\n"
@@ -45,6 +45,10 @@ msgstr ""
msgid "'%s' has just been successfully updated in the database."
msgstr ""
+#: www/help/3.php:64
+msgid "...then click 'Next'."
+msgstr ""
+
#: www/wot/3.php:42
msgid "A CAcert Assurer who knowingly, or reasonably ought to have known, assures an applicant contrary to this policy may be held liable."
msgstr ""
@@ -65,7 +69,7 @@ msgstr ""
msgid "About CAcert.org"
msgstr ""
-#: includes/account_stuff.php:183 includes/general_stuff.php:105
+#: includes/account_stuff.php:183 includes/general_stuff.php:106
msgid "About Us"
msgstr ""
@@ -104,6 +108,10 @@ msgstr ""
msgid "After the meeting, visit the CAcert Web site's make an Assurance page and:"
msgstr ""
+#: www/help/3.php:44
+msgid "After your certificate has been emailed to you, follow this process to install the certificate."
+msgstr ""
+
#: www/account/39.php:32 www/index/10.php:32
msgid "Aggregated tracking information"
msgstr ""
@@ -116,10 +124,22 @@ msgstr ""
msgid "All fields are mandatory."
msgstr ""
-#: www/account/40.php:26 www/index/11.php:26
+#: www/help/7.php:9
+msgid "Alternatively as things progress we can add more layers of security with say 4 webservers talking to 2 intermediate servers, talking to the root store, and acting in a token ring fashion, anything happening out of sequence, and the server directly upstream shuts itself down, which if that were in place and there were multiple paths, any down time in this fashion would fall over to the servers not compromised, anyways just some food for thought."
+msgstr ""
+
+#: www/account/40.php:40 www/index/11.php:40
msgid "Alternatively you can get in contact with us via the following methods:"
msgstr ""
+#: www/help/2.php:49
+msgid "And they are making mistakes"
+msgstr ""
+
+#: www/help/3.php:70
+msgid "And you're done!"
+msgstr ""
+
#: www/account/16.php:39
msgid "Another Email"
msgstr ""
@@ -128,6 +148,10 @@ msgstr ""
msgid "Any valid certificates will be revoked as well"
msgstr ""
+#: www/help/7.php:5
+msgid "Apart from the boot stuff, all data resides on an encrypted partition on the root store server and only manual intervention in the boot up process by entering the password will start it again."
+msgstr ""
+
#: www/wot/2.php:26
msgid "Apon receiving your documents you will be notified, and points will be added to your account."
msgstr ""
@@ -147,6 +171,10 @@ msgstr ""
msgid "Are you really sure you want to remove %s from administering this organisation?"
msgstr ""
+#: www/help/2.php:22
+msgid "As anyone who has received an email containing a virus from a strange address knows, emails can be easily spoofed. The identity of the sender is very easy to forge via email. Thus a great advantage is that digital signing provides a means of ensuring that an email is really from the person you think it is. If everyone digitally signed their emails, it would be much easier to know whether an email is legitimate and unchanged and to the great relief of many, spamming would be much easier to control, and viruses that forge the sender's address would be obvious and therefore easier to control."
+msgstr ""
+
#: www/wot/6.php:24
msgid "Assurance Confirmation"
msgstr ""
@@ -187,6 +215,22 @@ msgstr ""
msgid "Best regards"
msgstr ""
+#: www/help/3.php:60
+msgid "Browse to the location you saved the .cer file to in step 1"
+msgstr ""
+
+#: www/help/2.php:25
+msgid "But perhaps, fundamentally, the most important reason for digital signing is awareness and privacy. It creates awareness of the (lack of) security of the Internet, and the tools that we can arm ourselves with to ensure our personal security. And in sensitising people to digital signatures, we become aware of the possibility of privacy and encryption."
+msgstr ""
+
+#: www/help/2.php:7 www/help/2.php:35
+msgid "But, er, is this really proof of your email identity?"
+msgstr ""
+
+#: www/help/2.php:48
+msgid "But, with all this money, and all this responsibility, they must be taking a lot of care to ensure the Certificate Authorities do their jobs well, and keep doing their jobs well, right? Well right?!"
+msgstr ""
+
#: www/account/10.php:15 www/account/3.php:15
msgid "CAcert Certficate Acceptable Use Policy"
msgstr ""
@@ -219,6 +263,10 @@ msgstr ""
msgid "CAcert may, from time to time, alter the amount of Assurance Points that a class of assurer may assign as is necessary to effect a policy or rule change. We may also alter the amount of Assurance Points available to an individual, or new class of assurer, should another policy of CAcert require this."
msgstr ""
+#: www/help/6.php:11
+msgid "CAcert then sends you an email with a signed copy of your certificate. Hopefully the rest should be pretty straight forward."
+msgstr ""
+
#: www/account/0.php:17
msgid "CAcert.org"
msgstr ""
@@ -235,7 +283,7 @@ msgstr ""
msgid "CAcert.org was designed to be by the community for the community, and instead of placing all the labour on a central authority and in turn increasing the cost of certificates, the idea was to get community in conjunction with this website to have trust maintained in a dispersed and automated manner!"
msgstr ""
-#: includes/general_stuff.php:64
+#: includes/general_stuff.php:65
msgid "CRL"
msgstr ""
@@ -256,6 +304,14 @@ msgstr ""
msgid "Certificate Installation Error"
msgstr ""
+#: www/help/3.php:43
+msgid "Certificate Installation process for IIS 5.0"
+msgstr ""
+
+#: www/help/0.php:5
+msgid "Certificate Retrieval Proposal"
+msgstr ""
+
#: includes/account.php:718 includes/account.php:1115
#, php-format
msgid "Certificate for '%s' has been renewed."
@@ -279,12 +335,24 @@ msgstr ""
msgid "Change Password"
msgstr ""
+#: www/help/3.php:36
+msgid "Choose a filename to save the request to"
+msgstr ""
+
#: includes/account.php:720 includes/account.php:1117
#: includes/account.php:1499 includes/account.php:1546
#: includes/account.php:1558 www/account/19.php:45 www/account/6.php:43
msgid "Click here"
msgstr ""
+#: www/account/40.php:19 www/index/11.php:19
+msgid "Click here to go to the Support List"
+msgstr ""
+
+#: www/account/40.php:26 www/index/11.php:26
+msgid "Click here to view all lists available"
+msgstr ""
+
#: includes/account_stuff.php:130 www/account/18.php:18 www/account/5.php:18
msgid "Client Certificates"
msgstr ""
@@ -294,6 +362,10 @@ msgstr ""
msgid "Comments"
msgstr ""
+#: www/help/4.php:14
+msgid "Common Name (eg, YOUR name) []:"
+msgstr ""
+
#: www/account/11.php:22 www/account/12.php:23 www/account/18.php:23
#: www/account/21.php:25 www/account/22.php:23
msgid "CommonName"
@@ -316,6 +388,10 @@ msgstr ""
msgid "Complete the assurance form if the applicant has not already done so. Ensure that all information matches."
msgstr ""
+#: www/help/3.php:39
+msgid "Confirm your request details"
+msgstr ""
+
#: www/wot/3.php:19
msgid "Contact"
msgstr ""
@@ -332,7 +408,7 @@ msgstr ""
msgid "Contact Email"
msgstr ""
-#: includes/account_stuff.php:184 includes/general_stuff.php:106
+#: includes/account_stuff.php:184 includes/general_stuff.php:107
#: www/account/40.php:15 www/index/11.php:15
msgid "Contact Us"
msgstr ""
@@ -345,6 +421,14 @@ msgstr ""
msgid "Cookies"
msgstr ""
+#: www/help/2.php:38
+msgid "Cool man! How do I create my own digital signature?!"
+msgstr ""
+
+#: www/help/3.php:47
+msgid "Copy the contents of the email including the "
+msgstr ""
+
#: includes/account.php:661 includes/account.php:775 includes/account.php:1174
#: includes/account.php:1396
#, php-format
@@ -356,14 +440,22 @@ msgstr ""
msgid "Country"
msgstr ""
+#: www/help/4.php:9
+msgid "Country Name (2 letter code) [AU]:"
+msgstr ""
+
#: www/account/17.php:133 www/account/4.php:133
msgid "Create Certificate Request"
msgstr ""
-#: includes/general_stuff.php:68 www/index/7.php:15
+#: includes/general_stuff.php:69 www/index/7.php:15
msgid "Credits"
msgstr ""
+#: www/help/7.php:2
+msgid "Currently there is 2 main servers, one for webserver, one for root store, with the root store only connected to the webserver via serial cable, with a daemon running as non-root processes on each end of the serial listening/sending requests/info."
+msgstr ""
+
#: www/wot/10.php:22 www/wot/10.php:55 www/wot/6.php:60
msgid "Date"
msgstr ""
@@ -409,10 +501,22 @@ msgstr ""
msgid "Department"
msgstr ""
+#: www/help/0.php:6
+msgid "Digital Signing (a guide for normal people)"
+msgstr ""
+
+#: www/help/2.php:17
+msgid "Digital signing thus provides security on the Internet."
+msgstr ""
+
#: www/wot/8.php:22
msgid "Directory Listing"
msgstr ""
+#: www/help/2.php:61
+msgid "Disclaimer : These are the author's opinions, but they should not be considered 'truth' without personal verification. The author may have made mistakes and any mistakes will be willingly rectified by contacting the administrator of elucido.net, contact details available from the normal domain registration information services (e.g. whois.net). No recommendation to install a Certificate Authority's root certificate is either intended nor implied."
+msgstr ""
+
#: www/account/26.php:24 www/account/28.php:25 www/account/29.php:31
#: www/account/7.php:23
msgid "Domain"
@@ -431,7 +535,7 @@ msgstr ""
msgid "Domains and Server Certificates."
msgstr ""
-#: includes/account_stuff.php:183 includes/general_stuff.php:105
+#: includes/account_stuff.php:183 includes/general_stuff.php:106
#: www/account/38.php:15 www/index/13.php:15
msgid "Donations"
msgstr ""
@@ -440,6 +544,10 @@ msgstr ""
msgid "Due to recent site changes bookmarks may no longer be valid, please update your bookmarks."
msgstr ""
+#: www/help/2.php:39
+msgid "Easy. Ish. Go to CAcert.org, install their root certificate and then follow their joining instructions. Once you have joined, request a certificate from the menu. You will receive an email with a link to the certificate. Click on the link from your email software, and hopefully it will be seamlessly installed. Next find the security section of the settings in your email software and configure digital signatures using the certificate you just downloaded. Hmm. Call me if you want, I'll guide you through it."
+msgstr ""
+
#: includes/account_stuff.php:123 www/account/25.php:23 www/account/25.php:40
#: www/account/26.php:25 www/account/26.php:35
msgid "Edit"
@@ -463,7 +571,7 @@ msgid "Email Accounts and Client Certificates"
msgstr ""
#: www/account/1.php:22 www/account/11.php:33 www/account/5.php:23
-#: www/index/1.php:69 www/index/4.php:25 www/index/5.php:21
+#: www/index/1.php:69 www/index/4.php:25 www/index/5.php:21 www/help/4.php:15
msgid "Email Address"
msgstr ""
@@ -479,15 +587,55 @@ msgstr ""
msgid "Email Probe"
msgstr ""
+#: www/help/2.php:20
+msgid "Emails are not secure. In fact emails are VERY not secure!"
+msgstr ""
+
+#: www/help/3.php:58
+msgid "Ensure 'Process the pending request and install the certificate' is selected and click on 'Next'."
