[wplug] Meeting presentation idea: Public Key Encryption

Patrick Wagstrom pwagstro at andrew.cmu.edu
Mon Jan 9 22:52:45 EST 2006 

On Mon, 2006-01-09 at 20:36 -0500, Christopher DeMarco wrote:
> On Mon, Jan 09, 2006 at 06:04:27PM -0500, Brandon Kuczenski wrote:
> 
> > somebody who knows how the Public Key infrastructure is supposed to
> > work, from the perspective of the small-time system administrator,
> > particularly x509 stuff?  Things like how to create and sign a
> > self-signed certificate for secure email and web serving, and how to
> > distribute the certificate authority file to users so that everybody
> > involved can trust everybody?
> 
> If nobody else steps up, I'll take this on.
> 
> I'm very well-equipped to talk about PKI theory and operation,
> not-so-well equipped to talk about x509 setup.  My PKI has always been
> a combination of SSL and SSH - which works just fine for what I've
> done, but I'll have to do a bit of research on the other systems.
> 
> 
> > The talk could also clarify the differences between a certificate signed 
> > by, say, Verisign, and a homebrew one.
> 
> Easy.
> 
> 
> > A future talk, or the same talk, could then talk about how to encrypt 
> > email using PGP keys... what with WiFi becoming ever present (and wiretaps 
> > becoming ever easier to get).
> 
> Easy as pi.  I'll even demonstrate a TLS/SMTP-AUTH setup, AND for one
> LOW PRICE, talk about the differences between your requested PGP +
> email and a TLS/SMTP-AUTH setup.
> 
> 
> > Does this seem interesting?
> 
> YES!
> 
> But since I've got SOO MUCH free time (biz plan 2006, doncha know),
> would anybody like to tag-team with me on this?

I can probably help out.  While I'm an idiot on x509, I've got a good
understanding of crypto (specifically proxying requests around).  And as
an added bonus, I've been itching to organize a WPLUG keysigning party.
My GPG key is feeling rather lonely as of late.

I'm also available to certify folks for CACert (I believe that a few
other WPLUGgers can also do CACert authorizations).  A CACert
authorization lets you issue yourself certificates for Apache that are
at least signed by someone.

--Patrick

More information about the wplug mailing list