View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0001028 | Main CAcert Website | website content | public | 2012-03-25 20:27 | 2013-01-15 18:14 |
| Reporter | mupan | Assigned To | |||
| Priority | normal | Severity | feature | Reproducibility | always |
| Status | closed | Resolution | won't fix | ||
| Platform | Main CAcert Website | OS | N/A | OS Version | stable |
| Fixed in Version | 2012 Q2 | ||||
| Summary | 0001028: Improvement: Webformmailer: 1. Find recipients, 2. encrypt mails, 3. copy-to-self (-> ldap server) | ||||
| Description | 1. I would appreciate to be able to contact every CACert login via the webformmailer. Easiest would be to add another entry to search the database not only for assurers, but for every user. To keep things simple, this could be in the place of the assurer search, just indicating the assurer status in an extra column. It would further increase the value of the webformmailer much if it 2. encrypted any mails and 3. sent a copy-to-self to the sender's account, encrypted. I can e.g. want to send an e-mail to an assuree, I know her / his e-mail address, but don't have her / his certificate stored in my certificate store (yet or maybe never). Ask for a signed mail and / or a fingerprint or whatever seems a bit of a hassle, but the webformmailer can be used immediately and will not reveal the key that the addressee maybe does not want to exchange with me. If encryption turns out to be too much effort or a security issue (webformmailer would be given the right to query cacert's certificate store), I would appreciate to have a kind of private messages box in cacert.org and could read online my incoming and outgoing mail, and would rather receive plain text notification mails to my e-mail account. 4. Query database for fingerprint / public key of every cacert.org login (from bug 0001029) | ||||
| Additional Information | this feature request relates to a ldap / portal server solution (outsourced from critical system) PP 7 prevents a critical system implementation. I recommend to open a discussion on the developers mailing list. u60 | ||||
| Tags | No tags attached. | ||||
| Reviewed by | |||||
| Test Instructions | |||||
|
|
http://www.cacert.org/policy/PrivacyPolicy.html top 7 prevents this to be included on the main website 7. Privacy of certificates CAcert does not automatically publish the certificates through a directory service or the website to other people than the user who requested the certificate. In the future, the user might be able to opt-in for publication of the certificates through a directory server by CAcert. A soltion can be a community run server, outsourced from critical system. read also the recommendations to outsource the "find an assurer" database ruled under https://wiki.cacert.org/Arbitrations/a20090427.2 A 2nd option is to call for a policy change in policy group (but its more likely that this will not happen / voted through) |
|
|
Hi Uli60, 1. No conflict with PP 7. 2. The automatic encryption by the server mailing process would not reveal the certificate to the sender, just use it invisibly. So I don't see a conflict with PP 7 here so far either. But maybe the server process "webformmailer" is not allowed to see / query certificates, and to open holes in their separation is a security issue. This I would understand. 3. No conflict with PP 7, since a copy-to-self should only be encrypted if the mail to the communication partner is. I should have made an extra issue entry of this. Hi Marek, I think issues 1028 and 1029 don't depend. |
|
|
In this situation (yes, read problem carefully) certificate is not going to leave website, mail is sent and encrypted trough a website. It could be solved by adding form familiar with assurer contact box. |
|
|
"find an assurer" on main CAcert website is counting down. Starting the BirdShack design, the "Find-an-Assurer" and related infos/databases concept is outsourced. https://wiki.cacert.org/Arbitrations/a20090427.2 ruling goes the same way: replace the location database and the recommendation to outsource these functionality to a community driven system. A portal server is currently under development/deployment. This concept is decoupled from the critical system in a way, that every member / assurer can add related information to an infrastructure system or not. Its in the users decision. "to search the database not only for assurers, but for every user." is prevented by policies. This phrase needs to be rewritten to: "to search the (outsourced) database not only for assurers, but for every user who gaves his permission to do so" So its in each users own decision if he wants to use this service and to support this service, by adding his public key to a central repository CPS defines what information are known and which informations are given away with a signed key. This is the name and the email address. Storing all public certs in a central repository allows spammers to spider the central repository for email addresses (thats why I do not use GPG/PGP as all keys and email addresses are visible on the centralized keyservers) So this is why CAcert publishes no public keys on a central repository. And probably this is also the main reason why the ldap project didn't make a success. The ldap server has been shut down in recent non-critical infrastructure maintenance tasks. Automaticly publishing of public keys problem can only be circumvented if each user has to actively store his public key on a central repository. As this is an active process by each user, the permission for publishing these informations is given explicite |
|
|
https://bugs.cacert.org/view.php?id=1028#c2919 does not answer my proposal, but discusses a different idea. Anyway ... |
|
|
Closed, not understood. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2012-03-25 20:27 | mupan | New Issue | |
| 2012-03-25 20:53 | MarekMazur | Relationship added | child of 0001029 |
| 2012-03-25 21:56 | Uli60 | Note Added: 0002894 | |
| 2012-03-25 21:57 | Uli60 | Severity | minor => feature |
| 2012-03-25 22:00 | Uli60 | Note Edited: 0002894 | |
| 2012-03-25 22:04 | Uli60 | Note Edited: 0002894 | |
| 2012-03-25 22:09 | Uli60 | Relationship deleted | child of 0001029 |
| 2012-03-25 22:09 | mupan | Note Added: 0002896 | |
| 2012-03-25 22:11 | Uli60 | Relationship added | has duplicate 0001029 |
| 2012-03-25 22:14 | MarekMazur | Note Added: 0002898 | |
| 2012-03-25 22:15 | Uli60 | Summary | Improvement: Webformmailer: 1. Find recipients, 2. encrypt mails, 3. copy-to-self => Improvement: Webformmailer: 1. Find recipients, 2. encrypt mails, 3. copy-to-self (-> ldap server) |
| 2012-03-25 22:15 | Uli60 | Additional Information Updated | |
| 2012-04-01 11:01 | Uli60 | Description Updated | |
| 2012-04-01 11:01 | Uli60 | Additional Information Updated | |
| 2012-04-01 11:29 | Uli60 | Note Added: 0002919 | |
| 2012-04-02 18:34 | mupan | Note Added: 0002920 | |
| 2012-04-02 18:37 | mupan | Note Added: 0002921 | |
| 2012-04-02 18:37 | mupan | Status | new => closed |
| 2012-04-02 18:37 | mupan | Resolution | open => won't fix |
| 2013-01-15 18:14 | Werner Dworak | Fixed in Version | => 2012 Q2 |
