Monthly Archives: October 2009

CAcert hitelesítés a Szabad Szoftver Konferencián

Leave a reply

Az FSF.hu Alapítvány a korábbi sikeres Ubuntu Konferenciák utódjaként, ám azokhoz képest b?vített témakörrel rendezi meg a Szabad Szoftver Konferenciát és Kiállítást. A rendezvény a BME Informatikai épületében kerül megrendezésre, id?pontja 2009. október 31. szombat. A konferencia szekciói (melyek a regisztrált felhasználók igényei szerint lesznek kialakítva) és a kiállítás párhuzamosan zajlik majd, így minden látogató találhat a maga számára megfelel? elfoglaltságot.

A konferencián a Független Magyar Tudásközpont assurerjei jóvoltából CAcert hitelesítés is lesz, keressétek a standunkat (elvileg lesz kisebb-nagyobb CAcert logó).

További információ a konferenciáról + regisztráció: http://konf.fsf.hu/

CAcert auf der Open Source Expo 09 in Karlsruhe

Leave a reply

Am 15. und 16. November findet im Karlsruher Kongresszentrum die Open Source Expo 09 statt, welche einen deutlichen Schwerpunkt in Richtung Webtechnologien hat und auf der neben vielen anderen FOSS-Projekten auch CAcert vertreten sein wird. Für Besucher, die sich im voraus auf der Webseite der OSE registrieren ist der Eintritt kostenlos, andernfalls kostet das Ticket an der Tageskasse 10€.

Assurer die bei der Betreuung des Stands mithelfen möchten tragen sich bitte auf der Wikiseite ein.

OpenRheinRuhr 2009

Leave a reply

Am 7. und 8. November 2009 präsentiert sich die OpenRheinRuhr das erste
Mal der Öffentlichkeit.

Unter dem Slogan ‘Ein Pott voll Software’ bringt der OpenRheinRuhr e. V.
im Saalbau Bottrop Entwickler, Dienstleister, Anwender und Interessierte
zum Thema Freie Software in der Region Rhein-Ruhr zusammen.

Das Verzeichnis der Aussteller und Vorträge ist prall gefüllt und
bietet Informationen und Gesprächsgrundlagen über alle Bereiche der
Freien Software. Über 42 Austeller haben sich für das Wochenende
angemeldet. Ein ausführliches Verzeichnis ist auf der Homepage unter
http://www.openrheinruhr.de zu finden.

In drei Räumen finden während beider Tage insgesamt 40 Vorträge
statt. Die Themen reichen dabei von “Der Abmahnwahn in Deutschland”
über “Enterprise CRM mit Open Source” bis zu “Neuheiten in
OpenOffice.org 3.x”. Einsteigerthemen sind hier genau so vertreten wie
Open Source ERP und CRM sowie weiterführende Themen zu Netzwerk und
Virtualisierung.

Zusätzlich halten das Linux Professional Institute (LPI) und BSD
Certification Prüfungen ab. Am Samstag gibt es ein GPG-Keysigning und
über die gesamte Zeit sind CAcert Assurer vor Ort um Assurances
durchzuführen.

Für das leibliche Wohl wird das Casino des Saalbaus zu angemessenen
Preisen sorgen. Park- sowie Übernachtungsmöglichkeiten sind in den
Besucherinformationen vermerkt.

Kostenlose Eintrittskarten für die Veranstaltung sind auf der Webseite
http://www.openrheinruhr.de/ verfügbar.

An der Tageskasse kostet das Ticket 5 EUR.

Öffnungszeiten: 9:30 Uhr – 18:00 Uhr am 07. und 08.11.2009
Veranstaltungsort: Saalbau Bottop, Droste-Hülshoff-Platz 4, 46236 Bottrop
Veranstalter: OpenRheinRuhr e. V., c/o Michael Gisbers, Neukölner Str. 94, 46147 Oberhausen

Client Certs are the future…

Leave a reply

One of the things I recently discovered (to my surprise) is that client certs used in browsers are out of scope for browser policy purposes. This is because *the server* is the relying party, and there is no decision of reliance to make in the browser. So the vendor doesn’t care.

And, as we know, for the most part servers require a fair bit of config to get up and going … so even a decision to distro the root of one player or another isn’t so important.

The playing field is more or less level. What’s perhaps more controversial is this claim: client certs deliver more bang-for-buck in real security benefits than any other use of certs.

Which means that our idea of using client certs every where (CATS.cacert.org originally, but now webmail, archives, and this very blog!) is also a good strategic direction. We can deliver!

Therefore, Apache tutorials like this one by Dan are much more important. Download it today! Put it into practice on your website! Not to mention, that client certs delivers lots of administration benefits in easing our management of sites, as I muse on over at my blog. Have you noticed how there are no complaints about lost passwords over at CATS.cacert.org? No more comment spam on this blog [1]?

Say No to Spam!

What I would like to see is a list of systems where CAcert certs are now in definite use. Production. Benefits! This would include CATS in pole position, also the blog, the webmail, the mail archives. Also possibly that OpenID server (is that run by Assurers? I assume so… I’m not even sure where it is).

