You are here: / home / 2004

Wed, 22 Dec 2004

Believe it or not:

I just discovered that all but one of the twenty five users whose gpg-key I set to the Don't trust at all trust level (and believe me: I had good reasons for doing so) are Gentoo users or developers. I wonder if that's coincidence or system ...

postet at 14:13 into [Debian] permanent link


Sometimes everything sucks!

Did I already mention that? Secure Email for one example.

Okay, there is gnupg. Works very well for me, but it's difficult to explain to unexperienced users (at least I failed many times to explain it to members of my family) and it isn't accepted everywhere.

I especially dislike the second point. Ordering some stuff from a shop or sending forms to agency could be quite simple. As in many other countries, we have a law for electronic signatures. But gpg and it's web of trust fails, since you need a central certificate authority for a valid certificate.

Okay, then there is Thawte and it's web of trust, where you can get this s/mime stuff, which you actually can get somehow running under Linux and mutt. You need to get enough points in there Web of trust install firefox or Mozilla, create somehow a certificate, which is magically signed by Thawte (although you created it locally), export it from Mozilla, import it with openssl, tweak your muttrc and it works. Perhaps.

Beside the point, that I didn't understand how it works in general, there are the normal points that suck: You get only certificates for e-mail for free from Thawte. And even then they might revoke it anytime, and tell you: Sorry, but we are a company and like to earn money. Please pay us, if like to get a working certificate. All in all: It's all the stuff I dislike about companies, and why I love community efforts.

A nice point is, that Thawte certificates strictly speaking not fulfill the german law for electronic signatures. IIRC Thawte would need to ... pass some tests defined in the law, which they didn't tried yet for unknown reasons. But they are quite often accepted. I think most people can't differ between officially trusted and untrusted ca's.

Now you might think that CAcert is the solution: It claims to be a community project and you'll get certificates for your other services than email (e.g. your web server), too. But it sucks, too. One point is, that their root certificate isn't part of any browser or email reader yet. So you need to tell your friends/customers/whoever to install their root certificate to trust you. Oh, and it seems to have some problems with democratic / community too. I talked to some former project members (actually: I know more former than actual members), which complained all about missing democratic and that everything, from their domain to the root account of the main machine, would be controlled by a single person. Being a regular association with an elected board sounds quite useless, if there is one person, who has the last word, doesn't it?

Oh, year, I forgot to mention the CAs where you can buy your certificate. As far as I know, there are two kinds of CAs: Those who are so expensive I can't afford it, or those, who create the private key for you and keep a copy (for security reasons, you might loose yours) or just sell you a complete set including SmartCard, reader and Software. You can see quite funny faces, if you ask the last group mentioned questions like Does it run with Linux? or May I see the source code of this software, so I can trust it?.

Sometimes everything sucks. Can't we start a really community effort for digital signatures and all this stuff? I really think we need something like this.

postet at 04:44 into [Debian] permanent link


Where I am reigns chaos!

Today I've been at my local LUG to a joined x-mas and keysigning party. That was the most chaotic keysigning party I have ever been.

Two weeks ago, when someone came up with the idea of the keysigning party, it sounded quite easy: One volunteered to do a small talk about gpg, ssl, web of trust and all that stuff. He had no time to prepare something, so he did an improvised 10 minute talk (he would have been faster, if I didn't asked questions or clarified some points he didn't knew). Other problem was, that more people than calculated came.

However: The really big problem was, that somehow we tried to have three keysigning parties at once. One normal gpg/pgp party (with some people forgot to print enough fingerprints), one for Thawtes Web of Trust and one for CAcert.

Beside the normal problems of lost or expired passports, the whole situation got more complicated because unexperienced users didn't knew the difference of the three (although we send previously a small HOWTO), or didn't had copies of their passports for the later two.

Nice idea to do all that stuff in one go, but if we ever do such a thing again, we should really try to do it a bit less chaotic.

postet at 03:59 into [Debian] permanent link


Sat, 18 Dec 2004

Neue Telefonnummer!

Demnächst (Montag?) wird sich die Nummer meines Mobiltelefons ändern. Derzeit bin ich telefinisch lediglich zu Hause zu erreichen. Hey! Nicht lachen! Ab und zu höre ich meinen Anrufbeantworter wirklich ab!

Sollte ich vergessen haben, DIR meine neue Telefonnummer mitzuteilen: Sorry! Schick mir doch bitte eine E-Mail.

postet at 06:05 into [private] permanent link


Thu, 16 Dec 2004

Zwischen den Jahren ...

... also in den paar Tagen zwischen Weihnachten und Silvester, war bisher an der Uni eigentlich nie etwas los. Um Kosten zu sparen ist die Heizung abgestellt, Bibliotheken und Rechner-Pools sind geschlossen. Das hat bisher auch keinen gestört. Studierende und Personal feiern mit ihren Familien oder erholen sich gerade vom Feiern.

So war es zumindest in den letzten Jahren. Aber es muss gespart werden, weshalb sich irgendwer dazu entschlossen hat, dieses Jahr die verschwenderischen Freitage zu reduzieren, so dass wir kleinen Angestellten der Uni dieses Jahr auch zwischen den Jahren Dienst tun dürfen.

Ärgerlich: Ich kann mir nicht vorstellen, dass irgendeiner zur Uni kommen wird. Es wird also ein vollkommen verschwendeter Tag.

Doppelt ärgerlich, und dreifach verschwendet: Ich wollte zwischen den Jahren eigentlich nach Berlin, zum 21c3 fahren, kann es aber nicht, weil ich nun mal an einem Tag in dieser Woche arbeiten muss, und keinen finde, der mich zwischen den Jahren vertreten will.

postet at 15:53 into [university] permanent link


<<  1 [2] 3 4  >>

About

Alexander Tolimar Reichle-Schmehl lives in Tuttlingen / Germany. He works as IT manager (specialized on Unix and SAN/Storage) for an international automotive supplier.

Links

My...
- homepage
- GPG public key

external Links

alphascorpii's homepage
alphascorpii's blog
Debian
Debian related blogs
some Debian related news