+msgstr ""
+
+#: www/help/3.php:63
+msgid "Ensure that you are processing the correct certificate"
+msgstr ""
+
+#: www/help/3.php:17
+msgid "Enter a certificate name and select Certificate strength"
+msgstr ""
+
+#: www/help/3.php:26
+msgid "Enter the Organisation name: this must be the full legal name of the Organisation that is applying for the certificate."
+msgstr ""
+
#: www/wot/3.php:30
msgid "Enter the applicant's email address;"
msgstr ""
+#: www/help/3.php:33
+msgid "Enter the geographical details"
+msgstr ""
+
+#: www/help/3.php:30
+msgid "Enter your Common Name"
+msgstr ""
+
+#: www/help/3.php:25
+msgid "Enter your Organisation Information"
+msgstr ""
+
+#: www/help/2.php:57
+msgid "Erroneous Verisign Issued Digital Certificates Pose Spoofing Hazard"
+msgstr ""
+
#: includes/account.php:152 www/verify.php:33 www/verify.php:45
#: www/verify.php:76 www/verify.php:89
msgid "Error!"
msgstr ""
+#: www/help/2.php:21
+msgid "Ever requested a password that you lost to be emailed to you? That password was wide open to inspection by potential crackers."
+msgstr ""
+
#: www/account/12.php:50 www/account/18.php:50 www/account/22.php:50
#: www/account/5.php:54
msgid "Expired"
@@ -506,10 +654,18 @@ msgstr ""
msgid "File not found!"
msgstr ""
+#: www/help/4.php:16
+msgid "Finally you will be asked information about 'extra' attribute, you simply hit enter to both these questions."
+msgstr ""
+
#: includes/account_stuff.php:159
msgid "Find an Assurer"
msgstr ""
+#: www/help/3.php:41
+msgid "Finish up and exit IIS Certificate Wizard"
+msgstr ""
+
#: www/account/13.php:27 www/index/1.php:22
msgid "First Name"
msgstr ""
@@ -522,6 +678,22 @@ msgstr ""
msgid "First and/or last names were blank."
msgstr ""
+#: www/help/6.php:1
+msgid "Firstly you need to join CAcert to do that go:"
+msgstr ""
+
+#: www/help/4.php:1
+msgid "Firstly you will need to run the following command, preferably in secured directory no one else can access, however protecting your private keys is beyond the scope of this document."
+msgstr ""
+
+#: www/help/0.php:2
+msgid "Following are several tips you may find useful."
+msgstr ""
+
+#: www/help/3.php:71
+msgid "For more information, refer to your server documentation or visit"
+msgstr ""
+
#: www/index/0.php:19
msgid "For years we've all been charged high amounts of money to pay for security that doesn't and shouldn't cost the earth."
msgstr ""
@@ -539,10 +711,38 @@ msgstr ""
msgid "GPG/PGP Keys"
msgstr ""
+#: www/account/40.php:17 www/index/11.php:17
+msgid "General Questions"
+msgstr ""
+
+#: www/account/40.php:18 www/index/11.php:18
+msgid "General questions about CAcert should be sent to the general support list, this list has many more volunteers then those directly involved with the running of the website."
+msgstr ""
+
+#: www/help/4.php:4
+msgid "Generating a 1024 bit RSA private key"
+msgstr ""
+
+#: www/help/3.php:1
+msgid "Generating a Key Pair and Certificate Signing Request (CSR) for a Microsoft Internet Information Server (IIS) 5.0."
+msgstr ""
+
+#: www/help/0.php:7
+msgid "Generating a New Key Pair and CSR for IIS 5.0"
+msgstr ""
+
#: includes/account_stuff.php:119
msgid "Go Home"
msgstr ""
+#: www/help/2.php:16
+msgid "Good question"
+msgstr ""
+
+#: www/help/0.php:1
+msgid "Help!"
+msgstr ""
+
#: www/index/16.php:23 www/index/3.php:23
msgid "High Trust GPG Key"
msgstr ""
@@ -563,10 +763,38 @@ msgstr ""
msgid "Home"
msgstr ""
+#: www/help/2.php:8
+msgid "How do I create my own digital signature?!"
+msgstr ""
+
+#: www/help/0.php:8
+msgid "How do I generate a private key and CSR using OpenSSL?"
+msgstr ""
+
+#: www/help/0.php:10
+msgid "How do I get a Server certificate from CAcert?"
+msgstr ""
+
+#: www/help/0.php:9
+msgid "How do I get a secured by CAcert emblem on my site?"
+msgstr ""
+
+#: www/help/0.php:11
+msgid "How does CAcert Protect it's root private key?"
+msgstr ""
+
+#: www/help/2.php:4 www/help/2.php:21 www/help/2.php:24
+msgid "How it prepares us to protect our freedom"
+msgstr ""
+
#: www/account/39.php:50 www/index/10.php:50
msgid "How to update, correct, or delete your information"
msgstr ""
+#: includes/general_stuff.php:63
+msgid "Howto Information"
+msgstr ""
+
#: www/wot/6.php:76
msgid "I am sure of myself"
msgstr ""
@@ -575,6 +803,10 @@ msgstr ""
msgid "I believe that the assertion of identity I am making is correct, complete and verifiable. I have seen original documentation attesting to this identity. I accept that CAcert may challenge this assurance and call upon me to prove the basis for it, and that I may be held responsible if I cannot provide such proof."
msgstr ""
+#: www/help/2.php:9 www/help/2.php:41
+msgid "I can't wait to start sending encrypted emails!"
+msgstr ""
+
#: includes/account.php:933
msgid "I couldn't match any emails against your organisational account."
msgstr ""
@@ -616,6 +848,14 @@ msgstr ""
msgid "If the Subscriber's name and/or domain name registration change the subscriber will immediately inform CAcert Inc. who shall revoke the digital certificate. When the Digital Certificate expires or is revoked the company will permanently remove the certificate from the server on which it is installed andwill not use it for any purpose thereafter. The person responsible for key management and security is fully authorized to install and utilize the certificate to represent this organization's electronic presence."
msgstr ""
+#: www/help/7.php:3
+msgid "If the root store detects a bad request it assumes the webserver is compromised and shuts itself down."
+msgstr ""
+
+#: www/help/7.php:4
+msgid "If the root store doesn't receive a 'ping' reply over the serial link within a determined amount of time it assumes the webserver is compromised or the root store itself has been stolen and shuts itself down."
+msgstr ""
+
#: www/account/39.php:47 www/index/10.php:47
msgid "If we change our Privacy Policy, we will post those changes on www.CAcert.org. If we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users via email. Users will be able to opt out of any new use of their personal information."
msgstr ""
@@ -624,6 +864,10 @@ msgstr ""
msgid "If you are happy with this location, click 'Make my location here' to update your location details."
msgstr ""
+#: www/account/40.php:29 www/index/11.php:29
+msgid "If you have questions, comments or otherwise and information you're sending to us contains sensitive details, you should use the contact form below. Sending general questions via this contact form will generally take longer then using the support mailing list."
+msgstr ""
+
#: www/account/39.php:55 www/index/10.php:55
msgid "If you need to contact us in writing, address your mail to:"
msgstr ""
@@ -636,6 +880,18 @@ msgstr ""
msgid "If, and only if, the two match completely - you may award trust points up to the maximum points you are able to allocate;"
msgstr ""
+#: www/help/7.php:1
+msgid "In light of a request on the bugzilla list for more information about how our root certificate is protected I've decided to do a write up here and see if there is anything more people suggest could be done, or a better way of handling things altogether."
+msgstr ""
+
+#: www/help/3.php:9
+msgid "In the 'Directory Security' folder click on the 'Server Certificate' button in the 'Secure communications' section. If you have not used this option before the 'Edit' button will not be active."
+msgstr ""
+
+#: www/help/3.php:57
+msgid "In the 'IIS Certificate Wizard' you should find a 'Pending Certificate Request'."
+msgstr ""
+
#: www/account/0.php:20
msgid "In this section you will be able to edit your personal information (if you haven't been assured), update your pass phrase, and lost pass phrase questions. You will also be able to set your location for the Web of Trust, it also effects the email announcement settings which among other things can be set to notify you if you're within 200km of a planned assurance event. You'll also be able to set additional contact information when you become fully trusted, so others can contact you to meet up outside official events."
msgstr ""
@@ -661,6 +917,10 @@ msgstr ""
msgid "Install Your Certificate"
msgstr ""
+#: www/help/3.php:51
+msgid "Installation steps"
+msgstr ""
+
#: www/account/19.php:43 www/account/19.php:52 www/account/6.php:41
#: www/account/6.php:50
msgid "Installing your certificate"
@@ -715,6 +975,10 @@ msgstr ""
msgid "Key Strength:"
msgstr ""
+#: www/help/3.php:4
+msgid "Key generation process"
+msgstr ""
+
#: www/account/17.php:131 www/account/4.php:131
msgid "Keysize:"
msgstr ""
@@ -741,6 +1005,10 @@ msgstr ""
msgid "Listed"
msgstr ""
+#: www/help/4.php:11
+msgid "Locality Name (eg, city) [Sydney]:"
+msgstr ""
+
#: www/account/11.php:30 www/account/21.php:33 www/wot/10.php:25
#: www/wot/10.php:58 www/wot/6.php:56
msgid "Location"
@@ -794,12 +1062,12 @@ msgstr ""
msgid "Make my location here"
msgstr ""
-#: includes/general.php:299 includes/general.php:386
+#: includes/general.php:300 includes/general.php:387
#, php-format
msgid "Malformed subjectAltName '%s', must be in form DNS:my.isp.com or DNS:*.isp.com"
msgstr ""
-#: includes/general.php:327 includes/general.php:418
+#: includes/general.php:328 includes/general.php:419
#, php-format
msgid "Malformed subjectAltName, must be in form DNS:my.isp.com or DNS:*.isp.com OR '%s' can't be matched to any current domain validated against your account."
msgstr ""
@@ -820,6 +1088,14 @@ msgstr ""
msgid "Method"
msgstr ""
+#: www/help/2.php:58
+msgid "Microsoft Root Certificate Program"
+msgstr ""
+
+#: www/help/3.php:71
+msgid "Microsoft Support Online"
+msgstr ""
+
#: www/account/13.php:31 www/index/1.php:26
msgid "Middle Name(s)"
msgstr ""
@@ -828,6 +1104,10 @@ msgstr ""
msgid "Miscellaneous"
msgstr ""
+#: www/help/2.php:26
+msgid "Most people would object if they found that all their postal letters are being opened, read and possibly recorded by the Government before being passed on to the intended recipient, resealed as if nothing had happened. And yet this is what happens every day with your emails (in the UK). There are some who have objected to this intrusion of privacy, but their voices are small and fall on deaf ears. However the most effective way to combat this intrusion is to seal the envelope shut in a miniature bank vault, i.e. encrypt your email. If all emails were encrypted, it would be very hard for Government, or other organisations/individual crackers, to monitor the general public. They would only realistically have enough resources to monitor those they had reason to suspect. Why? Because encryption can be broken, but it takes a lot of computing power and there wouldn't be enough to monitor the whole population of any given country."
