Some statistics from the router at the cabin
sip0 is a GRE tunnel between the router and the colo box in Seattle, the payload of which is encapsulated as ipsec traffic before being transmitted over the Ubiquity equipment to the switch that the CenturyLink DSL modem attaches to. I don’t get centurylink easter eggs in my search results when I use this interface. […]
Trip Report: UW signing-party
Dear Debian Users, I met last night with a friend from many years ago and a number of students of cryptography. I was disappointed to see the prevalence of black hat, anti-government hackers at the event. I was hoping that civilized humanity had come to agree that using cryptography for deception, harm to others and […]
OpenVPN configs with inline data
I’ve been issuing a lot of x.509 certs and OpenVPN user configurations lately, and I came across something that has reduced the complexity quite a bit. It seems that OpenVPN configuration files can now include data inline. So rather than generating and distributing the following for each user: a configuration file a chain of CA […]
I miss you. Please come back?
… Creating var directory ‘/usr/src/git/debian/pkg-mariadb/builddir/mysql-test/var’… Checking supported features… MariaDB Version 5.5.32-MariaDB-1 Installing system database… – SSL connections supported Collecting tests… Using server port 42388 ============================================================================== TEST RESULT TIME (ms) or COMMENT ————————————————————————– worker Using MTR_BUILD_THREAD 300, with reserved ports 16000..16019 oqgraph.basic [ skipped ] No OQGraph oqgraph.binlog [ skipped ] No OQGraph sphinx.sphinx [ skipped […]
Filing to become a licensed CA
—–BEGIN PGP SIGNED MESSAGE—– Hash: SHA1 All Operative Personnel employed by Collier Technologies LLC, known here as the Certification Authority or CA, must also be licensed as notaries public by the local government where they reside during any act performed on behalf of the CA. In addition to passing the Washington State Operative Personnel Exam, all OPs employed by the CA will demonstrate their proficiency by a) creating a request for issuance as described in 19.34.210Â§1 RCW, known here as a Certificate Signing Request or CSR; and b) signing CSR from (a) with a private key issued by the Certification Authority; and c) publishing the public key corresponding to the CSR signed in (b) in a recognized repository as defined by 19.34.400 RCW While holding the position of Operative Personnel for the CA, the OP will a) utilize the private key corresponding to the CSR presented during the demonstration of proficiency exclusively b) not use the private key referenced in (a) for purposes other than those performed on behalf of the CA. All private key data controlled by the CA and all Operative Personnel must be a) stored on a solid-state device; and b) kept within a locked safe except while in use by OP acting on behalf of the CA. All solid-state devices containing private key data controlled by the CA and all Operative Personnel may only be used a) on a Trustworthy system, as defined in 19.34.020Â§43 RCW; and b) with a system which remains always disconnected from any computer network —–BEGIN PGP SIGNATURE—– Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkwmPOMACgkQXKBS0hdr6UYPTwCglr89VbTlw/wPuLqihaduw8Cw z1gAnjwiDx47FTInVHBo9bo9VsVn/IDl =9oar —–END PGP SIGNATURE—–
spamassassin tls plugin
Anybody got a tls plugin for spamassassin? Something that will check to see whether incoming mail is signed by a certificate known to and trusted by spamd?