If you have used any infrastructure services (like wiki, blog, translation system, bug tracker) in the last days, you’ve probably noticed that they feel much more responsive. That’s because we have moved those services to a new machine, kindly donated by Thomas Krenn as part of their open source initiative. The donation actually took place some months ago, but we needed some time for preparation so that it’s finally online now. That was about time, because the old machine only had about 1.2 Gigabytes of storage left and those poor services were screaming for help.
Thank you Thomas Krenn for the hardware and also thanks to the admins, especially Jan Dittberner but also all other people involved, for preparing the move.
Surely your servers are of great interest to U.S. National Security Agency. And they are ready to put significant resources, whether legal or illegal, to get access your system.
I hope you have seriously taken into consideration those risks. Especially risks related to hardware. – Least to mention the reputation of the supplier.
Yes, we have given this some thought. First of all this server runs the infrastructure services only (i.e. not the main CAcert website). So our private root keys and such are not on that system. Also the manufacturer is a German company with some reputation for building energy efficient hardware. Although they also use standard components which could be tampered with, they assemble the machine in Germany. So if $agency wanted to place hardware backdoors, they would have to put them in a lot of components because they need to make sure it’s in the exact component that got built into our server or they would need to have an agent at the assembly line.
All in all it would probably not be impossible but at this point I personally would think it’s unlikely, seeing the required effort and the little it would achieve.