[wplug] Meeting presentation idea: Public Key Encryption
Patrick Wagstrom
pwagstro at andrew.cmu.edu
Mon Jan 9 22:52:45 EST 2006
On Mon, 2006-01-09 at 20:36 -0500, Christopher DeMarco wrote:
> On Mon, Jan 09, 2006 at 06:04:27PM -0500, Brandon Kuczenski wrote:
>
> > somebody who knows how the Public Key infrastructure is supposed to
> > work, from the perspective of the small-time system administrator,
> > particularly x509 stuff? Things like how to create and sign a
> > self-signed certificate for secure email and web serving, and how to
> > distribute the certificate authority file to users so that everybody
> > involved can trust everybody?
>
> If nobody else steps up, I'll take this on.
>
> I'm very well-equipped to talk about PKI theory and operation,
> not-so-well equipped to talk about x509 setup. My PKI has always been
> a combination of SSL and SSH - which works just fine for what I've
> done, but I'll have to do a bit of research on the other systems.
>
>
> > The talk could also clarify the differences between a certificate signed
> > by, say, Verisign, and a homebrew one.
>
> Easy.
>
>
> > A future talk, or the same talk, could then talk about how to encrypt
> > email using PGP keys... what with WiFi becoming ever present (and wiretaps
> > becoming ever easier to get).
>
> Easy as pi. I'll even demonstrate a TLS/SMTP-AUTH setup, AND for one
> LOW PRICE, talk about the differences between your requested PGP +
> email and a TLS/SMTP-AUTH setup.
>
>
> > Does this seem interesting?
>
> YES!
>
> But since I've got SOO MUCH free time (biz plan 2006, doncha know),
> would anybody like to tag-team with me on this?
I can probably help out. While I'm an idiot on x509, I've got a good
understanding of crypto (specifically proxying requests around). And as
an added bonus, I've been itching to organize a WPLUG keysigning party.
My GPG key is feeling rather lonely as of late.
I'm also available to certify folks for CACert (I believe that a few
other WPLUGgers can also do CACert authorizations). A CACert
authorization lets you issue yourself certificates for Apache that are
at least signed by someone.
--Patrick
More information about the wplug
mailing list