“ffs ssl”
I just set up SSL TLS on my web site. Everything can be had via https://wingolog.org/, and things appear to work. However the process of transitioning even a simple web site to SSL is so clownshoes bad that it's amazing anyone ever does it. So here's an incomplete list of things that can go wrong when you set up TLS on a web site.
Wingo decribes the TLS misery aptly. See also Why p≡p project isn't reachable via commercial HTTPS.
p≡p communication strategy
Because I've been asked that frequently, here our sketch of the communication strategy for p≡p's message dispatcher:
- When two p≡p users are communicating
- if online communication available: OTR through GNUnet
- if online communication not available:
- if anonymizing platform available, OpenPGP through anonymizing platform (i.e. Qabel)
- if anonymizing platform not available, fallback to OpenPGP
- when a p≡p user is communicating with a non-p≡p user then depending on the capabilities of the non-p≡p user:
- if anonymizing and forward secrecy is possible, use that (i.e. OTR over GNUnet)
- if anonymizing but no forward secrecy is possible, use that (i.e. OpenPGP over Qabel)
- if forward secrecy is possible, use that (i.e. OTR)
- if hard cryptography but no forward secrecy is possible, use that (i.e. OpenPGP)
- if only weak cryptography is possible, use that (i.e. S/MIME with commercial CAs)
- send unencrypted
Pretty Easy Privacy project aims to make encryption easier for regular people to use
pEp is a user interface scheme that’s designed to help users judge how secure their conversations are, and make them more secure with as little knowledge as possible.
You can find the report from David Meyer on GIGAOM…
Isn't that an interesting traceroute?
vb@fuchur:~/yblog2/2014-10 % traceroute dragon
traceroute to dragon (94.231.81.244), 64 hops max, 52 byte packets
1 192.168.1.1 (192.168.1.1) 2.739 ms 2.701 ms 2.062 ms
2 195.186.54.35 (195.186.54.35) 22.015 ms 21.099 ms 21.575 ms
3 * * *
4 be120-1100.lssic20p-isn002.bluewin.ch (213.3.219.141) 27.610 ms 27.079 ms
be120-1100.lssic20p-isn001.bluewin.ch (213.3.219.137) 27.757 ms
5 213.3.217.26 (213.3.217.26) 26.662 ms 26.685 ms
213.3.217.30 (213.3.217.30) 26.803 ms
6 be100.lssic20p-ipn001.bluewin.ch (213.3.220.129) 26.371 ms 25.694 ms 27.415 ms
7 be100.i69lss-025.bb.ip-plus.bluewin.ch (213.3.220.130) 29.171 ms 27.774 ms 25.943 ms
8 i68ixe-015-ae0.bb.ip-plus.net (138.187.129.59) 27.127 ms 26.834 ms 26.779 ms
9 te1-3.ccr01.gva01.atlas.cogentco.com (130.117.14.53) 314.922 ms 125.447 ms 488.711 ms
10 te0-0-0-1.ccr21.zrh01.atlas.cogentco.com (154.54.36.229) 45.359 ms
te0-0-0-4.ccr21.zrh01.atlas.cogentco.com (154.54.36.233) 44.726 ms 44.296 ms
11 be2296.ccr42.par01.atlas.cogentco.com (130.117.3.57) 56.066 ms
be2295.ccr41.par01.atlas.cogentco.com (130.117.3.53) 56.546 ms
be2296.ccr42.par01.atlas.cogentco.com (130.117.3.57) 57.210 ms
12 be2231.ccr41.iad02.atlas.cogentco.com (154.54.28.105) 120.629 ms
be2296.ccr21.zrh01.atlas.cogentco.com (130.117.3.58) 57.369 ms 57.455 ms
13 telia.iad02.atlas.cogentco.com (154.54.11.94) 121.045 ms
be2296.ccr42.par01.atlas.cogentco.com (130.117.3.57) 69.864 ms 69.841 ms
14 be2296.ccr21.zrh01.atlas.cogentco.com (130.117.3.58) 71.413 ms
ash-bb3-link.telia.net (213.155.130.87) 119.788 ms
be2296.ccr21.zrh01.atlas.cogentco.com (130.117.3.58) 71.884 ms
15 be2296.ccr42.par01.atlas.cogentco.com (130.117.3.57) 83.667 ms
prs-bb1-link.telia.net (80.91.251.99) 132.241 ms
be2296.ccr42.par01.atlas.cogentco.com (130.117.3.57) 83.090 ms
16 be2296.ccr21.zrh01.atlas.cogentco.com (130.117.3.58) 85.493 ms 85.236 ms
ash-bb3-link.telia.net (80.91.248.158) 133.115 ms
17 hurricane-ic-304587-zch-b2.c.telia.net (213.248.100.86) 135.663 ms
prs-bb1-link.telia.net (80.91.251.242) 150.140 ms 147.695 ms
18 datawire-ag.gigabitethernet2-1.core1.zrh1.he.net (216.66.84.118) 141.721 ms
zch-b2-link.telia.net (80.91.249.112) 243.111 ms
datawire-ag.gigabitethernet2-1.core1.zrh1.he.net (216.66.84.118) 142.905 ms
19 dragon.pibit.ch (94.231.81.244) 142.910 ms 142.704 ms
hurricane-ic-304587-zch-b2.c.telia.net (213.248.100.86) 155.960 ms
To compare: that's the geographical route. For sure a bug in their routing tables ;-)
published Thu, 02 Oct 2014 15:33:03 +0200 #spooky