Image via Wikipedia

Have you heard of CACert? It’s a certificate authority, one which is free and uses a web of trust model to verify the identity of its clients, as opposed to notaries, lawyers, credit checks, and such. It’s also free. I signed up for CACert quite some time ago, in order to get a code signing certificate (for Authenticode and document macros).

At the moment, the organization is working through an audit, tidying itself up in an attempt to get the Mozilla Foundation to add its root certificates. Several Linux and BSD distributions already carry the CACert roots, but unfortunately, they aren’t included with Windows or OSX (although you can add them yourself if you know how). Nor does CACert at this time meet the stern criteria that authorities are held to by the Mozilla folks.

My hope is that soon, it’ll be accepted by Mozilla, and perhaps trickle from there into more commercial acceptance. I’d rather not have to pay loads of money each year just to be able to sign my code. So join the project, get assured, and see if you can help out with cleaning CACert up and making it more acceptable.

(BTW: I know that code signing isn’t really a mode of security, but it still seems an accurate tag due to common perceptions. See here for details.)