View Issue Details

IDProjectCategoryView StatusLast Update
0000570Main CAcert Websitepublic2013-01-15 02:39
ReporterEmdy Assigned To 
PrioritynormalSeverityfeatureReproducibilityalways
Status closedResolutionfixed 
PlatformWindowsOSMicrosoft Win XP 
Fixed in Version2009 Q2 
Summary0000570: Change Your Authority Name from "Root CA" to "CAcert CA" + CRL distribution pbs
DescriptionHi,
Your name appears as "Root CA" in the list of certificate authorities. This is not right at all. And deceptive. It can be "CAcert", or "CAcert CA", or "CAcert, Inc", etc.

When someone adds your CAcert root certificate, and wants to see or change info or settings, then they will have to look for where CAcert is. When in the list they will reach to "Root CA" after seeing no "CAcert", then they will know it is CAcert Inc "cacert.org".

Please fix the problem. Since you (CAcert, Inc) have made the mistake, you will have to fix it and find out how to fix it, etc, because its your responsibility. Do whatever is necessary.

Also specify in the root certificate distribution page or mechanism, very clearly that "CAcert, Inc's name appears as "Root CA" in the list of root Authority, for now, but a work is in progress to fix this".

So others know what to look for.

But this problem needs to be fixed.

Your name should appear in the authority list as "CAcert...", not any/something else, at all.

Best regards,
~ Emdy Ashfolk. (Jul,3,2008,12:14PM,PST,LosAngeles,California,USA).
Steps To ReproduceFirefox > Tools > Options > Advanced > Encryption > View Certificates > Authorities > "Root CA".
TagsNo tags attached.
Reviewed by
Test Instructions

Activities

homer

2008-07-03 08:54

reporter   ~0001111

from Pete S.

A bigger issue, in my opinion, is that the CRL distribution point listed in the root certificate is listed as <https://www.cacert.org/revoke.crl> -- this is bad for two reasons: 1. the URL needlessly uses https which may cause issues with some clients, and 2. it uses the "www" third-level domain, which makes it very difficult to mirror the CRL.

The current CRL distribution point for CAcert is <http://crl.cacert.org/revoke.crl>; by having a separate third-level domain, the CRL can be easily mirrored as increasing load requires.

homer

2008-07-03 09:07

reporter   ~0001112

from Pete S.


Presumably the CAcert root would have a name like "CAcert Certification Authority" or something else implying "this is a root, everything derives from this". Having separate Class 1 and Class 3 sub-roots as intermediates would also be handy, I suspect.

Emdy

2008-07-04 04:14

reporter   ~0001113

Hi,
CAcert's root certificate distribution webpage (http://www.cacert.org/index.php?id=3) should inform people, that the ... Certificate may appear as "Root CA" for now. And since you're working on to fix this. You should also mention that ... A solution is in progress to counter this, which in future will show "CAcert CA". Or some other better message to clarify, what name its using and what it will be, in future.

This kind of notification will inform the user, where exactly to look for CAcert's certificate, if they need to see info, or they need to change settings for CAcert's certificate.

That type of notification, will at least maintain confidence level.

I use/own multiple domains. Many email addresses. And have multiple CA provider. People like me find it hard to have CAcert under the name "Root CA", instead of "CAcert CA". The name "Root CA" creates confusion during certificate configuration & association related works/process.

Fixing this, should be one of the top most priority. This is a fundamental/basic problem.

You should stop issuing newer certificates under this wrong name "Root CA". Instead create another root certificate, with correct info ("CAcert CA"), and start issuing certificate against that.

If you're working on a fix, why is it then your system still issuing newer people with the older/wrong name certificates ?

All new member should use the fixed and newer root certificate.

~ Emdy Ashfolk. (Jul,3,2008,9:13PM,PST, LosAngeles,California,USA).

Daniel Black

2009-06-03 03:57

reporter   ~0001421

http://wiki.cacert.org/wiki/Roots/ContentsDiscussion reflects the discussion here about the certificate name. I've also made notes about CRL urls on that wiki page.

Daniel Black

2009-06-03 06:09

reporter   ~0001427

closing - a) because its seems to be under control for the next root cert release and b) because this is a bugs.cacert.org project

Issue History

Date Modified Username Field Change
2008-07-03 08:07 Emdy New Issue
2008-07-03 08:54 homer Note Added: 0001111
2008-07-03 08:54 homer Summary Change Your Authority Name from "Root CA" to "CAcert CA" => Change Your Authority Name from "Root CA" to "CAcert CA" + CRL distribution pbs
2008-07-03 09:07 homer Note Added: 0001112
2008-07-04 04:14 Emdy Note Added: 0001113
2009-06-03 03:57 Daniel Black Note Added: 0001421
2009-06-03 06:09 Daniel Black Note Added: 0001427
2009-06-03 06:09 Daniel Black Status new => closed
2009-06-03 06:09 Daniel Black Resolution open => fixed
2012-01-25 17:17 NEOatNHNG Project bugs.cacert.org => Main CAcert Website
2013-01-15 02:39 Werner Dworak Fixed in Version => 2009 Q2