[ilugd] Puppet Labs In India

[Jack Norman III]

Hi Guys,
My name is Jack and I work for Puppet Labs here in Portland Oregon! 
We are going to be hosting a Puppet 
public training class in Bangalore on August 24-26. 
The week prior to that our international trainer and 
DevOps believer Garrett Honeycutt will be in Delhi and 
wants to meet with local Linux users and DevOps 
followers.
He will also be staying after our training for the DevOps
meeting in Bangalore. If you would like to meet up
and talk please write me back and we can try to set something up.

My email is j...@puppetlabs.com

Garrett's personal website is www.garretthoneycutt.com

Also, to those interested in datacenter automation who might 
want to learn Puppet please email me as well 
or check out the event at 

http://puppet-training-bangalore-august-2011.eventbrite.com

Thank you all!

Jack Norman III
Puppet Labs | Portland, OR
Desk: 971-277-6822
Cell: 503-547-9555
Email: j...@puppetlabs.com
Website: www.puppetlabs.com

Join us for PuppetConf, September 22nd and 23rd in Portland, OR.


___
Ilugd mailing list
Ilugd@lists.linux-delhi.org
http://frodo.hserus.net/mailman/listinfo/ilugd

Re: [ilugd] DSC Registration for efiling

[Anand Shankar]

On Tue, Aug 2, 2011 at 5:44 PM, krish  wrote:
>> If u see the standards .pfx file is a pkcs12 file which contains the
>> public key as well as the private key!!
>> