For those that are interested in keeping tabs on upcoming events the calendar.ics we now dynamically publish based on this blogs posts is one of the easier ways to do it. Today I’ve been playing with this and the sun-bird plugin for thunder bird/fire fox. The sun bird plugin allows you to import (you can even tell it to re-import on start up) remote calendars, such as the Events Calendar.

My only gripe is that the plugin is basically a completely new program and that it doesn’t seem to integrate very well with thunder bird, this could be a whole lot more useful and more to the point, more intuitive, to a whole lot more people. Once I downloaded and installed the plugin nothing on the thunder bird interface actually looked or seemed any different and it took me a fair while to track down the solitaire menu item when I could launch the sun bird interface from, so a big thumbs down on usability. As far as I can see all that it needs to be a little more useful is a little calendar looking item in the main interface that some how indicates events are occurring on certain days and by clicking would open to the plugins normal looking page.

Apart from evolution can anyone suggest any other plugins for thunder bird that integrate better, so that shared calendar events etc for people can better keep tabs of each other by publishing their public calendar to the Internet somewhere?

If you ever are involved with any sort of event trying to promote CAcert, this question at one point or another is bound to come up, and Microsoft has given us the best answer to date. With the new release of long horn comes a number of changes in the way Microsoft handles PKI, in particular the biggest change most likely to effect people with having OCSP turned on by default.

This will mean that if you’re publishing self signed certificates and no OCSP responder approves the certificate, Internet Explorer and other programs will reject the connection and you will have to go back to using no encryption or buying a certificate from a commercial provider.

At this stage CAcert isn’t running an OCSP responder either, this is in part due to the testing of different OCSP options in the past and having no sucess with any of the free software options actually workin properly, most software was returning a lot of false positives and false negatives. Having an OCSP responder is something that we need to address before betas are being officially released to ensure we don’t get left behind either, but at the same time it can be used as leverage as to why people should use us compared to self signing.

One suggestion on which OCSP responder to use is the one RedHat recently bought when it acquired some of the remaining Netscape assets from AOL. So far I’m not sure that anything has been released at all or what RedHat’s plans go for any time line.

One other minor note about OCSP in general, the protocol states that if you can’t talk to the responder to verify the status you have to assume it’s not a valid certificate, this could potentially lead to major disruptions on the Internet if CAs are being attacked via denial of service on their responder, which in turn could have the potential of wiping them out as a company if a lot of their customers’ websites are no longer usable.

One other situation that is similar to a denial of service attack, which will be a lot more common is when people are sitting in a plane or similar and not having Internet access, although apparently Microsoft have attempted to solve this via a OCSP caching solution, but will this actually be any better then the caching that Internet Explorer does? Something to think about at least I guess.