Skip to Content.
Sympa Menu

cacert-sysadm - Re: [website form email]: Expired certificate of ocsp.cacert.org

cacert-sysadm AT lists.cacert.org

Subject: CAcert System Admins discussion list

List archive

Re: [website form email]: Expired certificate of ocsp.cacert.org


Chronological Thread 
  • From: Alejandro Mery Pellegrini <amery AT cacert.org>
  • To: Daniel Black <daniel AT cacert.org>
  • Cc: cacert-sysadm AT lists.cacert.org, Wytze van der Raay <wytze AT deboca.net>
  • Subject: Re: [website form email]: Expired certificate of ocsp.cacert.org
  • Date: Tue, 28 Apr 2009 12:18:13 +0200
  • Authentication-results: lists.cacert.org; dkim=neutral header.i= AT cacert.org; dkim-asp=none
  • Organization: CAcert.org
Hi Daniel,

> Does CAcert send out reminder emails for everyone when certs are
> about to expire? Is this granular enough to support multiple
> certificate owners within a domain? If it becomes a problem for
> us to maintain dispersed certificates, I'm sure others do too.
> Lets get this as a function of BirdShack[1]. Or maybe a XMLrpc
> function to autoreplace expired certificates :-) (i'll fully read
> the development plan first).

In the current system the way of "delegating" foo.cacert.org is done
by verifying control over 
root AT foo.cacert.org
 (where root can be any
of a list of accounts) but if foo.cacert.org doesn't have MX we are
doomed.

In BirdShack's model the idea is that the "owner" of cacert.org can
*delegate* to other members some control over specific subdomains
directly. And using the public API we can actually automatize the
renewal/installation of certificates even if it wasn't initially
intended that way.

Alejandro

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature


Archive powered by MHonArc 2.6.16.

Top of Page