+msgstr ""
+
#: includes/general_stuff.php:55 www/account/0.php:15
msgid "My Account"
msgstr ""
@@ -853,9 +1133,9 @@ msgstr ""
#: includes/account.php:1468 includes/account.php:1497
#: includes/account.php:1544 includes/account.php:1556
#: includes/account.php:1619 includes/account.php:1722
-#: includes/account.php:1729 includes/general.php:280 includes/general.php:298
-#: includes/general.php:326 includes/general.php:367 includes/general.php:385
-#: includes/general.php:417 www/account.php:32 www/error404.php:17
+#: includes/account.php:1729 includes/general.php:281 includes/general.php:299
+#: includes/general.php:327 includes/general.php:368 includes/general.php:386
+#: includes/general.php:418 www/account.php:32 www/error404.php:17
#: www/wot.php:106 www/wot.php:242 www/wot.php:261 www/wot.php:274
#: www/wot.php:285 www/account/15.php:23 www/account/19.php:23
#: www/account/19.php:42 www/account/19.php:50 www/account/23.php:23
@@ -931,6 +1211,10 @@ msgstr ""
msgid "Next"
msgstr ""
+#: www/help/4.php:17
+msgid "Next step is that you submit the contents of server.csr to the CAcert website, it should look *EXACTLY* like the following example otherwise the server may reject your request because it appears to be invalid."
+msgstr ""
+
#: www/account/3.php:52
msgid "No Name"
msgstr ""
@@ -953,10 +1237,18 @@ msgstr ""
msgid "Not a valid email address. Can't continue."
msgstr ""
+#: www/help/2.php:10 www/help/2.php:44
+msgid "Notes for the strangely curious"
+msgstr ""
+
#: www/account/39.php:45 www/index/10.php:45
msgid "Notification of changes"
msgstr ""
+#: www/help/3.php:12
+msgid "Now 'Create a new certificate'."
+msgstr ""
+
#: includes/account.php:644 includes/account.php:760 includes/account.php:1158
#: includes/account.php:1378
msgid "Now deleting the following pending requests:"
@@ -972,10 +1264,14 @@ msgstr ""
msgid "Now revoking the following certificates:"
msgstr ""
-#: includes/general_stuff.php:66
+#: includes/general_stuff.php:67
msgid "OCSP Details"
msgstr ""
+#: www/help/2.php:30
+msgid "Of the biggest reasons why most people haven't started doing this, apart from being slightly technical, the reason is financial. You need your own certificate to digitally sign your emails. And the Certificate Authorities charge money to provide you with your own certificate. Need I say more. Dosh = no thanks I'd rather walk home. But organisations are emerging to provide the common fool in the street with a free alternative. However, given the obvious lack of funding and the emphasis on money to get enrolled, these organisations do not yet have the money to get themselves established as trusted Certificate Authorities. Thus it is currently down to trust. The decision of the individual to trust an unknown Certificate Authority. However once you have put your trust in a Certificate Authority you can implicitly trust the digital signatures generated using their certificates. In other words, if you trust (and accept the certificate of) the Certificate Authority that I use, you can automatically trust my digital signature. Trust me!"
+msgstr ""
+
#: www/account/14.php:21
msgid "Old Pass Phrase"
msgstr ""
@@ -988,6 +1284,18 @@ msgstr ""
msgid "Once you have verified your company you will see these menu options. They allow you to issue as many certificates as you like without proving individual email accounts as you like, further more you are able to get your company details on the certificate."
msgstr ""
+#: www/help/4.php:28
+msgid "Once you've submitted it the system will process your request and send an email back to you containing your server certificate."
+msgstr ""
+
+#: www/help/2.php:45
+msgid "One assumes that if a site has an SSL certificate (that's what enables secure communication, for exchanging personal details, credit card numbers, etc. and gives the 'lock' icon in the browser) that they have obtained that certificate from a reliable source (a Certificate Authority), which has the appropriate stringent credentials for issuing something so vital to the security of the Internet, and the security of your communications. You have probably never even asked yourself the question of who decided to trust these Certificate Authorities, because your browser comes with their (root) certificates pre-installed, so any web site that you come across that has an SSL certificate signed by one of them, is automatically accepted (by your browser) as trustworthy."
+msgstr ""
+
+#: www/help/3.php:8
+msgid "Open Directory Security folder"
+msgstr ""
+
#: includes/account_stuff.php:153
msgid "Org Admin"
msgstr ""
@@ -1025,6 +1333,18 @@ msgstr ""
msgid "Organisations"
msgstr ""
+#: www/help/4.php:12
+msgid "Organization Name (eg, company) [XYZ Corp]:"
+msgstr ""
+
+#: www/help/4.php:13
+msgid "Organizational Unit Name (eg, section) [Server Administration]:."
+msgstr ""
+
+#: www/account/40.php:24 www/index/11.php:24
+msgid "Other Mailing Lists"
+msgstr ""
+
#: www/index/16.php:16 www/index/3.php:16
msgid "PKI Key"
msgstr ""
@@ -1091,15 +1411,19 @@ msgstr ""
msgid "Points"
msgstr ""
-#: www/account/40.php:28 www/index/11.php:28
+#: www/account/40.php:42 www/index/11.php:42
msgid "Postal Address:"
msgstr ""
+#: www/help/3.php:14
+msgid "Prepare the request"
+msgstr ""
+
#: www/wot/3.php:35
msgid "Privacy"
msgstr ""
-#: includes/account_stuff.php:184 includes/general_stuff.php:106
+#: includes/account_stuff.php:184 includes/general_stuff.php:107
#: www/account/39.php:15 www/index/10.php:15
msgid "Privacy Policy"
msgstr ""
@@ -1112,6 +1436,10 @@ msgstr ""
msgid "Processing"
msgstr ""
+#: www/help/2.php:11 www/help/2.php:54
+msgid "References"
+msgstr ""
+
#: includes/account.php:667 includes/account.php:781 includes/account.php:1180
#: includes/account.php:1402
#, php-format
@@ -1137,6 +1465,10 @@ msgstr ""
msgid "Repeat"
msgstr ""
+#: www/help/3.php:52
+msgid "Return to the 'Internet Information Services' screen in 'Administrative Tools' under 'Control Panel'. Right click on 'Default Web Site' and select 'Properties'."
+msgstr ""
+
#: includes/account.php:610 includes/account.php:728 includes/account.php:1125
#: includes/account.php:1344 www/account/12.php:72 www/account/18.php:76
#: www/account/22.php:72 www/account/5.php:80
@@ -1149,7 +1481,7 @@ msgstr ""
msgid "Revoked"
msgstr ""
-#: includes/general_stuff.php:63
+#: includes/general_stuff.php:64
msgid "Root Certificate"
msgstr ""
@@ -1165,6 +1497,18 @@ msgstr ""
msgid "Rules"
msgstr ""
+#: www/help/3.php:46
+msgid "Saving the certificate"
+msgstr ""
+
+#: www/help/3.php:6 www/help/3.php:7 www/help/3.php:10 www/help/3.php:13
+#: www/help/3.php:16 www/help/3.php:19 www/help/3.php:29 www/help/3.php:32
+#: www/help/3.php:35 www/help/3.php:38 www/help/3.php:50 www/help/3.php:53
+#: www/help/3.php:56 www/help/3.php:59 www/help/3.php:62 www/help/3.php:65
+#: www/help/3.php:68
+msgid "Screenshot of IIS 5.0"
+msgstr ""
+
#: www/wot/7.php:127
msgid "Search"
msgstr ""
@@ -1173,11 +1517,43 @@ msgstr ""
msgid "Search this region"
msgstr ""
+#: www/help/2.php:36
+msgid "Security is a serious matter. For a digital certificate with full rights to be issued to an individual by a Certificate Authority, stringent tests must be conducted, including meeting the physical person to verify their identity. At the current moment in time, my physical identity has not been verified by CAcert.org, but they have verified my email address. Installing their root certificate (see above) will thus automatically allow you to validate my digital signature. You can then be confident of the authenticity of my email address - only I have the ability to digitally sign my emails using my CAcert.org certificate, so if you get an email that I digitally signed and which is validated by your email software using the cacert.org root certificate that you installed, you know it's from me. (Visually you get a simple indication that my email is signed and trusted). Technically, they haven't verified that I really am me! But you have the guarantee that emails from my address are sent by the person who physically administers that address, i.e. me! The only way that someone could forge my digital signature would be if they logged on to my home computer (using the password) and ran my email software (using the password) to send you a digitally signed email from my address. Although I have noticed the cats watching me logon..."
+msgstr ""
+
+#: www/help/3.php:18
+msgid "Select 'Bit length'. We advise a key length of 1024 bits."
+msgstr ""
+
+#: www/help/3.php:11
+msgid "Select 'Create a new certificate'"
+msgstr ""
+
+#: www/help/3.php:55
+msgid "Select 'Server Certificate' at the bottom of the tab in the 'Secure communications' section."
+msgstr ""
+
+#: www/help/3.php:37
+msgid "Select an easy to locate folder. You'll have to open this file up with Notepad. The CSR must be copied and pasted into our online form. Once the CSR has been submitted, you won't need this CSR any more as IIS won't reuse old CSR to generate new certificates."
+msgstr ""
+
+#: www/help/3.php:61
+msgid "Select the .cer file and click 'Next'."
+msgstr ""
+
+#: www/help/3.php:54
+msgid "Select the Directory Security tab"
+msgstr ""
+
#: www/account.php:23 www/index.php:312 www/index.php:327
-#: www/account/40.php:23 www/index/11.php:23 www/wot/9.php:60
+#: www/account/40.php:36 www/index/11.php:36 www/wot/9.php:60
msgid "Send"
msgstr ""
+#: www/account/40.php:28 www/index/11.php:28
+msgid "Sensitive Information"
+msgstr ""
+
#: includes/account_stuff.php:138
msgid "Server Certificates"
msgstr ""
@@ -1186,6 +1562,18 @@ msgstr ""
msgid "Shortly you and the person you were assuring will receive an email confirmation. There is no action on your behalf required to complete this."
msgstr ""
+#: www/account/40.php:39 www/index/11.php:39
+msgid "Snail Mail"
+msgstr ""
+
+#: www/help/2.php:50
+msgid "So if you don't pass the audit, you don't get to be a Certificate Authority. And to pass the audit, well, you've got to show that you can do a good job issuing certificates. That they're secure, you only give them to the right people, etc. So what happens when you make a mistake and you erroneously issue a certificate that risks the entire Internet browsing population, like Verisign did? Well, er, nothing actually. They already paid for their audit, and damn it, they're so big now, we couldn't possibly revoke their Certificate Authority status. (There's too much money at stake!)"
+msgstr ""
+
+#: www/help/2.php:52
+msgid "So, dammit, what's the point of all this then?"
+msgstr ""
+
#: www/account/39.php:39 www/index/10.php:39
msgid "Some of our advertisers use a third-party ad server to display ads. These ads may contain cookies. The ad server receives these cookies, and we don't have access to them."
msgstr ""
@@ -1194,6 +1582,10 @@ msgstr ""
msgid "Sorry, I was unable to locate that user."
msgstr ""
+#: www/help/4.php:10
+msgid "State or Province Name (full name) [NSW]:"
+msgstr ""
+
#: www/account/11.php:31 www/account/21.php:34 www/account/24.php:33
#: www/account/27.php:36
msgid "State/Province"
@@ -1204,7 +1596,7 @@ msgstr ""
msgid "Status"
msgstr ""
-#: www/account/40.php:21 www/index/11.php:21 www/wot/9.php:52
+#: www/account/40.php:34 www/index/11.php:34 www/wot/9.php:52
msgid "Subject"
msgstr ""
@@ -1222,10 +1614,18 @@ msgstr ""
msgid "Suffix"
msgstr ""
+#: www/help/6.php:7
+msgid "System will send you an email with a link in it, you just open the link in a webbrowser."
