View Issue Details

IDProjectCategoryView StatusLast Update
0000525Main CAcert WebsiteGPG/PGPpublic2012-12-20 07:32
Reporterjanst Assigned To 
PriorityhighSeverityminorReproducibilityalways
Status newResolutionopen 
Summary0000525: Point system inconsistency: GPG keys are treated different from x509 certs regarding validity
DescriptionIf a cacert-member has reached the assurer-status, he will be able to create x509 certificates which are valid for two years instead of one.
GPG-key-signatures however are not covered by this "advantage" of being an assurer: Their validity remains one year.

This issue has been discussed in the cacert.policy maiing lists and it has been concluded that GPG-signatues should be treated the same, as stated in the policy.

I therefore ask to include this amendment in the gpg-signing-component.

-----------------
UPDATE

Found possible solution. I think the problem can be fixed by changing the parameter defining the duration in client.pl. It is set to "366" at the moment in the relevant sub function "HandleGPG" (Notice: Even 366 is wrong and this explains why GPG signatures are valid one year + one day even today). I made the change to 730 years (2 years) as Philipp has proposed. See the updated client.pl file attached.
TagsNo tags attached.
Reviewed by
Test Instructions

Relationships

related to 0001079 needs work GPG key can not be revoked 
related to 0000526 new CAcert signature expiration date consistent with CAcert issued cert expiration date 
related to 0000089 needs workSourcerer GPG Revokation Escrow Service 

Activities

Sourcerer

2008-05-02 09:26

administrator   ~0001076

The original assumption is a bit wrong. The change isn't the assurer status, but the change happens at 50 points with X.509 certificates.
The duration of an X.509 certificate stays the same when the person becomes an assurer.
OpenPGP also has a change at 50 points: Below 50 points, you can't even get a OpenPGP signature. (since we stopped the class1 openpgp signatures). So it's currently 0.5-1 -> 1-2 years for X.509 and 0 -> 1 year for OpenPGP.


Please lookup the details (in the sourcecode), provide a detailled suggestion, and a patch.

2008-12-24 11:59

 

client.pl (24,947 bytes)

Issue History

Date Modified Username Field Change
2008-03-30 16:32 janst New Issue
2008-03-31 12:10 samj Priority normal => low
2008-05-02 09:26 Sourcerer Note Added: 0001076
2008-07-07 07:24 janst Priority low => high
2008-07-07 07:24 janst Description Updated
2008-12-24 11:57 janst Description Updated
2008-12-24 11:59 janst File Added: client.pl
2009-04-26 21:36 Sourcerer Category CAcert Stamp => GPG/PGP
2012-07-06 18:40 INOPIAE Relationship added related to 0001079
2012-12-18 04:18 Werner Dworak Relationship added related to 0000526
2012-12-20 07:32 Werner Dworak Relationship added related to 0000089