Changes between Version 1 and Version 2 of Signing

Timestamp:

Nov 5, 2015, 10:54:47 AM (9 years ago)

Author:

darkblueb

Comment:

--

Signing

@@ -1 @@
-General Topics in Public Key Infrastructure (PKI) for OSGeo.org
+= General Topics in Public Key Infrastructure (PKI) for OSGeo.org =
 
-General Discussion
+== General Discussion ==
 
-OSGeo Board has passed a motion to allocate $500 to certificate acquisition
 
-http://lists.osgeo.org/pipermail/board/2015-October/013321.html
+'''Anita Graser''' and the '''QGis Team''' are interested in signing binaries
 
-Anita Graser has expressed interest in the initiative
+jgarnett  proposed a motion at the Board level (also represents Boundless community outreach); Michael Smith supports; Sanghee Shin, Jorge Sanz supporting
 
-jgarnett  proposed a motion at the Board level (also represents Boundless community outreach); Michael Smith seconds; Sanghee Shin, Jorge Sanz supporting
+*  http://lists.osgeo.org/pipermail/board/2015-October/013445.html
 
-darkblue_b proposed participating in the EFF/Mozilla Foundation Let's Encrypt initiative, and generally be modern in setting up server infrastructure for a FOSS dot-org. This prompted an investigation into the acquisition and use of Public Key Infrastructure (PKI) x.509 certificates, a heirarchical trust authority structure, and this wiki page.
+'''darkblue_b''' proposed participating in the EFF/Mozilla Foundation Let's Encrypt initiative, and generally be modern in setting up server infrastructure for a FOSS dot-org. This prompted an investigation into the acquisition and use of Public Key Infrastructure (PKI) x.509 certificates (a heirarchical trust authority structure), Debian-style package signing, and this wiki page.
 
-wildintellect (current SAC chair) in favor of getting SSL certs for all our websites, if some of those are the Free ones from that initiative that is fine
+'''wildintellect''' (current SAC chair) in favor of getting SSL certs for all our websites, if some of those are the Free ones from the Lets Encrypt initiative, that is fine
 
-evenR suggests
+'''evenR''' points to:
   https://fedoraproject.org/wiki/ReleaseEngineering/Projects/SigningServer
 
-the QGis team is interested in Signing Binaries for Mac and Windows
+'''Larry Shaffer''' joins SAC for the purposes of this project
 
-Larry Shaffer is involved in signing binaries, and is working with jgarnett
+'''nhv''' is observing
 
-nhv is observing the process
-
-* Signing Binaries based on the Debian Model
+== Signing Binaries based on the Debian Model
 
 A .dsc file shows some important parts.. checksum on certain things, a name of a person, and lastly the GnuPG PGP Signature
@@ -31 +28 @@
 (.dsc)  in that text file are checksums, the name of a person, and a GNU PGP signature.. 
 
-* Signing Binaries on the LocationTech model
+== Signing Binaries on the LocationTech model
 
 LocationTech says in their handbook
@@ -43 +40 @@
 
 
-* HTTPS using Lets Encrypt
+== HTTPS using Lets Encrypt
 
-darkblue_b sez'  Board Members, List Members, all -
+'''darkblue_b''' sez'  
+  Board Members, List Members, all -
 
   Today I asked Yuvi Panda, lead dev at Wikimedia Labs, a 
@@ -61 +59 @@
   FSF isn't a CA and I don't think they have any intention of being one
 
+--
 
 
-* Generating Internal Certificates with openssl
+{{{
+
+Date: Tue, 03 Nov 2015 10:54:01 -0800
+From: Brian M Hamlin <maplabs@light42.com>
+Reply-To: Brian M Hamlin <maplabs@light42.com>
+Subject: Re: Let's Encrypt
+To: Seth David Schoen <schoen@eff.org>
+Cc: larrys@dakotacarto.com
+
+Hi Seth -
+
+ 
+
+  I wrote to Peter very shortly after our email exchange, but I have not heard anything back.
+
+Basically, I can sum up our inquiry this way --
+
+ 
+
+  * OSGeo.org wants to participate in  Let's Encrypt
+
+  * OSGeo.org may want to purchase PKI certificates from a Certificate Authority, to sign binaries for WIndows and Mac
+
+      which CA to choose ?
+
+  * in general, PKI certificates in line with your current thinking while we setup some new servers  (mainly at OSUOSL)
+
+ 
+
+thanks --Brian
+
+
+
+On Tue, 20 Oct 2015 11:19:23 -0700, Seth David Schoen <schoen@eff.org> wrote:
+
+    Hi Brian,
+
+    Thanks for your interest in Let's Encrypt! I'm on sabbatical so you
+    should probably try Peter Eckersley <pde@eff.org> if you have further
+    questions.
+
+    I hope Let's Encrypt can be useful to OSGeo, but in answer to your
+    question, we're planning to do only TLS server certificates and not
+    any other kind of certificate (for example, we're not planning to
+    offer code signing certificates). All of our certificates will be
+    Domain Validation only and will be free of charge. They should be
+    available to the public during the week of November 21, and there's
+    a beta program now that's going to be issuing live certificates to
+    users before then. It should still be possible to join the beta,
+    but I can't guarantee how soon before general availability you would
+    end up getting access (it might even turn out to be around the time
+    of general availability).
+
+    -- 
+    Seth Schoen <schoen@eff.org>
+    Senior Staff Technologist https://www.eff.org/
+    Electronic Frontier Foundation https://www.eff.org/join
+    815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107
+
+
+
+
+--
+Brian M Hamlin
+OSGeo California Chapter
+blog.light42.com
+
+}}}
+
+
+
+
+