+msgstr ""
+
#: includes/account_stuff.php:159
msgid "TTP Form"
msgstr ""
+#: www/help/2.php:55
+msgid "Ten Risks of PKI: What You're not Being Told about Public Key Infrastructure"
+msgstr ""
+
#: www/account/38.php:23 www/index/13.php:23
msgid "Thank you very much for your support, your donations help CAcert to continue to operate."
msgstr ""
@@ -1234,10 +1634,18 @@ msgstr ""
msgid "Thanks for signing up with CAcert.org, below is the link you need to open to verify your account. Once your account is verified you will be able to start issuing certificates till your hearts' content!"
msgstr ""
+#: www/help/2.php:47
+msgid "That situation has changed, and Internet Explorer, being the most obvious example, now insists that any Certificate Authorities are 'audited' by an 'independent' organisation, the American Institute for Certified Public Accountant's (AICPA). So now, if you have the money needed (from US$75000 up to US$250000 and beyond) you can get these accountants, who clearly know a lot about money, to approve you as having the required technical infrastructure and business processes to be a Certificate Authority. And they get a nice wad of money for the pleasure. And the Certificate Authorities, having a kind of monopoly as a result, charge a lot for certificates and also get a nice wad of money. And everyone's happy."
+msgstr ""
+
#: www/account/17.php:89 www/account/4.php:89
msgid "The 1024-bit key generation failed. Would you like to try 512 instead?"
msgstr ""
+#: www/help/3.php:31
+msgid "The Common Name is the fully qualified host and Domain Name or website address that you will be securing. Both 'www.cacert.org' and 'secure.cacert.com' are valid Common Names. IP addresses are usually not used."
+msgstr ""
+
#: www/verify.php:46
msgid "The ID or Hash has already been verified, or something weird happened."
msgstr ""
@@ -1246,10 +1654,18 @@ msgstr ""
msgid "The ID or Hash has already been verified, the domain no longer exists in the system, or something weird happened."
msgstr ""
+#: www/help/3.php:28
+msgid "The Organisational Unit field is the 'free' field. It is often the department or Server name for reference."
+msgstr ""
+
#: includes/account.php:887 www/index.php:95
msgid "The Pass Phrase you submitted was too short."
msgstr ""
+#: www/help/2.php:59
+msgid "The Regulation of Investigational Powers Act (RIPA) ('Snooping Bill' official gov site, UK)"
+msgstr ""
+
#: www/account/0.php:28
msgid "The Web of Trust system CAcert uses is similar to that many involved with GPG/PGP use, they hold face to face meetings to verify each others photo identities match their GPG/PGP key information. CAcert differs however in that we have modified things to work within the PKI framework, for you to gain trust in the system you must first locate someone already trusted. The trust person depending how many people they've trusted or meet before will determine how many points they can issue to you (the number of points they can issue is listed in the locate assurer section). Once you've met up you can show your ID and you will need to fill out a CAP form which the person assuring your details must retain for verification reasons. You can also get trust points via the Trust Third Party system where you go to a lawyer, bank manager, accountant, or public notary/juctise of the peace and they via your ID and fill in the TTP form to state they have viewed your ID documents and it appears authentic and true. More information on the TTP system can be found in the TTP sub-menu"
msgstr ""
@@ -1295,10 +1711,47 @@ msgstr ""
msgid "The only other way to receive assurance points is to have had your identity checked by a third party CA, whose policies are suitably set to not let identity fraud run rampent. Please contact us if you would like more details about this."
msgstr ""
+#: www/help/2.php:62
+#, php-format
+msgid "The page has been reproduced on %s with explicit permission from %sthe author%s with the information being copyrighted to the author (name with held by request)"
+msgstr ""
+
+#: www/help/2.php:53
+msgid "The point is, as the current situation holds, you should be weary of anyone making decisions for you (i.e. pre-installed certificates in your browser), and you should be weary of anyone else's certificates that you install. But at the end of the day, it all boils down to trust. If an independent Certificate Authority seems to be reputable to you, and you can find evidence to support this claim, there's no reason why you shouldn't trust it any less than you implicitly trust the people who have already made mistakes."
+msgstr ""
+
#: www/index/0.php:21
msgid "The primary goals are:"
msgstr ""
+#: www/help/2.php:15
+msgid "The purpose of digital signing is to prove, electronically, one's identity"
+msgstr ""
+
+#: www/help/2.php:27
+msgid "The reason digital signatures prepare us for encryption is that if everyone were setup to be able to generate their own digital signatures, it would be technically very easy to make the next step from digital signatures to encryption. And that would be great for privacy, the fight against spamming, and a safer Internet."
+msgstr ""
+
+#: www/help/7.php:6
+msgid "The requests sent to the root store, are stored in a file for another process triggered by cron to parse and sign them, then stored in a reply file to be sent back to the webserver. Causing things to be separated into different users, basic privilege separation stuff. So being actually able to hack the serial daemons will only at the VERY worst cause fraudulent certificates, not the root to be revealed."
+msgstr ""
+
+#: www/help/4.php:3
+msgid "Then the system will try to generate some very random numbers to get a secure key."
+msgstr ""
+
+#: www/help/6.php:3
+msgid "Then you need to generate a Certificate Signing Request, for more details go:"
+msgstr ""
+
+#: www/help/6.php:9
+msgid "Then you need to submit the contents from the CSR file to CAcert, you need to go:"
+msgstr ""
+
+#: www/account/40.php:25 www/index/11.php:25
+msgid "There are a number of other mailing lists CAcert runs, some are general discussion, others are technical (such as the development list) or platform specific help (such as the list for Apple Mac users)"
+msgstr ""
+
#: www/wot/2.php:17
msgid "There is several ways to become a CAcert Assurer, the most common of which is face to face meetings with existing assurers, who check your ID documents (you need to show 2 government issued photo ID where possible otherwise you won't be allocated as many points!)."
msgstr ""
@@ -1307,6 +1760,10 @@ msgstr ""
msgid "There was an error and I couldn't proceed"
msgstr ""
+#: www/help/2.php:42
+msgid "There's nothing to it. I mean literally, you can already start sending your emails encrypted. Assuming of course you have your own digital signature certificate (e.g. as per above), and the person you want to send an encrypted email to also has a digital signature certificate, and has recently sent you a digitally signed email with it. If all these conditions hold, you just have to change the settings in your email software to send the email encrypted and hey presto! Your email software (probably Outlook I guess) should suss out the rest."
+msgstr ""
+
#: www/index.php:269
msgid "This email address is currently valid in the system."
msgstr ""
@@ -1315,14 +1772,34 @@ msgstr ""
msgid "This policy discloses what information we gather about you when you visit any of our Web site. It describes how we use that information and how you can control it."
msgstr ""
+#: www/help/2.php:46
+msgid "Thus, having now asked the question, you suppose that it's the people who make the browser software that have carefully decided who is a trustworthy Certificate Authority. Funnily enough, the mainstream browsers have not, historically, had public policies on how they decide whether a Certificate Authority gets added to their browser. All of the Certificate Authorities that have found themselves in the browser software, are big names, probably with big profits (so they must be doing a good job!)."
+msgstr ""
+
#: www/wot/9.php:42
msgid "To"
msgstr ""
+#: www/help/5.php:1
+msgid "To be completed"
+msgstr ""
+
#: www/wot/2.php:15
msgid "To become an Assurer"
msgstr ""
+#: www/help/2.php:33
+msgid "To fully understand, read the section directly above. I am using a free Certificate Authority to provide me with the ability to digitally sign my emails. As a result, this Certificate Authority is not (yet) recognised by your email software as it is a new organisation that is not yet fully established, although it is probably being included in the Mozilla browser. If you choose to, you can go the their site at CAcert.org to install the root certificate. You may be told that the certificate is untrusted - that is normal and I suggest that you continue installation regardless. Be aware that this implies your acceptance that you trust their secure distribution and storing of digital signatures, such as mine. (You already do this all the time). The CAcert.org root certificate will then automatically provide the safe validation of my digital signature, which I have entrusted to them. Or you can simply decide that you've wasted your time reading this and do nothing (humbug!). Shame on you! :-)"
+msgstr ""
+
+#: www/help/3.php:2
+msgid "To generate a public and private key pair and CSR for a Microsoft IIS 5 Server:"
+msgstr ""
+
+#: www/help/2.php:21
+msgid "To get from computer Internet User A to Internet User B an email may pass through tens of anonymous computers on the Internet. These 'Internet infrastructure' computers are all free to inspect and change the contents of your email as they see fit. Governments systematically browse the contents of all emails going in/out/within their country, e.g. the"
+msgstr ""
+
#: www/index/0.php:24
msgid "To provide a trust mechanism to go with the security aspects of encryption."
msgstr ""
@@ -1335,7 +1812,7 @@ msgstr ""
msgid "Town/Suburb"
msgstr ""
-#: includes/general_stuff.php:72
+#: includes/general_stuff.php:73
msgid "Translations"
msgstr ""
@@ -1343,7 +1820,15 @@ msgstr ""
msgid "Trusted Third Parties"
msgstr ""
-#: includes/general.php:281 includes/general.php:368
+#: www/help/2.php:60
+msgid "U.K. e-mail snooping bill passed"
+msgstr ""
+
+#: www/help/2.php:21
+msgid "UK Government has done this since the year 2000"
+msgstr ""
+
+#: includes/general.php:282 includes/general.php:369
#, php-format
msgid "Unable to match '%s' against any domain validated against your account."
msgstr ""
@@ -1352,6 +1837,10 @@ msgstr ""
msgid "Unable to match your details with any user accounts on file"
msgstr ""
+#: www/help/3.php:5
+msgid "Under 'Administrative Tools', open the 'Internet Services Manager'. Then open up the properties window for the website you wish to request the certificate for. Right-clicking on the particular website will open up its properties."
+msgstr ""
+
#: www/account/2.php:34 www/account/9.php:40
msgid "Unverified"
msgstr ""
@@ -1434,6 +1923,10 @@ msgstr ""
msgid "We don't use cookies to store personal information, we do use sessions, and if cookies are enabled, the session will be stored in a cookie, and we do not look for cookies, apart from the session id. However if cookies are disabled then no information will be stored on or looked for on your computer."
msgstr ""
+#: www/help/2.php:56
+msgid "WebTrust for Certification Authorities"
+msgstr ""
+
#: www/account.php:27 www/help.php:20 www/index.php:106 www/index.php:332
#: www/index.php:341 www/news.php:20
msgid "Welcome to CAcert.org"
@@ -1443,6 +1936,14 @@ msgstr ""
msgid "Welcome to your account section of the website. Below is a description of the different sections and what they're for."
msgstr ""
+#: www/help/2.php:2 www/help/2.php:14
+msgid "What is it for?"
+msgstr ""
+
+#: www/help/3.php:67
+msgid "When you have read this information, click 'Finish'."
+msgstr ""
+
#: www/account/39.php:26 www/index/10.php:26
msgid "When you post to the contact form, you must provide your name and email address. When you sign up to the website, you must provide your name, email address date of birth and some lost pass phrase question and answers."
msgstr ""
@@ -1451,6 +1952,26 @@ msgstr ""
msgid "Who"
msgstr ""
+#: www/help/2.php:3 www/help/2.php:19
+msgid "Why digitally sign your own emails?! (weirdo..)"
+msgstr ""
+
+#: www/help/2.php:6 www/help/2.php:32
+msgid "Why is the digital signature described as 'not valid/not trusted'?"
+msgstr ""
+
+#: www/help/2.php:5 www/help/2.php:29
+msgid "Why isn't it being adopted by everyone?"
