CAcert.org – A community-driven Certificate Authority issuing free certificates

I am curious why this was submitted now, especially in light of the recent removal of cacert from Debian&#x27;s ca-certificates package.[^1][^2] It seems that the discussion of cacert&#x27;s removal highlighted serious concerns about cacert&#x27;s process. A request to include cacert in mozilla&#x27;s certs sat in bugzilla for four years before it was--thankfully--closed.[^3]<p>[^1]: <a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718434" rel="nofollow">https:&#x2F;&#x2F;bugs.debian.org&#x2F;cgi-bin&#x2F;bugreport.cgi?bug=718434</a><p>[^2]: <a href="https://lwn.net/Articles/590879/" rel="nofollow">https:&#x2F;&#x2F;lwn.net&#x2F;Articles&#x2F;590879&#x2F;</a><p>[^3]: <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=215243" rel="nofollow">https:&#x2F;&#x2F;bugzilla.mozilla.org&#x2F;show_bug.cgi?id=215243</a>

Yeah, you don&#x27;t want to use this.

A community-driven effort is always commendable, but we must ditch the whole CA model, not fix it.<p>Proposed solution: use namecoin&#x27;s <i>.bit</i> domains [0], add TLS records, and use dsnchain [1] as a bridge between DNS and namecoin to keep using our current applications.<p><i>Disclaimer: I participated in dnschain</i><p>[0] <a href="https://wiki.namecoin.info/index.php?title=Domain_Name_Specification" rel="nofollow">https:&#x2F;&#x2F;wiki.namecoin.info&#x2F;index.php?title=Domain_Name_Speci...</a><p>[1] <a href="https://github.com/okTurtles/dnschain" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;okTurtles&#x2F;dnschain</a>

<i>www.cacert.org uses an invalid security certificate.<p>The certificate is not trusted because no issuer chain was provided.<p>(Error code: sec_error_unknown_issuer)</i>

The problem with a community driven CA is that there is no repercussions if it is infiltrated. If one of the commercial CAs got hacked then they would be removed as a trusted CA and their business would cease from that point on. They have a commercial interest in being secure and therefore invest lots of money in solutions to this (including expensive HSMs).<p>Certificates are not expensive - you can pick them up for $5.<p>I sell SSL certs for £35, every one of my customers could have got the exact same certificate for £5 - they pay the extra for a well designed, intuitive website that makes the process incredibly easy with great support.<p>Most of my customers hear about my site through word of mouth, I often give out free or cost-price certificates to Open Source software or charitable sites.<p><a href="https://www.volcanicpixels.com/ssl/buy" rel="nofollow">https:&#x2F;&#x2F;www.volcanicpixels.com&#x2F;ssl&#x2F;buy</a><p><a href="https://github.com/volcanicpixels/volcanicpixels/" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;volcanicpixels&#x2F;volcanicpixels&#x2F;</a>