View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0000570||Main CAcert Website||public||2008-07-03 08:07||2013-01-15 02:39|
|Platform||Windows||OS||Microsoft Win XP||OS Version||Professional|
|Fixed in Version||2009 Q2|
|Summary||0000570: Change Your Authority Name from "Root CA" to "CAcert CA" + CRL distribution pbs|
Your name appears as "Root CA" in the list of certificate authorities. This is not right at all. And deceptive. It can be "CAcert", or "CAcert CA", or "CAcert, Inc", etc.
When someone adds your CAcert root certificate, and wants to see or change info or settings, then they will have to look for where CAcert is. When in the list they will reach to "Root CA" after seeing no "CAcert", then they will know it is CAcert Inc "cacert.org".
Please fix the problem. Since you (CAcert, Inc) have made the mistake, you will have to fix it and find out how to fix it, etc, because its your responsibility. Do whatever is necessary.
Also specify in the root certificate distribution page or mechanism, very clearly that "CAcert, Inc's name appears as "Root CA" in the list of root Authority, for now, but a work is in progress to fix this".
So others know what to look for.
But this problem needs to be fixed.
Your name should appear in the authority list as "CAcert...", not any/something else, at all.
~ Emdy Ashfolk. (Jul,3,2008,12:14PM,PST,LosAngeles,California,USA).
|Steps To Reproduce||Firefox > Tools > Options > Advanced > Encryption > View Certificates > Authorities > "Root CA".|
|Tags||No tags attached.|
from Pete S.
A bigger issue, in my opinion, is that the CRL distribution point listed in the root certificate is listed as <https://www.cacert.org/revoke.crl> -- this is bad for two reasons: 1. the URL needlessly uses https which may cause issues with some clients, and 2. it uses the "www" third-level domain, which makes it very difficult to mirror the CRL.
The current CRL distribution point for CAcert is <http://crl.cacert.org/revoke.crl>; by having a separate third-level domain, the CRL can be easily mirrored as increasing load requires.
from Pete S.
Presumably the CAcert root would have a name like "CAcert Certification Authority" or something else implying "this is a root, everything derives from this". Having separate Class 1 and Class 3 sub-roots as intermediates would also be handy, I suspect.
CAcert's root certificate distribution webpage (http://www.cacert.org/index.php?id=3) should inform people, that the ... Certificate may appear as "Root CA" for now. And since you're working on to fix this. You should also mention that ... A solution is in progress to counter this, which in future will show "CAcert CA". Or some other better message to clarify, what name its using and what it will be, in future.
This kind of notification will inform the user, where exactly to look for CAcert's certificate, if they need to see info, or they need to change settings for CAcert's certificate.
That type of notification, will at least maintain confidence level.
I use/own multiple domains. Many email addresses. And have multiple CA provider. People like me find it hard to have CAcert under the name "Root CA", instead of "CAcert CA". The name "Root CA" creates confusion during certificate configuration & association related works/process.
Fixing this, should be one of the top most priority. This is a fundamental/basic problem.
You should stop issuing newer certificates under this wrong name "Root CA". Instead create another root certificate, with correct info ("CAcert CA"), and start issuing certificate against that.
If you're working on a fix, why is it then your system still issuing newer people with the older/wrong name certificates ?
All new member should use the fixed and newer root certificate.
~ Emdy Ashfolk. (Jul,3,2008,9:13PM,PST, LosAngeles,California,USA).
||http://wiki.cacert.org/wiki/Roots/ContentsDiscussion reflects the discussion here about the certificate name. I've also made notes about CRL urls on that wiki page.|
||closing - a) because its seems to be under control for the next root cert release and b) because this is a bugs.cacert.org project|
|2008-07-03 08:07||Emdy||New Issue|
|2008-07-03 08:54||homer||Note Added: 0001111|
|2008-07-03 08:54||homer||Summary||Change Your Authority Name from "Root CA" to "CAcert CA" => Change Your Authority Name from "Root CA" to "CAcert CA" + CRL distribution pbs|
|2008-07-03 09:07||homer||Note Added: 0001112|
|2008-07-04 04:14||Emdy||Note Added: 0001113|
|2009-06-03 03:57||Daniel Black||Note Added: 0001421|
|2009-06-03 06:09||Daniel Black||Note Added: 0001427|
|2009-06-03 06:09||Daniel Black||Status||new => closed|
|2009-06-03 06:09||Daniel Black||Resolution||open => fixed|
|2012-01-25 17:17||NEOatNHNG||Project||bugs.cacert.org => Main CAcert Website|
|2013-01-15 02:39||Werner Dworak||Fixed in Version||=> 2009 Q2|