, what we can learn from 2011's cases, what makes CAcert
different, why CAcert is not in the browsers by default and what we do
to make it happen.