Wiki source for EncryptionWG
@@=====TLS Encryption Working Group=====@@
**Note:** [[https://talkdotgeek.com/viewforum.php?f=31|Please see this board on talk.geek for more info]].
>>**Coordinator: **
JonahAragon
**Members:**
TheoB
>>===Purpose===
The purpose of the Encryption Working Group is to devise an official Root Certification Authority system for issuing server certificates to OpenNIC domains and user certificates to OpenNIC members. [[https://talkdotgeek.com/viewtopic.php?f=31&t=291|Click here to join the group and learn more]].
- To do:
- Devise a system of generating the private keys for a root CA in a manner that can be trusted by the OpenNIC community. It should ideally:
- Not put the keys under the control of a single member.
- Be kept completely offline. Even keeping the keys on a Raspberry Pi Zero would suffice, just needs to be airgapped.
- Hopefully split into pieces among WG members to ensure no one member can issue certificates.
- Questions:
- Should intermediate CAs be generated for every Tier 1 operator to issues certificates to users, or should we offer a centralized issuance system operated by OpenNIC/This WG?
- Links of interest
- [[http://www.cacert.org/policy/SecurityPolicy.html|CACert Security Policy]]
----
CategoryEncryptionWG
**Note:** [[https://talkdotgeek.com/viewforum.php?f=31|Please see this board on talk.geek for more info]].
>>**Coordinator: **
JonahAragon
**Members:**
TheoB
>>===Purpose===
The purpose of the Encryption Working Group is to devise an official Root Certification Authority system for issuing server certificates to OpenNIC domains and user certificates to OpenNIC members. [[https://talkdotgeek.com/viewtopic.php?f=31&t=291|Click here to join the group and learn more]].
- To do:
- Devise a system of generating the private keys for a root CA in a manner that can be trusted by the OpenNIC community. It should ideally:
- Not put the keys under the control of a single member.
- Be kept completely offline. Even keeping the keys on a Raspberry Pi Zero would suffice, just needs to be airgapped.
- Hopefully split into pieces among WG members to ensure no one member can issue certificates.
- Questions:
- Should intermediate CAs be generated for every Tier 1 operator to issues certificates to users, or should we offer a centralized issuance system operated by OpenNIC/This WG?
- Links of interest
- [[http://www.cacert.org/policy/SecurityPolicy.html|CACert Security Policy]]
----
CategoryEncryptionWG
