In some windows, there aren’t slide cursors (Mainly horizontal) for viewing a long lines. I sent you a sample. And in this particular window I think there is an error in the translation to Spanish: It says “Confiar en los detalles de la cadena” and should be " Mostrar la cadena de confianza"
Another suggestion (could be difficult to implement): Some certificates (X.509) should be checked using CRL’s and another ones need OCSP. How can I use BOOTH methods or choose witch one depending on certificate?
thanks for your feedback! It is appreciated even if we often cannot promptly improve the software.
== Missing scrollbars
In your example a scrollbar may not be the most important thing as the tree view only should display the hierarchy and the details of each certificate can be displayed elsewhere.
So to me personally it would not be high on the backlog. What about the other places
where scrollbar are missing? If important places are found, the next step would be
to write report to dev.gnupg.org.
== Spanish translation in Kleopatra
To my knowledge the translations come from KDE’s Spanish translation team,
So it is not done by Gpg4win Devs directly. They certainly are interested in good hints.
== Checking revocation infos
The checking of certificate validity happens in the crypto backend, especially
in Dirmngr. So if you consult the GnuPG documentation about this and do some tests,
I know that both methods are implemented, and there are several options, but allowing
some OCSP and some CRLs for a group of certificates is not a functionality I am aware of.
Can you state the use case in more detail? (Because I lack the imagination for what it would be interesting, as it should not matter where the revocation infos comes from. Both has to be signed by the issuing certificate. The only difference would be some bandwidth or potential usage leaking, but this looks minor to me if you are using X509 with a central CA anyway.)
Some of the CA certs on Spain cover all Spanish citizens. One of them is in an identity card that every Spanish citizen has. Imagine the size of a crl… That kind of CAs use OCSP over http.
But some regional government CAs uses CRL’s. Also private CA’s.
if a certificate only offers OCSP this is used I think the other way around for CRLs.
By the way: Do you know if the CRL for the big CAs you mention are so long, because they have to many real revocations? (Some CAs revoke certs at the end of their validity which is somewhat making the CRLs very long.) An alternative could be the use of more intermediate certs to get the CRLs shorter.
I’m shure that crl’s for the big CA are not offered because they say explicitly. Are offered as a subscription with a fee and in a LDAP authenticated access used by some organizations. General users only have OCSP.
Unlucky the tec info are only in spanish ( FNMT and DNIe are the CA’s).
Using Open-ssl I validated these certs but I tried to do with dirmngr and was unsuccessful (I tried with gpg-connect-agent but I need some help to try more in depth, it says INQUIRE SENDCERT to an ISVALID command).
If this forum is not in depth-enough you could try the mailinglists (for community support).
The idea to understand dirmngr and gnupg is to get the diagnostic messages turned up
and then look carefully.
(This famos elder X509 guide shows why debugging CMS and PKIs is so hard: https://www.cs.auckland.ac.nz/~pgut001/pubs/x509guide.txt )
For completeness: If you seek paid support because you are trying get a large installation
with many seat rolling, look at https://www.gpg4win.de/support.html