Subject: CAcert Code Development list.
List archive
- From: Bernhard Fröhlich <bernhard AT cacert.org>
- To: Brian McCullough <bmccullough AT cacert.org>, cacert-devel AT lists.cacert.org
- Cc: alkas AT volny.cz
- Subject: Re: Fwd: Re: [website form email]: Misleading information in FAQ
- Date: Fri, 10 Jan 2020 17:13:00 +0100
Am 10.01.2020 um 12:59 schrieb Brian McCullough:
Ted,
This appears to be the last message in the thread, and now that I re-read it, I see some questionable information.
I don't understand his reference to "root.crt" and "class3.crt" since those are not mentioned on either "Page 3" or, as far as I can see, on that Wiki page. Those names do appear on the Wiki page, but only as the target of a copy from the "correct" certificates.
If we are talking about Ales' statement that he quotes, or appears to quote, I'm not sure where it comes from. I have tried to read back through the threads that seem to be related, and I do not find that statement.
I suppose that a direct conversation with Johan, or Ales, might be in order.
Ahh yes, now I remember... He was using an "undocumented"(1) link directly to the root certificate, which we were afraid to replace...
I see that Aleš has already fixed the corresponding WiKi page last week (thanks for that!)... When having a look at https://wiki.cacert.org/FAQ/ImportRootCert#Creating the mentioned checksums look a bit unfamilliar to me, maybe these are indeed still wrong? I'll have to look a bit closer this evening.
The basic problem ist that we have the checksums distributed over a vast number of locations. This initially seemed to be a good idea, because it makes it very hard to maliciously place a different checksum. But, on the other hand, it also makes it difficult to rightfully place a different checksum... :-\
Kind regards
Ted
;)
(1) "undocumented" meaning here: Only documented on some more or less obscure WiKi page(s)...
Brian
-------- Forwarded Message --------
Hi Aleš,
One, the certificate currently downloadable from the CAcert site is not
the same that was used to produced the sample files and checksums on the
site.
To be more specific: the certs downloadable from page
https://www.cacert.org/index.php?id=3 are serial 15 (root) and serial 14
(class3). The cert produced by https://www.cacert.org/certs/root.crt is
serial 0 (same for class3.crt).
For the description on
https://wiki.cacert.org/FAQ/ImportRootCert#Importing, apparently the serial
0 certs are used, with openssl version 0.x (2014).
[...]
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
- Fwd: Re: [website form email]: Misleading information in FAQ, Brian McCullough, 01/10/2020
- Re: Fwd: Re: [website form email]: Misleading information in FAQ, Bernhard Fröhlich, 01/10/2020
- Re: Fwd: Re: [website form email]: Misleading information in FAQ, Bernhard Fröhlich, 01/10/2020
- RE: Fwd: Re: [website form email]: Misleading information in FAQ, Aleš Kastner, 01/10/2020
- Re: Fwd: Re: [website form email]: Misleading information in FAQ, Bernhard Fröhlich, 01/10/2020
Archive powered by MHonArc 2.6.18.