“ffs ssl”

I just set up SSL TLS on my web site. Everything can be had via https://wingolog.org/, and things appear to work. However the process of transitioning even a simple web site to SSL is so clownshoes bad that it's amazing anyone ever does it. So here's an incomplete list of things that can go wrong when you set up TLS on a web site.

Wingo decribes the TLS misery aptly. See also Why p≡p project isn't reachable via commercial HTTPS.

p≡p communication strategy

Because I've been asked that frequently, here our sketch of the communication strategy for p≡p's message dispatcher:

1. When two p≡p users are communicating
1. if online communication available: OTR through GNUnet
2. if online communication not available:
1. if anonymizing platform available, OpenPGP through anonymizing platform (i.e. Qabel)
2. if anonymizing platform not available, fallback to OpenPGP
2. when a p≡p user is communicating with a non-p≡p user then depending on the capabilities of the non-p≡p user:
1. if anonymizing and forward secrecy is possible, use that (i.e. OTR over GNUnet)
2. if anonymizing but no forward secrecy is possible, use that (i.e. OpenPGP over Qabel)
3. if forward secrecy is possible, use that (i.e. OTR)
4. if hard cryptography but no forward secrecy is possible, use that (i.e. OpenPGP)
5. if only weak cryptography is possible, use that (i.e. S/MIME with commercial CAs)
6. send unencrypted

Pretty Easy Privacy project aims to make encryption easier for regular people to use

pEp is a user interface scheme that’s designed to help users judge how secure their conversations are, and make them more secure with as little knowledge as possible.

You can find the report from David Meyer on GIGAOM…

Isn't that an interesting traceroute?

vb@fuchur:~/yblog2/2014-10 % traceroute dragon
traceroute to dragon (94.231.81.244), 64 hops max, 52 byte packets
 1  192.168.1.1 (192.168.1.1)  2.739 ms  2.701 ms  2.062 ms
 2  195.186.54.35 (195.186.54.35)  22.015 ms  21.099 ms  21.575 ms
 3  * * *
 4  be120-1100.lssic20p-isn002.bluewin.ch (213.3.219.141)  27.610 ms  27.079 ms
    be120-1100.lssic20p-isn001.bluewin.ch (213.3.219.137)  27.757 ms
 5  213.3.217.26 (213.3.217.26)  26.662 ms  26.685 ms
    213.3.217.30 (213.3.217.30)  26.803 ms
 6  be100.lssic20p-ipn001.bluewin.ch (213.3.220.129)  26.371 ms  25.694 ms  27.415 ms
 7  be100.i69lss-025.bb.ip-plus.bluewin.ch (213.3.220.130)  29.171 ms  27.774 ms  25.943 ms
 8  i68ixe-015-ae0.bb.ip-plus.net (138.187.129.59)  27.127 ms  26.834 ms  26.779 ms
 9  te1-3.ccr01.gva01.atlas.cogentco.com (130.117.14.53)  314.922 ms  125.447 ms  488.711 ms
10  te0-0-0-1.ccr21.zrh01.atlas.cogentco.com (154.54.36.229)  45.359 ms
    te0-0-0-4.ccr21.zrh01.atlas.cogentco.com (154.54.36.233)  44.726 ms  44.296 ms
11  be2296.ccr42.par01.atlas.cogentco.com (130.117.3.57)  56.066 ms
    be2295.ccr41.par01.atlas.cogentco.com (130.117.3.53)  56.546 ms
    be2296.ccr42.par01.atlas.cogentco.com (130.117.3.57)  57.210 ms
12  be2231.ccr41.iad02.atlas.cogentco.com (154.54.28.105)  120.629 ms
    be2296.ccr21.zrh01.atlas.cogentco.com (130.117.3.58)  57.369 ms  57.455 ms
13  telia.iad02.atlas.cogentco.com (154.54.11.94)  121.045 ms
    be2296.ccr42.par01.atlas.cogentco.com (130.117.3.57)  69.864 ms  69.841 ms
14  be2296.ccr21.zrh01.atlas.cogentco.com (130.117.3.58)  71.413 ms
    ash-bb3-link.telia.net (213.155.130.87)  119.788 ms
    be2296.ccr21.zrh01.atlas.cogentco.com (130.117.3.58)  71.884 ms
15  be2296.ccr42.par01.atlas.cogentco.com (130.117.3.57)  83.667 ms
    prs-bb1-link.telia.net (80.91.251.99)  132.241 ms
    be2296.ccr42.par01.atlas.cogentco.com (130.117.3.57)  83.090 ms
16  be2296.ccr21.zrh01.atlas.cogentco.com (130.117.3.58)  85.493 ms  85.236 ms
    ash-bb3-link.telia.net (80.91.248.158)  133.115 ms
17  hurricane-ic-304587-zch-b2.c.telia.net (213.248.100.86)  135.663 ms
    prs-bb1-link.telia.net (80.91.251.242)  150.140 ms  147.695 ms
18  datawire-ag.gigabitethernet2-1.core1.zrh1.he.net (216.66.84.118)  141.721 ms
    zch-b2-link.telia.net (80.91.249.112)  243.111 ms
    datawire-ag.gigabitethernet2-1.core1.zrh1.he.net (216.66.84.118)  142.905 ms
19  dragon.pibit.ch (94.231.81.244)  142.910 ms  142.704 ms
    hurricane-ic-304587-zch-b2.c.telia.net (213.248.100.86)  155.960 ms

To compare: that's the geographical route. For sure a bug in their routing tables ;-)