CAcert System Admins discussion list

[Guillaume ROMAGNY <guillaume AT tiebogos.fr>]

Hello,

Wytze van der Raay a écrit :
> Guillaume ROMAGNY schreef:
>> ...
>> I have reproduced the minor problem Bas has reported
>> http://bugs.cacert.org/view.php?id=775
> 
> This is about the default validity for client-org certs, right?
> If that is really two years, it will need to be adjusted in the
> appropriate configuration files on the signing server (and thus
> require a visit to the hosting center by 1 Oophaga + 2 CAcert
> admins):
> 
>       /etc/ssl/openssl-client-org.cnf
>       /etc/ssl/class3-client-org.cnf
>       /etc/ssl/root3/client-org.cnf
>       /etc/ssl/root4/client-org.cnf
> 
> Can this be confirmed officially somehow?
> And what about the validity period for server-org certs?
> 
> Regards,
> -- wytze
> 

Hello Wytze,

First the problem is minor and I am not so sure it is going to be easy
to solve.

I have checked (too quickly?) the CPS
http://svn.cacert.org/CAcert/policy.htm
and CAcert website
https://www.cacert.org/index.php?id=19

The overall is unclear because Orgs are not part of the audit.

CPS says 6 months or better 24 month if user is assured
CAcert website adds "Code signing certificates" is limited to 12 months.

Organisations are basically assured so the lifetime should be 24 months
(or 12 months for codesigning).

unless Ian interprets the texts in a more formal way.

I am running to Taichi class... see you !

-- 
Cordialement, Best regards,
Guillaume
Tiebogos (by L'Oreal), parce que je le 'veau' bien.

Vision without action is a daydream.
Action without vision is a nightmare.  -- Japanese Proverb

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature