CAcert Code Development list.

[Mathieu Simon <mathieu.simon AT simweb.ch>]

Hi

I will address your answers (Mario & Philipp) directly and send in a new 
patch after answering, maybe 30' later.
- Makes it easier for me to fix and answer directly. :-)

Philipp Guehring schrieb:
> Regarding the following file:
>
> b6251d11d755278f03b3f1d0cde5f017  16.php.proposal.patch :
>
> The link to http://www.cacert.org/policy/ is a HTTP link, but the users
> are currently logged in on HTTPS when they view this page. Perhaps we
> should change it to HTTPS there, to avoid browser warnings.
>   
OK - anyway this is not intended to fix and I was searching for a 
possibility not to hard-code the link as its done now.
> Typo: Certficate
>   
This is hilarious - it's a typo found on every page for cert 
registration page that does not appear on on the german one.
translation. - Until now no english users ever realized this ;-)

This means that we will have to modify the string in the gettext files 
as well to not break other translations?
Anyway at least I fixed the typo on this page now and adding a reminder 
for translation fix. :-)
> "When the Digital Certificate expires or is revoked the company will
> permanently remove the certificate from the server on which it is
> installed and will not use it for any purpose thereafter."
>
> We are talking about client certificates on this page, so this is
> completely useless. Client certificates are needed and have to be used
> after they expired, and potentially even after they are revoked.
>   
OK - another copy-paste bug from 3.php, the personal certificate page.
I removed it - and marked 3.php that's it could once be fixed in similar 
way as it doesn't make sense there as well.
> "The person responsible for key management and security is fully authorized 
> to install and utilize the certificate to represent this
> organization's electronic presence." What if those are different people, or 
> even different departments?
> What if the company requires 4-eyes principle?
>   
Hmm - I see the problem (why does this sentence stand in 3.php anyway?).
We'll have to discuss that topic more precisely.
E.g. there cane be certain number of Org Admins who can are eligble to 
request
certificates - but are not necessarily the persons who have the right 
who have access to the user account or server to install it.
From my PoV this is the most difficult topic to be discussed - more 
when the rest seems complete
But really good point. - Until now just marked as TO BE DISCUSSED.
> "Organisation Assurance is still in early stages"
> Hmm, after 5 years? What does the "until then" - when?
>   
Hmm - maybe just as friendly reminder that it's still a "work in 
progress" - a diplomatic way of saying that's it's more work in progress
than other CAcert areas.
I propose: "Until then" -> Replaced by "until policies are more precise" 
- ending now by "Stay informed ...policy and on local law ... level. 
(level inserted).
> "DPA" is not explained on that page, might be unknown to the user
>   
Adressed by first writing the full word explanation "data protection act"
> "forced  by" - 1 space too many
>   
Adressed.
> <input type="radio" name="rootcert" value="2" checked>
> Please use easier parseable XHTML compatible syntax: checked="checked"
>   
OK, this came from personal certficate page. - I see that there could be 
potential to improve this page as well.
But let's focus in this one first :-)

I see your point according to: 
http://de.selfhtml.org/html/formulare/auswahl.htm
-> Adressed on both request methods.
> Please make the Class1 root cert the default instead of the Class3, and
> add some text explaining the MD5 issue.
>   
Adressed.
> +++ cacert/www/coapnew.php
> diff --git cacert/www/logos/CAcert-logo-colour-1000.png
> cacert/www/logos/CAcert-logo-colour-1000.png
>
> This seems to be unrelated garbage in the patch. Please remove them and
> cleanup the patch.
>   
Yup - made a mess when diffing with local git repository, sorry.
> > It's basically a copy-paste of 20.php which represents the orga server
> > certificate view with some comments as I didn't see anything specially
> > relating to server certs.
> > Is this a way into a correct direction?
> >     
>
> Yes.
>   
At least ;-)
Thanks for your detailed answer

Best regards,
Mathieu

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature