View Issue Details

IDProjectCategoryView StatusLast Update
0001454Main CAcert Websitewebsite contentpublic2019-01-14 13:57
ReporterbdmcAssigned To 
Status needs review & testingResolutionopen 
Product Version 
Target VersionFixed in Version 
Summary0001454: Revise Password Reset page to reduce repayments
DescriptionThe messages and instructions on the Password Reset page ( page 5 ) are unclear regarding the proper procedures, especially regarding the "donation" required before requesting that Support assist.
Tagspassword recovery, support
Reviewed by
Test Instructions



2018-12-28 04:43

developer   ~0005716

Page URL:


2018-12-30 05:46

developer   ~0005717

I have created a new version of Page 5, containing many more instructions. I have also said that asking Support for help will take a long time, although I did not specify any time estimate. The code is checked in as "bug-1454," but only consists of one file different from "release."


2018-12-30 05:49

developer   ~0005718

I have been thinking about Etienne's suggestion for some kind of instruction document to be sent to users.

That might be triggered by the Paypal Payment "success return" message, because that is the only thing that happens before the user is expected to write an e-mail message to Support.

Alternatively, some kind of automatic reply to e-mail messages to Support, with the Subject "Password Recovery Request," might be a way to do it.


2018-12-30 09:35

reporter   ~0005719

The message that the user sends with the web form probably goes to support@c.o. At the same time a copy should be sent to a new address password-reset@c.o. (or only to password-reset@c.o.).

This address replies automatically (with 'support' as the sender) with a nice reply, which explains the procedure step by step. And in such a way that the next steps are delegated to the user.

This would have the advantage that the user could help himself in some cases (relieves support). In other cases other people could help (e.g. local assurers). Third, we would have a clear situation with Paypal: Support answered immediately. We are now waiting for further information from the user. Paid service (as Paypal will always consider it) has been provided.


2018-12-30 10:01

reporter   ~0005720

Content (keyword) for an automatic reply:

Thanks for contacting us
Empathy for existing problem
Promise to help
Please document everything

Step 1: with certificate (tried on ...)
Step 2: Five questions (tried on ...)
Step 3: With Assurance
3a: If no Assurer nearby known: secretary.c.o requested for addresses from the public part of the WoT directory (requested on..., reply received on...)
3b: Assurer 1 contacted on... (if no replay within 3 days, Assurer 2, 3, 4, 5 contacted)
3c: Assurer met on....
3d: C-word received from Support on....
3e: Answered to Support answered (password reset allowed) on....
3f: T-word from support received on: ....
3g: Congratulations, now you can reset the password yourself. To do this, log into your account. As a provisional password, use (with no space in between): A-word T-word
Step 4: It didn't work. Write to support, include documentation of the first 3 steps with data and assurers.


2019-01-02 00:42

reporter   ~0005721

What about this? (Draft, in German)
If possible, send only part 1-2 and part 3 24hrs later.

Support.odt (27,211 bytes)


2019-01-13 23:03

reporter   ~0005734

What about a new e-mail-address for password recovery that answers automated (see above); only the second contact goes to support?


2019-01-14 07:11

developer   ~0005735

I should have responded to this a few days ago, when you first proposed it.

Yes, I like the idea of a special e-mail address for password recovery, and, as you say, perhaps don't send directly to the Support mailing list.

We could never send mail for password recovery to the Support mailing list, or only after the user has accomplished all other tasks. Mail to the password recovery address could be forwarded to Support, or the user would be directed to the Support mailing list only at the end of the process.


2019-01-14 13:57

reporter   ~0005736

Until now: User forgot password
-> read wiki, help himself OR most: -> @ to support@c.o. (not support@lists.c.o.)

It could be this way: User forgot password
-> read wiki, help himself OR most: -> @ to new-password-recovery-address@c.o. -> automated answer with help, step 1&2, -> after 24 hours automated answer2 with help, step 3&4, -> after 24 hours automated3 answer with help, step 5&6 (while 6 means contact support and giving the address from support)

If this is to complicated (automated following mails):

It could be this way: User forgot password
-> read wiki, help himself OR most: -> @ to new-password-recovery-address@c.o. -> automated answer with help, step 1-6 (while 6 means contact support and giving the address from support)

The phasing makes sense, as the requestor should do several things before contacting support. On the other hand, you can only send one reply with everything, because there are certainly people who have read the wiki before...

Even if the draft is in German, it's worth looking at it, possibly with an automatic translator, to see how it's planned.

Issue History

Date Modified Username Field Change
2018-12-28 04:28 bdmc New Issue
2018-12-28 04:43 bdmc Note Added: 0005716
2018-12-30 05:43 bdmc Status new => needs review & testing
2018-12-30 05:46 bdmc Note Added: 0005717
2018-12-30 05:49 bdmc Note Added: 0005718
2018-12-30 09:35 L10N Note Added: 0005719
2018-12-30 10:01 L10N Note Added: 0005720
2018-12-31 03:12 bdmc Summary Revise Password Reset page to reduce miss-use => Revise Password Reset page to reduce repayments
2019-01-02 00:42 L10N File Added: Support.odt
2019-01-02 00:42 L10N Note Added: 0005721
2019-01-13 23:03 L10N Note Added: 0005734
2019-01-14 07:11 bdmc Note Added: 0005735
2019-01-14 13:57 L10N Note Added: 0005736
2019-01-14 13:57 L10N Tag Attached: password recovery
2019-01-14 13:57 L10N Tag Attached: support