Skip to Content.
Sympa Menu

cacert-devel - Re: LibreSSL: Organisation User Certificates, maybe little change to improve a lot? :-)

Subject: CAcert Code Development list.

List archive

Re: LibreSSL: Organisation User Certificates, maybe little change to improve a lot? :-)


Chronological Thread 
  • From: Philipp Guehring <philipp AT cacert.org>
  • To: cacert-devel AT lists.cacert.org
  • Subject: Re: LibreSSL: Organisation User Certificates, maybe little change to improve a lot? :-)
  • Date: Fri, 19 Mar 2010 13:30:32 +0100
  • Authentication-results: lists.cacert.org; dkim=pass (1024-bit key) header.i= AT cacert.org; dkim-asp=none
Hi,

> Well if you guys think it's only a matter of changing the view then
> would you mind give a slight view over the file sent?

Regarding the following file:

b6251d11d755278f03b3f1d0cde5f017  16.php.proposal.patch :

The link to http://www.cacert.org/policy/ is a HTTP link, but the users
are currently logged in on HTTPS when they view this page. Perhaps we
should change it to HTTPS there, to avoid browser warnings.

Typo: Certficate

"When the Digital Certificate expires or is revoked the company will
permanently remove the certificate from the server on which it is
installed and will not use it for any purpose thereafter."
We are talking about client certificates on this page, so this is
completely useless. Client certificates are needed and have to be used
after they expired, and potentially even after they are revoked.

"The person responsible for key management and security is fully
authorized to install and utilize the certificate to represent this
organization's electronic presence."
What if those are different people, or even different departments?
What if the company requires 4-eyes principle?

"Organisation Assurance is still in early stages"
Hmm, after 5 years? What does t
"until then" - when?

"DPA" is not explained on that page, might be unknown to the user

"forced  by" - 1 space too many

<input type="radio" name="rootcert" value="2" checked>
Please use easier parseable XHTML compatible syntax: checked="checked"

Please make the Class1 root cert the default instead of the Class3, and
add some text explaining the MD5 issue.

+++ cacert/www/coapnew.php
diff --git cacert/www/logos/CAcert-logo-colour-1000.png
cacert/www/logos/CAcert-logo-colour-1000.png

This seems to be unrelated garbage in the patch. Please remove them and
cleanup the patch.


> It's basically a copy-paste of 20.php which represents the orga server
> certificate view with some comments as I didn't see anything specially
> relating to server certs.
> Is this a way into a correct direction?

Yes.

Best regards,
Philipp

Archive powered by MHonArc 2.6.16.

Top of Page