+msgstr ""
+
+#: www/help/7.php:7
+msgid "Why use serial you ask? Well certificate requests are low bandwidth for starters, then of course simpler systems in security are less prone to exploits, and finally serial code is pretty mature and well tested and hopefully all exploits were found and fixed a long time ago."
+msgstr ""
+
+#: www/help/7.php:8
+msgid "With the proposed root certificate changes, there would be a new root, this would sign at least 1 sub-root, then the private key stored offline in a bank vault, with the sub-root doing all the signing, or alternatively 2 sub-roots, 1 for client certificates, one for server, the thinking behind this, if any of the sub-roots are compromised they can be revoked and reissued."
+msgstr ""
+
#: includes/account_stuff.php:159
msgid "WoT Form"
msgstr ""
@@ -1475,6 +1996,10 @@ msgstr ""
msgid "You are only allowed to Assure someone once!"
msgstr ""
+#: www/help/2.php:45
+msgid "You are putting your trust in people you don't know!"
+msgstr ""
+
#: www/wot.php:235
msgid "You are receiving this email because you have assured another member of the CAcert community."
msgstr ""
@@ -1519,6 +2044,10 @@ msgstr ""
msgid "You failed to get all answers correct, system admins have been notified."
msgstr ""
+#: www/help/3.php:21
+msgid "You have now created a public/private key pair. The private key is stored locally on your machine. The public portion is sent to CAcert in the form of a CSR."
+msgstr ""
+
#: www/wot/3.php:39
msgid "You may charge a fee for your expenses if the applicant has been advised of the amount prior to the meeting."
msgstr ""
@@ -1544,14 +2073,38 @@ msgstr ""
msgid "You now have over 50 points, and can now have your name added to client certificates, and issue server certificates for up to 2 years."
msgstr ""
+#: www/help/2.php:15
+msgid "You see this all the time on the Internet - every time you go to a secure page on a web site, for example to enter personal details, or to make a purchase, every day you browse web sites that have been digitally signed by a Certificate Authority that is accepted as having the authority to sign it. This is all invisible to the user, except that you may be aware that you are entering a secure zone (e.g. SSL and HTTPS)."
+msgstr ""
+
#: includes/account.php:249
msgid "You submitted invalid email addresses, or email address you no longer have control of. Can't continue with certificate request."
msgstr ""
+#: www/help/6.php:5
+msgid "You then need to add the domain you have control of to your account, which you can do:"
+msgstr ""
+
#: includes/account.php:1730
msgid "You tried to use an invalid language."
msgstr ""
+#: www/help/3.php:23
+msgid "You will now create a CSR. This information will be displayed on your certificate, and identifies the owner of the key to users. The CSR is only used to request the certificate. The following characters must be excluded from your CSR fields, or your certificate may not work:"
+msgstr ""
+
+#: www/help/3.php:66
+msgid "You will see a confirmation screen."
+msgstr ""
+
+#: www/help/4.php:8
+msgid "You will then be asked to enter information about your company into the certificate. Below is a valid example:"
+msgstr ""
+
+#: www/help/3.php:15
+msgid "You'll prepare the request now, but you can only submit the request via the online request forms. We do not accept CSRs via email."
+msgstr ""
+
#: www/wot.php:240
msgid "You've Assured Another Member."
msgstr ""
@@ -1568,11 +2121,11 @@ msgstr ""
msgid "Your Assurance Points"
msgstr ""
-#: www/account/40.php:20 www/index/11.php:20
+#: www/account/40.php:33 www/index/11.php:33
msgid "Your Email"
msgstr ""
-#: www/account/40.php:19 www/index/11.php:19
+#: www/account/40.php:32 www/index/11.php:32
msgid "Your Name"
msgstr ""
@@ -1588,6 +2141,10 @@ msgstr ""
msgid "Your account information has been updated."
msgstr ""
+#: www/help/2.php:16
+msgid "Your browser includes special digital (root) certificates from a number of these 'Certificate Authorities' by default, and all web sites use certificates that are validated by one of these companies, which you as a user implicitly trust every time you go to the secure part of a web site. (You might ask, who validates the security of the Certificate Authorities, and why should you trust them?!"
+msgstr ""
+
#: includes/account.php:343 includes/account.php:549 includes/account.php:598
#: includes/account.php:716 includes/account.php:1066
#: includes/account.php:1113 includes/account.php:1280
@@ -1595,6 +2152,10 @@ msgstr ""
msgid "Your certificate request has failed to be processed correctly, please try submitting it again."
msgstr ""
+#: www/help/3.php:34
+msgid "Your country, state and city."
+msgstr ""
+
#: includes/account.php:162
#, php-format
msgid "Your default email address has been updated to '%s'."
@@ -1628,10 +2189,22 @@ msgstr ""
msgid "Your message has been sent."
msgstr ""
+#: www/help/3.php:48
+msgid "and"
+msgstr ""
+
#: www/account/13.php:47 www/index/1.php:42 www/index/5.php:26
msgid "dd/mm/yyyy"
msgstr ""
+#: www/help/6.php:3 www/help/6.php:5 www/help/6.php:9
+msgid "here"
+msgstr ""
+
+#: www/help/3.php:49
+msgid "lines. Do not copy any extra line feeds or carriage returns at the beginning or end of the certificate. Save the certificate into a text editor like Notepad. Save the certificate with an extension of .cer and a meaningful name like certificate.cer"
+msgstr ""
+
#: www/account/13.php:32 www/account/13.php:42 www/index/1.php:27
#: www/index/1.php:37
msgid "optional"
@@ -1646,3 +2219,7 @@ msgstr ""
#: www/account/6.php:43
msgid "to install your certificate."
msgstr ""
+
+#: www/help/4.php:7
+msgid "writing new private key to 'private.key'"
+msgstr ""
diff --git a/pages/account/40.php b/pages/account/40.php
index 2a388b5..f7b7081 100644
--- a/pages/account/40.php
+++ b/pages/account/40.php
@@ -14,6 +14,19 @@
*/ ?>
=_("Contact Us")?>
+=_("General Questions")?>
+=_("General questions about CAcert should be sent to the general support list, this list has many more volunteers then those directly involved with the running of the website.")?>
+=_("Click here to go to the Support List")?>
+
+IRC
+irc://irc.CAcert.org/CAcert
+
+=_("Other Mailing Lists")?>
+=_("There are a number of other mailing lists CAcert runs, some are general discussion, others are technical (such as the development list) or platform specific help (such as the list for Apple Mac users)")?>
+=_("Click here to view all lists available")?>
+
+=_("Sensitive Information")?>
+=_("If you have questions, comments or otherwise and information you're sending to us contains sensitive details, you should use the contact form below. Sending general questions via this contact form will generally take longer then using the support mailing list.")?>
+=_("Snail Mail")?>
=_("Alternatively you can get in contact with us via the following methods:")?>
=_("Postal Address:")?>
@@ -30,7 +44,3 @@ CAcert Inc.
P.O. Box 75
Banksia NSW 2216
Australia
-
-IRC
-irc://irc.CAcert.org/CAcert
-
diff --git a/pages/help/1.php b/pages/help/1.php
new file mode 100644
index 0000000..ba916d7
--- /dev/null
+++ b/pages/help/1.php
@@ -0,0 +1,457 @@
+ CERTIFICATE RETRIEVAL
+
+
+STATUS OF THIS MEMO
+
+ This document is an Internet-Draft and is subject to all provisions of
+ Section 10 of RFC2026..
+
+INTRODUCTION
+
+ The CERTIFICATE RETRIEVAL Service is a TCP transaction based query/response
+ server, running on port xxxxx, that provides directory service for internet
+ users to automate the task of retrieving certificates based on email
+ addresses or hostnames.
+
+ This service, together with a corresponding database of X.509 certificates
+ can be used to automate security in conjunction with the 802.1x protocol
+ for authentication and encryption, webmail services, and email in general
+ that employ s/mime to encrypt replies to authors could request a certificate
+ via the service rather then requiring the user to supply it up front, so as
+ long as you know the email address and they have signed up for a certificate
+ the message can be encrypted.
+
+ This method of distributing client certificates isn't intended for extremely
+ sensitive material, but merely to protect day to day emails that are currently
+ being sent as clear text. The security risk in this method isn't more likely
+ to succeed then signing an email and distributing the certificate in that
+ manner.
+
+PROTOCOL
+
+ To access the CERTIFICATE RETRIEVAL service:
+
+ Connect to the service host on TCP service port xxxxx
+ (decimal).
+
+ Send a single "command line", ending with (ASCII CR and
+ LF).
+
+ Receive information in response to the command line. The server
+ closes its connection as soon as the output is finished.
+
+ Extention to Service:
+
+ This service could be extended to relay services that worked inline
+ with Certificate Authorities to cache responses and verify the
+ certificates were still valid using OCSP services. Using the relay
+ method it would be easier to include additional Certificate
+ Authorities, instead of issuing client software updates every time a
+ new Certificate Authority commenced operations, or alternatively
+ ceased to operate.
+
+ Due to political concerns more then technical issues relay services
+ should be run by impartial parties that don't have a vested interest
+ in competing with other Certificate Authorities so no user would be
+ disadvantaged.
+
+SECURITY ISSUES
+
+ Spam:
+
+ Obviously this would open a potential method for spammers to validate
+ their spam lists, and sending encrypted spam which may bypass current
+ spam filters. This system to an extent mimics the PGP Key Exchange
+ service, unlike the PGP Key Exchange there will be no effort to allow
+ searching apart from exact email or hostnames. At time of writting
+ there are no documented attempts to exploit the PGP Key Exchange for
+ the purposes of spam. Certificate Authorities should offer a way for
+ their users to opt out of this method of distributing public
+ certificates.
+
+ Transfer:
+
+ Due to the nature of X.509 it would be highly improbable that the
+ certificates could be compromised if they passed via a compromised
+ relay, or as the information is passed via any communications medium.
+ After the certificate is received issuer, CRL and OCSP checks should
+ be performed by client software as per normal with any certificate
+ received by other methods.
+
+SIMILAR SERVICES
+
+ LDAP:
+
+ LDAP can already be used in a method similar to described in this
+ document, however a simpler approach to security through an extremely
+ simple, efficient method of distributing without the need for bulky libs
+ and wrappers would help adoption and help increase security in general.
+
+ PGP Key Exchange:
+
+ Has much more extended capabilities although the concept is basically
+ the same, an easy method of distributing public keys.
+
+ OCSP/CRL:
+
+ Much simpler services only responding to requests about validity of
+ a certificate presented to them, will not respond with a copy of the
+ certificate.
+
+COMMAND LINES AND REPLIES
+
+ A command line is normally a single name specification. Note that
+ the specification formats will evolve with time; the best way to
+ obtain the most recent documentation on name specifications is to
+ give the server a command line consisting of "?" (that is, a
+ question-mark alone as the name specification). The response from
+ the server will list all possible formats that can be used.
+ The responses are currently intended to be machine-readable; the
+ information is not meant to be passed back directly to a human user. The
+ following three examples illustrate the use of the service as of February
+ 2004.
+
+ ---------------------------------------------------------------------
+
+ Command line: ?
+ Response:
+
+ Please enter an email address or hostname, such as "www.cacert.org".
+
+ ---------------------------------------------------------------------
+
+ Command line: myisp.com
+ Response:
+ No valid certificate available.
