Aussie hackers set security free

19.10.2006
A group of Sydney-based hackers may revolutionize global information security with CAcert, a non-profit, community project which provides free certificate authority (CA) services used for authentication and encryption.

Certificates are typically associated with 'trusted' companies that specialize in security technology, but CAcert's philosophy is to provide everyone with the right to security and privacy, not just people running e-commerce Web sites.

The project's founder and president Duane Groth told Computerworld Australia determining the level of 'trust' in a CA is a "very tricky thing".

"In fact in years gone by Verisign has removed the word trust from its motto, Web site and marketing materials," Groth said, adding CAs don't provide trust, they provide identity checks.

"The reason they don't provide 'trust' checks is because that would require knowing a person's motives, which can only be realized fully over time."

Groth said most CAs only require faxed in or "Dun and Bradstreet" information, which can be easily faked in "any number of ways", so for the most part CAcert requires face-to-face meetings.