• HashServer

Due to the Debian vulnerability CAcert started to develop and offer a hash server.

The purpose of the hashserver is to centrally collect hashes/fingerprints of X.509 public keys, and to be able to detect duplicate keys due to weak random numbers.

Certificate Authorities can send the public keys of their certificate requests to the hashserver.

Due to privacy reasons, we do not send or store the whole keys, but we use hashes of the keys instead. That's how the name HashServer was created.

Hashserver Website: http://hashserver.cacert.org/

Upload Script: http://hashserver.cacert.org/hashextract.pl

Contact URL: The contact URL must be either an email address or a http/https URL. In case of the email URL, you have to use the full "mailto:email@address.com" address, not just the email address. An email will be generated with the details in the content of the email. In case of a http / https URL, a POST request will be initiated to the URL, and the following POST parameters will be given:

• pkhash : the hash of the public key that is compromised
• usernym : the user pseudonym of your user that is affected
• otherCA: the name of the CA that received the other compromised key

See also ...

• DebianVulnerabilityHandling

• OtherTasks

• http://blog.cacert.org/2008/05/302.html