+
+ ---------------------------------------------------------------------
+
+ Command line: www.cacert.org
+ Response:
+ -----BEGIN CERTIFICATE-----
+ MIIFiTCCA3GgAwIBAgICAjYwDQYJKoZIhvcNAQEEBQAweTEQMA4GA1UEChMHUm9v
+ dCBDQTEeMBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlD
+ QSBDZXJ0IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0
+ QGNhY2VydC5vcmcwHhcNMDMwNDAyMDAzNzU2WhcNMDUwNDAxMDAzNzU2WjCBmjEL
+ MAkGA1UEBhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MRAwDgYD
+ VQQKEwdDQSBDZXJ0MR4wHAYDVQQLExVTZXJ2ZXIgQWRtaW5pc3RyYXRpb24xFzAV
+ BgNVBAMTDnd3dy5jYWNlcnQub3JnMSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNh
+ Y2VydC5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMWKlVe5/cfDZiPq
+ WZTUGvgLA4dbvj/cBJXZgkz6aIvKuBhZ+cXob/xc6tkL20NdXZIW6WIzaGk6SU0a
+ vu6grLlHumwuXrFGPNRb8HyRQrvWzgD73Est+CDfLo+Omq55UjDDH0TZoAMV3L0N
+ Gb/S7YZeYHNcUzAHcXTE1//LyS8bAgMBAAGjggF7MIIBdzAMBgNVHRMBAf8EAjAA
+ MCoGA1UdJQQjMCEGCCsGAQUFBwMBBglghkgBhvhCBAEGCisGAQQBgjcKAwMwCwYD
+ VR0PBAQDAgUgMB0GA1UdDgQWBBTN0mx8ONpAgO9SaMf5KcKmDjFgDjCBowYDVR0j
+ BIGbMIGYgBQWtTIb1Mfz4OaO873SsDrusjkY0aF9pHsweTEQMA4GA1UEChMHUm9v
+ dCBDQTEeMBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlD
+ QSBDZXJ0IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0
+ QGNhY2VydC5vcmeCAQAwEQYJYIZIAYb4QgEBBAQDAgZAMFYGCWCGSAGG+EIBDQRJ
+ FkdUbyBnZXQgeW91ciBvd24gY2VydGlmaWNhdGUgZm9yIEZSRUUgaGVhZCBvdmVy
+ IHRvIGh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzANBgkqhkiG9w0BAQQFAAOCAgEAc7vb
+ l/zrCweRmHo8dQw7fpvX4KibbpZ5fXT9c1tn+oIUxV1erDI3r5YW6Cha8XIDhMxJ
+ tKPXdyAkrzEt3SrQrFy/KndMCjS1ypic2g/IhUjnB7FnH7Jc3RF+w3GX6OO38XtQ
+ ydcQk2qD125W7Kl6cgSXjauVz2AyjetHi0jA+SRcmnlIRafKLEDPsnc/1A6CFd4C
+ e8J+mrSA4FPOwf1ezAEJAlsBNiM2oIcfbWjrUR/dfaBrGweBQS/mgXxSXJWJnFQI
+ wNE47X3ibISAgT74p/zqdVoYBQEXe0LDNsmFU6eqc8OyLEKW3BIgfQxtGxKCLCsA
+ G/TjfjxGRhi1FlX9ZPvuWGfV0ks0gMa/VDM7V37LMhVViyTHNTmKuHsOa7UAz/5x
+ qJo/ruLuCfGF9Z8jfj0197J0LMQSr09YQ/JSDJE6IFE59/6ju7+Py+2NDRsiqo+/
+ qi/4SGbXakOXqJv92NHLqD/jdq8D8RIPggQ2RGG7aNQ5bpmnZk6KEJH9jD50LAs1
+ kU+KI/v8o94ZBz+MDhNgJpwT5R/Vvnri2iT9mIysfpCuZCZC6KJKN8rXT031ocmx
+ CJyaTBopnpnHwGu238IAMSpq9nPibhCb0OlqMVHdid9qPr8iZDWVhgmgDasigS5Y
+ lzsrd9lRVDVN5HITUCFG3Qr5xx7ltSouj/dkykg=
+ -----END CERTIFICATE-----
+
+ ---------------------------------------------------------------------
+
+EXAMPLE CODE
+
+ ---------------------------------------------------------------------
+
+/*
+ Copyright Jeremey Barrett 2004 for CAcert.org
+ You may create derivative works, as long as this copyright notice remains at the top
+*/
+
+/*
+ Example finger daemon that can return certificates from a database.
+ Currently only tested on debian stable.
+ use the following command to build program
+ gcc -o cacert-finger cacert-finger.c -I/usr/include/mysql -L/usr/lib \
+ -lmysqlclient -lz -DUSE_MYSQL
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/select.h>
+#include <netinet/in.h>
+
+#ifdef USE_MYSQL
+#include <mysql.h>
+#endif
+
+#ifdef USE_MYSQL
+static MYSQL mysql_db;
+#endif
+
+#define DEFAULT_PORT 79
+
+#define EMAIL_QUERY "select CRT from certs where `EMAIL`='%s' and \
+ `revoked`='0000-00-00 00:00:00'"
+#define DOMAIN_QUERY "select CRT from domaincerts where \
+ `revoked`='0000-00-00 00:00:00' and `CN`='%s'"
+#define WILD_DOMAIN_QUERY "select CRT from domaincerts where \
+ `revoked`='0000-00-00 00:00:00' and (`CN`='%s' OR `CN`='%s')"
+
+void err_exit(void)
+ {
+ perror("");
+ exit(1);
+ }
+
+
+#ifdef USE_MYSQL
+void do_mysql(int client_fd, char *query)
+ {
+ MYSQL_RES *res;
+ MYSQL_ROW row;
+ char *cert;
+
+ if(!(mysql_real_connect(&mysql_db, "host", "username", "password",
+ "database", 0, "/var/run/mysqld/mysqld.sock", 0) != NULL))
+ {
+ printf(mysql_error(&mysql_db));
+ exit(1);
+ }
+
+ if(mysql_real_query(&mysql_db, query, strlen(query)))
+ goto _err_return;
+
+ res = mysql_store_result(&mysql_db);
+ if(mysql_num_rows(res) > 0)
+ {
+ row = mysql_fetch_row(res);
+
+ if(!row[0])
+ goto _free_res_return;
+
+ cert = strstr(row[0], "-----BEGIN CERTIFICATE");
+ if(cert) {
+ char *response;
+ int response_len = strlen(cert)+2;
+
+ response = (char *)calloc(1, response_len+1);
+ if(!response)
+ goto _free_res_return;
+ memcpy(response, cert, response_len-2);
+ response[response_len-2] = '\r';
+ response[response_len-1] = '\n';
+
+ /* should be checked for errors, more writing */
+ write(client_fd, response, response_len);
+
+ free(response);
+ } }
+
+ _free_res_return:
+ mysql_free_result(res);
+
+ _err_return:
+ mysql_close(&mysql_db);
+ }
+#endif
+
+
+int read_line(int fd, char *buf, int size)
+ {
+ int n = 0;
+ int t = 0;
+ char *p;
+ char *q;
+
+ for(; t < size; ) {
+ n = read(fd, buf+t, size-t);
+ if(n < 0) {
+ switch(errno) {
+ case EINTR:
+ continue;
+
+ default:
+ return -1;
+ }
+ }
+
+ if(n == 0) {
+ return t;
+ }
+
+ if(t)
+ p = buf+t-1;
+ else
+ p = buf;
+
+ for(; *p && *p != '\n' && *p != '\r'; p++);
+
+ if(*p) {
+ *p = 0;
+ t = p-buf;
+ return t;
+ }
+
+ t += n;
+ }
+
+ return -1;
+ }
+
+
+int handle_request(int fd)
+ {
+ char *buf;
+ int buf_size;
+ int len;
+ int i;
+ int email_query = 0;
+ char query[4096]; /* ugly */
+ char *email = NULL;
+ char *domain = NULL;
+ char *wildcard = NULL;
+
+ buf_size = 2048;
+
+ buf = (char *)calloc(1, buf_size);
+ if(!buf)
+ return -1;
+
+ if((len = read_line(fd, buf, buf_size-1)) <= 0)
+ goto _free_return;
+
+ memset(buf+len, 0, buf_size-len);
+
+ if(strchr(buf, '@')) {
+ email_query = 1;
+ email = buf;
+ }
+ else {
+ char *p;
+ char *q;
+
+ p = strchr(buf, '.');
+ if(p) {
+ q = strchr(p+1, '.');
+ if(q) {
+ wildcard = (char *)calloc(1, strlen(p)+2);
+ if(wildcard) {
+ *wildcard = '*';
+ memcpy(wildcard+1, p, strlen(p));
+ }
+ }
+ }
+
+ domain = buf;
+ }
+
+ memset(query, 0, sizeof(query));
+
+ if(email_query) {
+ snprintf(query, sizeof(query)-2, EMAIL_QUERY, email);
+ }
+ else {
+ if(wildcard && strcmp(wildcard, domain))
+ snprintf(query, sizeof(query)-2, WILD_DOMAIN_QUERY, domain, wildcard);
+ else
+ snprintf(query, sizeof(query)-2, DOMAIN_QUERY, domain);
+
+ if(wildcard)
+ free(wildcard);
+ }
+
+
+ /* go and do MySQL stuff here */
+
+#ifdef USE_MYSQL
+ do_mysql(fd, query);
+#else
+ strcat(query, "\n");
+ write(fd, query, strlen(query));
+#endif
+
+
+ _free_return:
+ free(buf);
+ return 0;
+ }
+
+
+int main(int argc, char **argv)
+ {
+ struct sockaddr_in server_sock;
+ struct sockaddr_in client_sock;
+ int client_addr_size;
+ int server_fd = -1;
+ int client_fd = -1;
+ int pid;
+
+ /* take command line args, e.g. -p <port>, later */
+
+ if ((pid=fork()) < 0)
+ {
+ perror ("Fork failed");
+ exit(errno);
+
+
+ }
+
+ if (pid)
+ {
+ exit(0);
+ }
+
+ server_fd = socket(PF_INET, SOCK_STREAM, 0);
+ if(server_fd < 0)
+ err_exit();
+
+ memset(&server_sock, 0, sizeof(server_sock));
+
+ server_sock.sin_family = AF_INET;
+ server_sock.sin_addr.s_addr = INADDR_ANY;
+ server_sock.sin_port = htons(DEFAULT_PORT);
+
+ if(bind(server_fd, (struct sockaddr *)&server_sock,
+ sizeof(struct sockaddr_in)) < 0)
+ err_exit();
+
+ if(listen(server_fd, 64) < 0)
+ err_exit();
+
+ setgid(65534);
+ setuid(65534);
+
+ for(;;) {
+ memset(&client_sock, 0, sizeof(client_sock));
+ client_addr_size = sizeof(client_sock);
+
+ client_fd = accept(server_fd,
+ (struct sockaddr *)&client_sock, &client_addr_size);
+ if(client_fd < 0)
+ err_exit();
+
+ if(handle_request(client_fd) < 0)
+ break;
+
+ close(client_fd);
+ client_fd = -1;
+ }
+
+ if(client_fd >= 0)
+ close(client_fd);
+
+ close(server_fd);
+
+ exit(0);
+ }
diff --git a/pages/help/2.php b/pages/help/2.php
new file mode 100644
index 0000000..777764b
--- /dev/null
+++ b/pages/help/2.php
@@ -0,0 +1,62 @@
+
+
+=_("What is it for?")?>
+=_("The purpose of digital signing is to prove, electronically, one's identity")?>. =_("You see this all the time on the Internet - every time you go to a secure page on a web site, for example to enter personal details, or to make a purchase, every day you browse web sites that have been digitally signed by a Certificate Authority that is accepted as having the authority to sign it. This is all invisible to the user, except that you may be aware that you are entering a secure zone (e.g. SSL and HTTPS).")?>
+=_("Your browser includes special digital (root) certificates from a number of these 'Certificate Authorities' by default, and all web sites use certificates that are validated by one of these companies, which you as a user implicitly trust every time you go to the secure part of a web site. (You might ask, who validates the security of the Certificate Authorities, and why should you trust them?!")?>.... =_("Good question")?>.)