[1] OK, it seems that only a very few long suffering admins could even see it. So you probably can’t see it, … and can’t imagine the joy of not having to deal with it ever again 🙂 I checked last night, there is a tiny bit of trackback spam, which I can’t quite see how to deal with, but nobody cares about trackback these days…

Security Party in Switzerland this Week

Leave a reply

On the evening of Friday, the 23rd of October 2009 will be held a somewhat end user-oriented conference on the theme of Cryptography, SSL/TLS and trust networks, with the opportunity to sign GPG keys and be assured by CAcert.org assurers. This conference will be held in Switzerland, at the University of Applied Science – HES-SO / HE-Arc Ingénierie in St-Imier (BE).

You can find details on Linux User Group – Neuchâtel

Registration is not required – if you want to participate in GPG key signing, please send your GPG key info and fingerprint until Monday 19 to: schaefer (at) alphanet (dot) ch – and Entrance is free.

This conference is co-organized by HE-Arc / ISIC, Linux User Group – Neuchâtel and by individual CAcert.org Assurers.

———————————————————————————————————————————————————————————-

Le soir du vendredi 23 octobre 2009 aura lieu à l’Institut des systèmes d’information et de communications de la Haute Ecole Arc ingénierie – HES-SO à St-Imier (BE) en Suisse une conférence sur le thème de la cryptographie, de SSL/TLS et des réseaux de confiance, avec l’opportunité de signer des clés GPG et d’être vérifié par des assureurs CAcert.

Détails ici, Groupe d’Utilisateurs Linux – Neuchâtel

Inscription non nécessaire – mais vous devez envoyer vos informations de clés publique GPG et empreinte à: schaefer (arobas) alphanet (point) ch, si vous voulez participer à la signature de votre clé. Entrée gratuite.

Cette conférence est co-organisée par la HE-Arc / ISIC, Groupe d’Utilisateurs Linux – Neuchâtel et des assureurs individuels de CAcert.org.

The Future Of Identity will not be found in Britain

Leave a reply

Commentary, rants, not warnings of Downtime! Dave Birch runs a blog called Digital Identity to promote his consulting company (CHYP or Consult-Hyperion) which specialises in Money and Identity systems. His recent post on British experiences with Identity things is of interest to people here. Here’s a quick summary:

  • A French ID card can be used to get you a job at Sainsbury’s, but not to buy alcohol.
  • Banks can tell whether local passports are real, but foreign passports are just accepted. Because they can’t tell, they don’t.
  • Remember the Irish Police force’s search for their most wanted speedster: Mr Prawo Jazdy. Once they translated the term into “driving licence” in Polish … all became clear.
  • A car owner was arrested because his new form was a slightly different colour. The registration people thought it was a forgery and called the police…
  • You can call the UK Border hotline to confirm a national ID card. They will tell you “to ask [your] customer for a ‘second proof of identity’.”
  • It’s a smart card, and the smart way to check it is “to flick the card and listen for a distinctive sound, if they doubt the card’s authenticity.”
  • More here on how it is easier to get a bank account if you are a criminal or a foreigner than a poor unidentified person.

That’s all good fun! We know where all this is going … indeed, one of the strengths of the CAcert Assurance Process is just this. Working with the documents might be called a competence of CAcert, if we were into management-speak.

Read the whole article for the fuller picture; it’s fun. One thing I will disagree with Dave on is his recommendation that there be a digital solution that either works or it doesn’t. Although I frequently remind people that, in a well designed security system, “There is only one mode, and it is secure,” I think actually it is a hopeless goal to expect the British government to field such a system. They will create a pink elephant.

Far better for new identity systems to emerge from the marketplace. As suggested by Dave, this is likely to be the mobile phone. We are around 80% of the way there; and with things like Android, the other 20% is now on the marketplace. Soon enough…

planned Maintainance

Leave a reply

The Admin-Team is going to implement a change to the main website tonight, that
will increase the speed of the website.
There is currently expected a downtime of parts of the website (login,
certificate issueing) for a few minutes during the implementation.

Thawte Web of Trust Shutting Down

Leave a reply

Thawte’s Web Of Trust is to be Terminated by 16th November

Therefore the board is planning to run the Tverify program until that time, then terminate it completely (as the information will no longer be available).

Then, members who have come in via Tverify will have a year to get assured by other means. This includes members who have obtained points from Tverify in the past.

Tverify is now operating under the authority of board motion m20090928.1 and under the Assurance Policy. This latter means no issues of points over 50, and the earlier includes some restrictions.

However, note that all Tverify points (including ones previously obtained), will be deleted late 2010, so it is best to get assured by CAcert assurers anyway. If you can reach a few of them it may be easier all round if you do that instead of using the Tverify process.

See http://wiki.cacert.org/ThawteNotary for more details. (Disclaimer: that wiki page is not an official statement of the committee)

For the committee of management (board) of CAcert Incorporated,

Nicholas E. Bebout
President
CAcert Incorporated