. '''NOTA BENE - WORK IN PROGRESS''' - [[#Inputs_&_Thoughts|Your Inputs & Thoughts]] :-)
. '''To Technology [[Technology#Technology_Laboratory| Laboratory]]''' - '''To Technology [[Technology/Laboratory| Laboratory - Overview Projects]]''' - '''To Brain Study [[Brain/Study/Bug665| Fix Bug 665 - Project Mgmt. ]]''' - '''To comma Workbench [[comma/Workbench/Bug665| Fix Bug 665 - Community & Public Communication]]'''
----
== Fix Bug 665 - Intermediate level-3 certificate is MD5-signed - Patch / Software Improvement / Deployment ==
. See '''[[http://bugs.cacert.org/view.php?id=665| Bug Report 665]]'''
<
>
== Overview Tasks Technology Area ==
. Inputs by PhilippGuehring
* Improvement to our software to support expiring CA certificates, to avoid breaking the CRLs.
* Generate and deploy the new CA certificate. ONLY IF NEEDED
* Enable the usage of the new CA certificate in our software. ONLY IF NEEDED
<
>
==== Software Patch to support expiring CA certificates, to avoid breaking the CRLs ====
. Detail description / Documentation
<
>
==== Software Patche A ====
. Detail description / Documentation / Who?
<
>
==== Software Patche B ====
. Detail description / Documentation / Who?
<
>
==== Software Patche ? ====
. Detail description / Documentation / Who?
<
>
== Estimate Resources Needed ==
. # Developers?
. # Hours?
. Labor costs?
<
>
----
== Inputs & Thoughts ==
. 20091115-PhilippGuehring /e-mail
. {{{
> Referring to bug 665
> http://bugs.cacert.org/view.php?id=665
> and to your technical and cryptographic expertise, I kindly as you, what does it need to fix?
> What are the needs in terms of:
> * Knowledge & Skills, are they available?
> * Manpower, who has time to help?
> * Organization, who can do what and when?
> * Consequences, what could go wrong?
> * Costs, are there financial consequences?
The first thing is that we need a small improvement to our software to support expiring CA certificates, to avoid breaking the CRLs. (I implemented half of this already, only the second half is missing). I am able to do that within a week I guess.
The next thing we need is a decision, whether we want to issue a new Class3 root beyond our current Class1 root, or whether we want to issue a whole new Root certificate-structure as well.
Then we have to generate and deploy the new CA certificate.
Then we have to enable the usage of the new CA certificate in our software.
In the mean time, we should inform our users about the new certificate, which they have to do correctly for Certificate-Chains.
> Would it be possible to establish some concrete step-by-step plan, in order to fix the bug as fast as possible?
I will care about the software changes this week. Can you organize the decision for Class3 vs. WholeNewRoot?
Best regards,
Philipp Gühring
}}}
----
. YYYYMMDD-YourName
. {{{
Text / Your Statements, thoughts and e-mail snippets, Please
}}}
----
. YYYYMMDD-YourName
. {{{
Text / Your Statements, thoughts and e-mail snippets, Please
}}}
----
<
>
'''Category''' or '''Categories'''<
>
CategoryTechnology <
>
CategoryProjects <
>
CategoryCustom ''note: Please, replace "Custom" with an existing Category or if needed create a new, meaningful one.''