NOTA BENE - WORK IN PROGRESS - Your Inputs & Thoughts
To Technology Laboratory - To Technology Laboratory - Overview Projects - To Brain Study Fix Bug 665 - Project Mgmt. - To comma Workbench Fix Bug 665 - Community & Public Communication
Fix Bug 665 - Intermediate level-3 certificate is MD5-signed - Patch / Software Improvement / Deployment
See Bug Report 665
Overview Tasks Technology Area
Inputs by PhilippGuehring
- Improvement to our software to support expiring CA certificates, to avoid breaking the CRLs.
- Generate and deploy the new CA certificate. ONLY IF NEEDED
- Enable the usage of the new CA certificate in our software. ONLY IF NEEDED
Software Patch to support expiring CA certificates, to avoid breaking the CRLs
- Detail description / Documentation
Software Patche A
- Detail description / Documentation / Who?
Software Patche B
- Detail description / Documentation / Who?
Software Patche ?
- Detail description / Documentation / Who?
Estimate Resources Needed
- # Developers?
- # Hours?
- Labor costs?
Inputs & Thoughts
20091115-PhilippGuehring /e-mail
> Referring to bug 665 > http://bugs.cacert.org/view.php?id=665 > and to your technical and cryptographic expertise, I kindly as you, what does it need to fix? > What are the needs in terms of: > * Knowledge & Skills, are they available? > * Manpower, who has time to help? > * Organization, who can do what and when? > * Consequences, what could go wrong? > * Costs, are there financial consequences? The first thing is that we need a small improvement to our software to support expiring CA certificates, to avoid breaking the CRLs. (I implemented half of this already, only the second half is missing). I am able to do that within a week I guess. The next thing we need is a decision, whether we want to issue a new Class3 root beyond our current Class1 root, or whether we want to issue a whole new Root certificate-structure as well. Then we have to generate and deploy the new CA certificate. Then we have to enable the usage of the new CA certificate in our software. In the mean time, we should inform our users about the new certificate, which they have to do correctly for Certificate-Chains. > Would it be possible to establish some concrete step-by-step plan, in order to fix the bug as fast as possible? I will care about the software changes this week. Can you organize the decision for Class3 vs. WholeNewRoot? Best regards, Philipp Gühring
YYYYMMDD-YourName
Text / Your Statements, thoughts and e-mail snippets, Please
YYYYMMDD-YourName
Text / Your Statements, thoughts and e-mail snippets, Please
Category or Categories
CategoryTechnology
CategoryProjects
CategoryCustom note: Please, replace "Custom" with an existing Category or if needed create a new, meaningful one.