Why we need a legal framework to operate a Trusted Service Provider successfully
An overview of some internals of our Trusted Service Provider
The world of PKI and the interactions between browsers and Certificate Authorities are very complex these days. We are creating a Trusted Service Provider (TSP) to deploy to the public reliable certificates for free, free as in "free beer". What are the requirements to deliver extended validated certificates? Why do you have to pay for it? What will be the price? We believe that it is one of our principle rights to secure our identity and privacy in the digital space. You can't buy a basic right but you can organize an environment to make the best use of it.
The talk gives an overview of our setup of a new Trusted Service Provider. The heart of all is a non-profit organization in Austria which will lead some legal bodies required to operate successfull. This NPO is open for all people who accept the United Declaration of Human Rights. We think this is a key factor for success. But a NPO like this is not a Certificate Authority. We need another organisation to take over all tasks of a CA which has to pass an audit with flying colours. A successfull performed audit is the key factor to play a reliable role in the market. Certificates will be accepted. Trust between this CA and the end users will be established. Last but not least a money flow must be organized. Individuals will get their certificates always for free. What about organizations? I will point out that a special kind of association will do and will work. The software to operate the CA is developed from scratch. Of course the software will be published under a FLOSS license.