CAcert Code Development list.

["Jason Curl" <jcurl AT arcor.de>]

Hi Bernhard,

 

Dropping the support list. I had a quick look and it looks a little lacking. Is providing the password in the URL really secure? I don’t know quite enough about SSL to know if the URL is secure – I assume it isn’t.

 

I can speak to a colleague of mine at work (he’s working on wdye.osm-tools.org), and he should have a couple of good ideas (he’s also a CAcert member). Hopefully he could give some tips on a useful API. But I’m no web programmer, just embedded and some moderate stuff on Windows.

 

To emulate completely the certificate generation, as well as the renewal.

 

Also, I’m confused by the discussion that the private key is required by CAcert. I disagree with this and would expect that CAcert only requires signing of the public key (if the pub key doesn’t match with the private key, then the certificate is useless), or what is your opinion. I really do not want to submit the private key at all, else everything can be handled by the backend.

 

Thanks & Best Regards,

Jason.

 

From: Bernhard Fröhlich [mailto:bernhard AT cacert.org]
Sent: Monday, September 26, 2011 09:43
To: Jason Curl
Cc: cacert-support AT lists.cacert.org; CAcert Code Development list.
Subject: Re: Automating Certificate Renewal

 

Hi Jason,

we should take this discussion over to the development mailing list, since this is probably a development issue and support cannot do much about it.

There are some ancient issues in the bugtracker, for example https://bugs.cacert.org/view.php?id=444, as well as a Wiki page at http://wiki.cacert.org/CertApi, but my guess is that the existing API covers only very basic functionality.

But maybe the API can be adjusted/extended easily. If you could just have a look at the Wiki page, maybe you can tell us if this can be a starting point for your ideas.

Kind regards
Ted
;)

Attachment: smime.p7s
Description: S/MIME cryptographic signature