+=_("Digital signing thus provides security on the Internet.")?>
+
+=_("Why digitally sign your own emails?! (weirdo..)")?>
+=_("Emails are not secure. In fact emails are VERY not secure!")?>
+=_("To get from computer Internet User A to Internet User B an email may pass through tens of anonymous computers on the Internet. These 'Internet infrastructure' computers are all free to inspect and change the contents of your email as they see fit. Governments systematically browse the contents of all emails going in/out/within their country, e.g. the")?> =_("UK Government has done this since the year 2000")?>. (=_("How it prepares us to protect our freedom")?>). =_("Ever requested a password that you lost to be emailed to you? That password was wide open to inspection by potential crackers.")?>
+=_("As anyone who has received an email containing a virus from a strange address knows, emails can be easily spoofed. The identity of the sender is very easy to forge via email. Thus a great advantage is that digital signing provides a means of ensuring that an email is really from the person you think it is. If everyone digitally signed their emails, it would be much easier to know whether an email is legitimate and unchanged and to the great relief of many, spamming would be much easier to control, and viruses that forge the sender's address would be obvious and therefore easier to control.")?>
+
+=_("How it prepares us to protect our freedom")?>
+=_("But perhaps, fundamentally, the most important reason for digital signing is awareness and privacy. It creates awareness of the (lack of) security of the Internet, and the tools that we can arm ourselves with to ensure our personal security. And in sensitising people to digital signatures, we become aware of the possibility of privacy and encryption.")?>
+=_("Most people would object if they found that all their postal letters are being opened, read and possibly recorded by the Government before being passed on to the intended recipient, resealed as if nothing had happened. And yet this is what happens every day with your emails (in the UK). There are some who have objected to this intrusion of privacy, but their voices are small and fall on deaf ears. However the most effective way to combat this intrusion is to seal the envelope shut in a miniature bank vault, i.e. encrypt your email. If all emails were encrypted, it would be very hard for Government, or other organisations/individual crackers, to monitor the general public. They would only realistically have enough resources to monitor those they had reason to suspect. Why? Because encryption can be broken, but it takes a lot of computing power and there wouldn't be enough to monitor the whole population of any given country.")?>
+=_("The reason digital signatures prepare us for encryption is that if everyone were setup to be able to generate their own digital signatures, it would be technically very easy to make the next step from digital signatures to encryption. And that would be great for privacy, the fight against spamming, and a safer Internet.")?>
+
+=_("Why isn't it being adopted by everyone?")?>
+=_("Of the biggest reasons why most people haven't started doing this, apart from being slightly technical, the reason is financial. You need your own certificate to digitally sign your emails. And the Certificate Authorities charge money to provide you with your own certificate. Need I say more. Dosh = no thanks I'd rather walk home. But organisations are emerging to provide the common fool in the street with a free alternative. However, given the obvious lack of funding and the emphasis on money to get enrolled, these organisations do not yet have the money to get themselves established as trusted Certificate Authorities. Thus it is currently down to trust. The decision of the individual to trust an unknown Certificate Authority. However once you have put your trust in a Certificate Authority you can implicitly trust the digital signatures generated using their certificates. In other words, if you trust (and accept the certificate of) the Certificate Authority that I use, you can automatically trust my digital signature. Trust me!")?>
+
+=_("Why is the digital signature described as 'not valid/not trusted'?")?>
+=_("To fully understand, read the section directly above. I am using a free Certificate Authority to provide me with the ability to digitally sign my emails. As a result, this Certificate Authority is not (yet) recognised by your email software as it is a new organisation that is not yet fully established, although it is probably being included in the Mozilla browser. If you choose to, you can go the their site at CAcert.org to install the root certificate. You may be told that the certificate is untrusted - that is normal and I suggest that you continue installation regardless. Be aware that this implies your acceptance that you trust their secure distribution and storing of digital signatures, such as mine. (You already do this all the time). The CAcert.org root certificate will then automatically provide the safe validation of my digital signature, which I have entrusted to them. Or you can simply decide that you've wasted your time reading this and do nothing (humbug!). Shame on you! :-)")?>
+
+=_("But, er, is this really proof of your email identity?")?>
+=_("Security is a serious matter. For a digital certificate with full rights to be issued to an individual by a Certificate Authority, stringent tests must be conducted, including meeting the physical person to verify their identity. At the current moment in time, my physical identity has not been verified by CAcert.org, but they have verified my email address. Installing their root certificate (see above) will thus automatically allow you to validate my digital signature. You can then be confident of the authenticity of my email address - only I have the ability to digitally sign my emails using my CAcert.org certificate, so if you get an email that I digitally signed and which is validated by your email software using the cacert.org root certificate that you installed, you know it's from me. (Visually you get a simple indication that my email is signed and trusted). Technically, they haven't verified that I really am me! But you have the guarantee that emails from my address are sent by the person who physically administers that address, i.e. me! The only way that someone could forge my digital signature would be if they logged on to my home computer (using the password) and ran my email software (using the password) to send you a digitally signed email from my address. Although I have noticed the cats watching me logon...")?>
+
+=_("Cool man! How do I create my own digital signature?!")?>
+=_("Easy. Ish. Go to CAcert.org, install their root certificate and then follow their joining instructions. Once you have joined, request a certificate from the menu. You will receive an email with a link to the certificate. Click on the link from your email software, and hopefully it will be seamlessly installed. Next find the security section of the settings in your email software and configure digital signatures using the certificate you just downloaded. Hmm. Call me if you want, I'll guide you through it.")?>
+
+=_("I can't wait to start sending encrypted emails!")?>
+=_("There's nothing to it. I mean literally, you can already start sending your emails encrypted. Assuming of course you have your own digital signature certificate (e.g. as per above), and the person you want to send an encrypted email to also has a digital signature certificate, and has recently sent you a digitally signed email with it. If all these conditions hold, you just have to change the settings in your email software to send the email encrypted and hey presto! Your email software (probably Outlook I guess) should suss out the rest.")?>
+
+=_("Notes for the strangely curious")?>
+=_("You are putting your trust in people you don't know!")?>
=_("One assumes that if a site has an SSL certificate (that's what enables secure communication, for exchanging personal details, credit card numbers, etc. and gives the 'lock' icon in the browser) that they have obtained that certificate from a reliable source (a Certificate Authority), which has the appropriate stringent credentials for issuing something so vital to the security of the Internet, and the security of your communications. You have probably never even asked yourself the question of who decided to trust these Certificate Authorities, because your browser comes with their (root) certificates pre-installed, so any web site that you come across that has an SSL certificate signed by one of them, is automatically accepted (by your browser) as trustworthy.")?>
+=_("Thus, having now asked the question, you suppose that it's the people who make the browser software that have carefully decided who is a trustworthy Certificate Authority. Funnily enough, the mainstream browsers have not, historically, had public policies on how they decide whether a Certificate Authority gets added to their browser. All of the Certificate Authorities that have found themselves in the browser software, are big names, probably with big profits (so they must be doing a good job!).")?>
+=_("That situation has changed, and Internet Explorer, being the most obvious example, now insists that any Certificate Authorities are 'audited' by an 'independent' organisation, the American Institute for Certified Public Accountant's (AICPA). So now, if you have the money needed (from US$75000 up to US$250000 and beyond) you can get these accountants, who clearly know a lot about money, to approve you as having the required technical infrastructure and business processes to be a Certificate Authority. And they get a nice wad of money for the pleasure. And the Certificate Authorities, having a kind of monopoly as a result, charge a lot for certificates and also get a nice wad of money. And everyone's happy.")?>
+=_("But, with all this money, and all this responsibility, they must be taking a lot of care to ensure the Certificate Authorities do their jobs well, and keep doing their jobs well, right? Well right?!")?>
+=_("And they are making mistakes")?>
+=_("So if you don't pass the audit, you don't get to be a Certificate Authority. And to pass the audit, well, you've got to show that you can do a good job issuing certificates. That they're secure, you only give them to the right people, etc. So what happens when you make a mistake and you erroneously issue a certificate that risks the entire Internet browsing population, like Verisign did? Well, er, nothing actually. They already paid for their audit, and damn it, they're so big now, we couldn't possibly revoke their Certificate Authority status. (There's too much money at stake!)")?>
+
+=_("So, dammit, what's the point of all this then?")?>
+=_("The point is, as the current situation holds, you should be weary of anyone making decisions for you (i.e. pre-installed certificates in your browser), and you should be weary of anyone else's certificates that you install. But at the end of the day, it all boils down to trust. If an independent Certificate Authority seems to be reputable to you, and you can find evidence to support this claim, there's no reason why you shouldn't trust it any less than you implicitly trust the people who have already made mistakes.")?>
+=_("References")?>
+=_("Ten Risks of PKI: What You're not Being Told about Public Key Infrastructure")?> - http://www.counterpane.com/pki-risks.pdf
+=_("WebTrust for Certification Authorities")?> - http://www.webtrust.org/certauth.htm
+=_("Erroneous Verisign Issued Digital Certificates Pose Spoofing Hazard")?> - http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-017.asp
+=_("Microsoft Root Certificate Program")?> - http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/news/rootcert.asp
+=_("The Regulation of Investigational Powers Act (RIPA) ('Snooping Bill' official gov site, UK)")?> - http://www.homeoffice.gov.uk/crimpol/crimreduc/regulation/index.html
+=_("U.K. e-mail snooping bill passed")?> (UK) - http://www.cnn.com/2000/TECH/computing/07/28/uk.surveillance.idg/
+=_("Disclaimer : These are the author's opinions, but they should not be considered 'truth' without personal verification. The author may have made mistakes and any mistakes will be willingly rectified by contacting the administrator of elucido.net, contact details available from the normal domain registration information services (e.g. whois.net). No recommendation to install a Certificate Authority's root certificate is either intended nor implied.")?>
+ printf(_("The page has been reproduced on %s with explicit permission from %sthe author%s with the information being copyrighted to the author (name with held by request)"), "CAcert.org", "", "")?>
diff --git a/pages/help/3.php b/pages/help/3.php
new file mode 100644
index 0000000..3a5f546
--- /dev/null
+++ b/pages/help/3.php
@@ -0,0 +1,71 @@
+=_("Generating a Key Pair and Certificate Signing Request (CSR) for a Microsoft Internet Information Server (IIS) 5.0.")?>
+=_("To generate a public and private key pair and CSR for a Microsoft IIS 5 Server:")?>
+
+ - =_("Key generation process")?>
+ =_("Under 'Administrative Tools', open the 'Internet Services Manager'. Then open up the properties window for the website you wish to request the certificate for. Right-clicking on the particular website will open up its properties.")?>
+ " />
+ " />
+ - =_("Open Directory Security folder")?>
+ =_("In the 'Directory Security' folder click on the 'Server Certificate' button in the 'Secure communications' section. If you have not used this option before the 'Edit' button will not be active.")?>
+ " />
+ - =_("Select 'Create a new certificate'")?>
+ =_("Now 'Create a new certificate'.")?>
+ " />
+ - =_("Prepare the request")?>
+ =_("You'll prepare the request now, but you can only submit the request via the online request forms. We do not accept CSRs via email.")?>
+ " />
+ - =_("Enter a certificate name and select Certificate strength")?>
+ =_("Select 'Bit length'. We advise a key length of 1024 bits.")?>
+ " />
+
+ =_("You have now created a public/private key pair. The private key is stored locally on your machine. The public portion is sent to CAcert in the form of a CSR.")?>
+
+ =_("You will now create a CSR. This information will be displayed on your certificate, and identifies the owner of the key to users. The CSR is only used to request the certificate. The following characters must be excluded from your CSR fields, or your certificate may not work:")?> ! @ # $ % ^ * ( ) ~ ? > < & / \
+
+ - =_("Enter your Organisation Information")?>
+ =_("Enter the Organisation name: this must be the full legal name of the Organisation that is applying for the certificate.")?>
+
+ =_("The Organisational Unit field is the 'free' field. It is often the department or Server name for reference.")?>
+ " />
+ - =_("Enter your Common Name")?>
+ =_("The Common Name is the fully qualified host and Domain Name or website address that you will be securing. Both 'www.cacert.org' and 'secure.cacert.com' are valid Common Names. IP addresses are usually not used.")?>
+ " />
+ - =_("Enter the geographical details")?>
+ =_("Your country, state and city.")?>
+ " />
+ - =_("Choose a filename to save the request to")?>
+ =_("Select an easy to locate folder. You'll have to open this file up with Notepad. The CSR must be copied and pasted into our online form. Once the CSR has been submitted, you won't need this CSR any more as IIS won't reuse old CSR to generate new certificates.")?>
+ " />
+ - =_("Confirm your request details")?>
+
+=_("Finish up and exit IIS Certificate Wizard")?>
+
+=_("Certificate Installation process for IIS 5.0")?>
+=_("After your certificate has been emailed to you, follow this process to install the certificate.")?>
+
+ - =_("Saving the certificate")?>
+ =_("Copy the contents of the email including the ")?>
+ -----BEGIN CERTIFICATE-----
=_("and")?>
+ -----END CERTIFICATE-----
=_("lines. Do not copy any extra line feeds or carriage returns at the beginning or end of the certificate. Save the certificate into a text editor like Notepad. Save the certificate with an extension of .cer and a meaningful name like certificate.cer")?>
+ " />
+ - =_("Installation steps")?>
+ =_("Return to the 'Internet Information Services' screen in 'Administrative Tools' under 'Control Panel'. Right click on 'Default Web Site' and select 'Properties'.")?>
+ " />
+ - =_("Select the Directory Security tab")?>
+ =_("Select 'Server Certificate' at the bottom of the tab in the 'Secure communications' section.")?>
+ " />
+ - =_("In the 'IIS Certificate Wizard' you should find a 'Pending Certificate Request'.")?>
+ =_("Ensure 'Process the pending request and install the certificate' is selected and click on 'Next'.")?>
+ " />
+ - =_("Browse to the location you saved the .cer file to in step 1")?>
+ =_("Select the .cer file and click 'Next'.")?>
+ " />
+ - =_("Ensure that you are processing the correct certificate")?>
+ =_("...then click 'Next'.")?>
+ " />
+ - =_("You will see a confirmation screen.")?>
+ =_("When you have read this information, click 'Finish'.")?>
+ " />
+
+ =_("And you're done!")?>
+ =_("For more information, refer to your server documentation or visit")?> =_("Microsoft Support Online")?>.
