To Class3 Subroot Fingerprint - Sources - To PR Distribution list for Class3 Re-sign Project rollout
Class3 Re-sign - Migration Project May/June 2011
CAcert has embarked on an interim project to re-sign the Class 3 root. The project is inspired by the Mozilla announcement of Dates for Phasing out MD5-based signatures and 1024-bit moduli. Community members from the Software-Assessment Project team and Critical System Administrators team rose to the challenge to prepare, test and implement a class3 re-sign procedure.
The intention is to re-sign the class3 subroot with new sha256, and rollout the certificate. All issued class3 keys are still valid, because the class3 private key is still intact. It is similiar in process and effect to a certificate renewal. All users who uses a class3-issued cert have to replace the class3 subroot certificate in their browser, email client, or server (once only).
The proposed procedure: Class3 Re-sign Procedure
Project timeline
April/May 2011
authoring of Class3 Re-sign Procedure by Software-Assessment project team
{g}
April/May 2011
testing of Procedure by Software-Assessment project team, Software-Testteam
{g}
2011-05-15
presentation of procedure and test results to board for approval
{g}
Board meeting 2011-05-15 presentation, approval
{g}
Motions: m20110515.2 that we upgrade the class-3 root ...
{g}
m20110515.3 that we ask the community to prepare a press statement ...
{g}
2011-05-23
Class 3 subroot re-signed according to procedure by Critical Sysadms Team
{g}
2011-05-23
Exec report from Critical Team
{g}
2011-05-25
bug# for source code changes: bug #946
{g}
May 2011
prepare press release, blog post, members notifications to be presented to board
{g}
May 2011
prepare support FAQ, present to SEs and support maillist
{g}
2011-06-05
approval of press release, blog post, members notifications: m20110605.2
{g}
2011-06-06
request for translations of press release
{g}
2011-06-15 - 2011-06-20
proposed class3 subroot rollout date, send out press release, blog post
{g}
2011-06-10
class3 subroot rollout day, sent out press release, blog post
{g}
end+some days
from our experiences of this project, write up the procedure for rollout, so as to prepare for the Big New Roots Rollout
{g}
Sources where class3 fingerprints needs to be changed
Press Release Distribution List
Prepared Help Page(s)
Class3 Subroot Re-sign project on Software-Assessment Project meeting agendas
Class3 Subroot project related bugs
Bug #665 "0000665: Intermediate level-3 certificate is MD5-signed" {g} closed
Bug #946 "0000946: class3 subroot resign procedure - rollout" {g} closed
Bug #950 "capnew.php TCPDF error, logo missing" {g} closed
Class3 compatibility checklist