View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0000525||Main CAcert Website||GPG/PGP||public||2008-03-30 16:32||2012-12-20 07:32|
|Summary||0000525: Point system inconsistency: GPG keys are treated different from x509 certs regarding validity|
|Description||If a cacert-member has reached the assurer-status, he will be able to create x509 certificates which are valid for two years instead of one.|
GPG-key-signatures however are not covered by this "advantage" of being an assurer: Their validity remains one year.
This issue has been discussed in the cacert.policy maiing lists and it has been concluded that GPG-signatues should be treated the same, as stated in the policy.
I therefore ask to include this amendment in the gpg-signing-component.
Found possible solution. I think the problem can be fixed by changing the parameter defining the duration in client.pl. It is set to "366" at the moment in the relevant sub function "HandleGPG" (Notice: Even 366 is wrong and this explains why GPG signatures are valid one year + one day even today). I made the change to 730 years (2 years) as Philipp has proposed. See the updated client.pl file attached.
|Tags||No tags attached.|
The original assumption is a bit wrong. The change isn't the assurer status, but the change happens at 50 points with X.509 certificates.
The duration of an X.509 certificate stays the same when the person becomes an assurer.
OpenPGP also has a change at 50 points: Below 50 points, you can't even get a OpenPGP signature. (since we stopped the class1 openpgp signatures). So it's currently 0.5-1 -> 1-2 years for X.509 and 0 -> 1 year for OpenPGP.
Please lookup the details (in the sourcecode), provide a detailled suggestion, and a patch.
client.pl (24,947 bytes)
|2008-03-30 16:32||janst||New Issue|
|2008-03-31 12:10||samj||Priority||normal => low|
|2008-05-02 09:26||Sourcerer||Note Added: 0001076|
|2008-07-07 07:24||janst||Priority||low => high|
|2008-07-07 07:24||janst||Description Updated|
|2008-12-24 11:57||janst||Description Updated|
|2008-12-24 11:59||janst||File Added: client.pl|
|2009-04-26 21:36||Sourcerer||Category||CAcert Stamp => GPG/PGP|
|2012-07-06 18:40||INOPIAE||Relationship added||related to 0001079|
|2012-12-18 04:18||Werner Dworak||Relationship added||related to 0000526|
|2012-12-20 07:32||Werner Dworak||Relationship added||related to 0000089|