diff --git a/pages/help/4.php b/pages/help/4.php
new file mode 100644
index 0000000..6b27a9e
--- /dev/null
+++ b/pages/help/4.php
@@ -0,0 +1,28 @@
+=_("Firstly you will need to run the following command, preferably in secured directory no one else can access, however protecting your private keys is beyond the scope of this document.")?>
+# openssl req -nodes -new -keyout private.key -out server.csr
+=_("Then the system will try to generate some very random numbers to get a secure key.")?>
+=_("Generating a 1024 bit RSA private key")?>
+ ...++++++
+ ....++++++
+=_("writing new private key to 'private.key'")?>
+=_("You will then be asked to enter information about your company into the certificate. Below is a valid example:")?>
+=_("Country Name (2 letter code) [AU]:")?>AU
+ =_("State or Province Name (full name) [NSW]:")?>NSW
+ =_("Locality Name (eg, city) [Sydney]:")?>Sydney
+ =_("Organization Name (eg, company) [XYZ Corp]:")?>CAcert Inc.
+ =_("Organizational Unit Name (eg, section) [Server Administration]:.")?>
+ =_("Common Name (eg, YOUR name) []:")?>www.cacert.org
+ =_("Email Address")?> []:support@cacert.org
+=_("Finally you will be asked information about 'extra' attribute, you simply hit enter to both these questions.")?>
+=_("Next step is that you submit the contents of server.csr to the CAcert website, it should look *EXACTLY* like the following example otherwise the server may reject your request because it appears to be invalid.")?>
+-----BEGIN CERTIFICATE REQUEST-----
+ MIIBezCB5QIBADA8MRcwFQYDVQQDEw53d3cuY2FjZXJ0Lm9yZzEhMB8GCSqGSIb3
+ DQEJARYSc3VwcG9ydEBjYWNlcnQub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+ iQKBgQDQd1+ut4TJLWZf5A9r3D17Kob+CNwz/jfCOYrH0P6q1uw4jfSyrWUeSaVc
+ 59Xjpov8gRctlAuWM9KavkLSF6vcNdDEbvUYnL/+ixdmVE9tlXuSFEGz0GAF5faf
+ QZe30wk+2hnC6P+rwclypOhkTXtWgvSHPZg9Cos8xqDyv589QwIDAQABoAAwDQYJ
+ KoZIhvcNAQEEBQADgYEAJruzBZr4inqaeidn1m2q47lXZUWjgsrp3k3bFJ/HCb3S
+ 2SgVqHFrOisItrr7H0Dw2EcPhIrRokRdjIAwwlxG9v21eFaksZUiaP5Yrmf89Njk
+ HV+MZXxbC71NIKrnZsDhHibZslICh/XjdPP7zfKMlHuaaz1oVAmu9BlsS6ZXkVA=
+-----END CERTIFICATE REQUEST-----
+=_("Once you've submitted it the system will process your request and send an email back to you containing your server certificate.")?>
diff --git a/pages/help/5.php b/pages/help/5.php
new file mode 100644
index 0000000..d504956
--- /dev/null
+++ b/pages/help/5.php
@@ -0,0 +1 @@
+=_("To be completed")?>
diff --git a/pages/help/6.php b/pages/help/6.php
new file mode 100644
index 0000000..3f332e8
--- /dev/null
+++ b/pages/help/6.php
@@ -0,0 +1,11 @@
+=_("Firstly you need to join CAcert to do that go:")?> =("here")?>
+
+=_("Then you need to generate a Certificate Signing Request, for more details go:")?> =_("here")?>
+
+=_("You then need to add the domain you have control of to your account, which you can do:")?> =_("here")?>
+
+=_("System will send you an email with a link in it, you just open the link in a webbrowser.")?>
+
+=_("Then you need to submit the contents from the CSR file to CAcert, you need to go:")?> =_("here")?>
+
+=_("CAcert then sends you an email with a signed copy of your certificate. Hopefully the rest should be pretty straight forward.")?>
diff --git a/pages/help/7.php b/pages/help/7.php
new file mode 100644
index 0000000..1c92bd6
--- /dev/null
+++ b/pages/help/7.php
@@ -0,0 +1,9 @@
+=_("In light of a request on the bugzilla list for more information about how our root certificate is protected I've decided to do a write up here and see if there is anything more people suggest could be done, or a better way of handling things altogether.")?>
+=_("Currently there is 2 main servers, one for webserver, one for root store, with the root store only connected to the webserver via serial cable, with a daemon running as non-root processes on each end of the serial listening/sending requests/info.")?>
+=_("If the root store detects a bad request it assumes the webserver is compromised and shuts itself down.")?>
+=_("If the root store doesn't receive a 'ping' reply over the serial link within a determined amount of time it assumes the webserver is compromised or the root store itself has been stolen and shuts itself down.")?>
+=_("Apart from the boot stuff, all data resides on an encrypted partition on the root store server and only manual intervention in the boot up process by entering the password will start it again.")?>
+=_("The requests sent to the root store, are stored in a file for another process triggered by cron to parse and sign them, then stored in a reply file to be sent back to the webserver. Causing things to be separated into different users, basic privilege separation stuff. So being actually able to hack the serial daemons will only at the VERY worst cause fraudulent certificates, not the root to be revealed.")?>
+=_("Why use serial you ask? Well certificate requests are low bandwidth for starters, then of course simpler systems in security are less prone to exploits, and finally serial code is pretty mature and well tested and hopefully all exploits were found and fixed a long time ago.")?>
+=_("With the proposed root certificate changes, there would be a new root, this would sign at least 1 sub-root, then the private key stored offline in a bank vault, with the sub-root doing all the signing, or alternatively 2 sub-roots, 1 for client certificates, one for server, the thinking behind this, if any of the sub-roots are compromised they can be revoked and reissued.")?>
+=_("Alternatively as things progress we can add more layers of security with say 4 webservers talking to 2 intermediate servers, talking to the root store, and acting in a token ring fashion, anything happening out of sequence, and the server directly upstream shuts itself down, which if that were in place and there were multiple paths, any down time in this fashion would fall over to the servers not compromised, anyways just some food for thought.")?>
diff --git a/pages/index/11.php b/pages/index/11.php
index 2a388b5..f7b7081 100644
--- a/pages/index/11.php
+++ b/pages/index/11.php
@@ -14,6 +14,19 @@
*/ ?>
=_("Contact Us")?>
+=_("General Questions")?>
+=_("General questions about CAcert should be sent to the general support list, this list has many more volunteers then those directly involved with the running of the website.")?>
+=_("Click here to go to the Support List")?>
+
+IRC
+irc://irc.CAcert.org/CAcert
+
+=_("Other Mailing Lists")?>
+=_("There are a number of other mailing lists CAcert runs, some are general discussion, others are technical (such as the development list) or platform specific help (such as the list for Apple Mac users)")?>
+=_("Click here to view all lists available")?>
+
+=_("Sensitive Information")?>
+=_("If you have questions, comments or otherwise and information you're sending to us contains sensitive details, you should use the contact form below. Sending general questions via this contact form will generally take longer then using the support mailing list.")?>
+=_("Snail Mail")?>
=_("Alternatively you can get in contact with us via the following methods:")?>
=_("Postal Address:")?>
@@ -30,7 +44,3 @@ CAcert Inc.
P.O. Box 75
Banksia NSW 2216
Australia
-
-IRC
-irc://irc.CAcert.org/CAcert
-
diff --git a/www/help.php b/www/help.php
index 9f1b389..3b03473 100644
--- a/www/help.php
+++ b/www/help.php
@@ -13,11 +13,12 @@
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
- loadem("help");
+ loadem("index");
$id = intval($id);
showheader(_("Welcome to CAcert.org"));
- includeit($id);
+ includeit($id, "help");
showfooter();
+
?>
diff --git a/www/src-lic.php b/www/src-lic.php
index d582293..70b212a 100644
--- a/www/src-lic.php
+++ b/www/src-lic.php
@@ -1,7 +1,7 @@
if($process == "Confirm, I agree to these terms and conditions" && $iagree == "yes")
{
- $output_file = $fname = "cacert-20041016.tar.bz2";
+ $output_file = $fname = "cacert-20041025.tar.bz2";
header('Pragma: public');