View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000008 | Main CAcert Website | GPG/PGP | public | 2005-09-02 01:52 | 2021-08-26 11:55 |
| Reporter | roe | Assigned To | Sourcerer | ||
| Priority | normal | Severity | major | Reproducibility | always |
| Status | needs review | Resolution | open | ||
| Product Version | 2005 | ||||
| Target Version | 2015 Q1 | ||||
| Summary | 0000008: Normalization of special characters when comparing names | ||||
| Description | There is a flaw in the name matching algorithm, eg. when matching the names on GPG key UIDs with the name in the CAcert database: Umlauts are not translated or normalized. The German Umlaut "ö" (o with two dots) is exactly the same as the two letter combination "oe", and the same goes for ü/ue and ä/ae. So for instance, I have "Röthlisberger" on record with CAcert, while my GPG keys spell "Roethlisberger" (less charset hassle when using the oe form). I cannot add my perfectly valid GPG keys to my CAcert account because "Röthlisberger" does not match "Roethlisberger". Lots of people with weird characters in their names prefer to sometimes use a plain 7bit ASCII version of their name, in order to avoid encoding hassle, and that seems to be perfectly legitimate and should be fully supported by CAcert. Please fix the name matching algorithm to cather for German Umlauts and treat öäü the same as oeaeue and oau. Otherwise people with special characters in their names will not be able to use some features of CAcert. There are probably similar problems with many other European languages, like French accents (éàèç) or nordic special letters. The only alternative is to remind people that they should choose the same version of their name like they use on GnuPG keys and as they want the name to appear in SSL/TLS certs. (And, give people like me some option to change my name in the CAcert database to the 7bit US ASCII representation) | ||||
| Additional Information | The beginning of a special character translation table: ö = oe = o ü = ue = u ä = ae = a é = e è = e à = a ç = c (there are many more in other areas of the world -- these are just the ones which are common in Switzerland) | ||||
| Tags | No tags attached. | ||||
| Reviewed by | |||||
| Test Instructions | Try to sign PGP keys with various variants of the name on record. | ||||
| related to | 0000991 | needs work | NEOatNHNG | commonName is wrongly burned on CSR |
| related to | 0000851 | new | Problems with diacritical letters in CAP-Form and certifcate | |
| related to | 0001097 | closed | NEOatNHNG | Special characters which have no HTML-entities are not properly escaped |
| has duplicate | 0000992 | closed | NEOatNHNG | Problem with diacritic characters while adding PGP/GPG public key |
| related to | 0000089 | needs work | Sourcerer | GPG Revokation Escrow Service |
| related to | 0001079 | needs work | GPG key can not be revoked | |
| related to | 0001184 | closed | BenBE | Hex2bin function |
| related to | 0001354 | needs review | BenBE | Problems with diacretics and non-latin1 characters |
|
|
Actually, it just says "No emails found on your key" now when I upload my (rather large) main key. I had to strip my key down to its bare essentials (just non-revoked uids and only self-sigs) in order to get the error message: "No suitable name combination could be matched from your PGP/GPG keys to what we have in the database ('Daniel Roethlisberger')" |
|
|
Is anyone able to propose a fix/patch for this at all? |
|
|
Character normalization table for Slovenian language: ?=C ?=c Ž=Z ž=z Š=S š=š ?=C ?=c ?=Dz/Dj ?=dz/dj (it seems Manitis has problems with non-western encodings, so here's the link to those, and other characters: http://www.slovo.info/testuni.htm ) Alternative normalizations in the last two lines and rules depending on language would mean that names (first, last, middle, suffix) would need to entered by user, and confirmed by assurers in order to be made promoted into valid name variations. My real name is "Štefan", but it is legal to write it as "Stefan" if there are (or might be) technical obstacles. I registered with "Stefan", because even government issued x509 certificates are normalized this way (even if "Stefan" is similar, but different valid name). I warned my assurers about the difference in case we need to reassure. It says "Štefan" on CAP forms. One day I'd love to get my real name into the certificates, but first just for testing purposes to make sure no important tool is terribly broken, and with always available option to revert to normalized name. It would also be great if users could choose which variant of their name would be put into the client certificate, so they can have 2 name variants at the same time. In my PGP key i have both names, but only the key with "Stefan" was signed by CAcert. |
|
|
AFAIK there is no real solution possible. You can only create a second name in the GPG that matches the CAcert name, or you change the CAcert name (omit non-ASCII or non-ANSI character) to the GPG name. |
|
|
Is it now possible with www/utf8_to_ascii ? |
|
|
See bug 0001354 for the bug fix as this was done in combination. |
|
|
The tests for 1354 are exactly the same as for this bug. So tests for one bug should cound for both, as the relevant code is the same as well. |
|
|
I did a test of 0001354 that had the same test instructions. => Test PASSED |
|
|
I did a successfull test at 2015-01-20 22:11 as eneredd in bug 1354 |
|
|
As there are two successfull tests, please do your reviews |
|
|
Probably needs to be solved with move the DB coding to UTF-8 |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2005-09-02 01:52 | roe | New Issue | |
| 2005-09-02 06:18 | roe | Note Added: 0000001 | |
| 2006-08-08 06:12 | duane | Note Added: 0000333 | |
| 2006-08-08 06:13 | duane | Status | new => @30@ |
| 2006-08-14 02:47 | duane | Status | @30@ => needs work |
| 2006-08-14 02:47 | duane | Assigned To | => Sourcerer |
| 2009-04-20 10:46 | stefanb | Note Added: 0001376 | |
| 2009-04-28 05:34 | stefanb | Note Edited: 0001376 | |
| 2009-04-28 05:35 | stefanb | Note Edited: 0001376 | |
| 2012-12-20 07:25 | Werner Dworak | Relationship added | related to 0000089 |
| 2012-12-20 08:29 | Werner Dworak | Relationship added | related to 0001079 |
| 2012-12-20 17:54 | Werner Dworak | Note Added: 0003485 | |
| 2013-01-06 23:46 | INOPIAE | Relationship added | has duplicate 0000992 |
| 2013-01-07 09:07 | Werner Dworak | Relationship added | related to 0000991 |
| 2013-01-07 09:08 | Werner Dworak | Relationship added | related to 0000851 |
| 2013-01-07 09:09 | Werner Dworak | Relationship added | related to 0001097 |
| 2013-07-03 17:27 | BenBE | Relationship added | related to 0001184 |
| 2014-06-15 08:53 | felixd | Note Added: 0004831 | |
| 2015-01-03 00:32 | BenBE | Relationship added | related to 0001354 |
| 2015-01-03 02:16 | BenBE | Test Instructions | => Try to sign PGP keys with various variants of the name on record. |
| 2015-01-03 02:16 | BenBE | Note Added: 0005218 | |
| 2015-01-03 02:16 | BenBE | Status | needs work => needs review & testing |
| 2015-01-03 02:16 | BenBE | Product Version | => 2005 |
| 2015-01-03 02:16 | BenBE | Target Version | => 2015 Q1 |
| 2015-01-06 21:18 | Eva | Note Added: 0005226 | |
| 2015-03-03 21:13 | felixd | Note Added: 0005344 | |
| 2015-03-03 21:15 | Eva | Note Added: 0005347 | |
| 2015-03-03 21:16 | Eva | Note Added: 0005348 | |
| 2015-03-03 21:16 | Eva | Status | needs review & testing => needs review |
| 2021-08-26 11:55 | alkas | Note Added: 0006082 |
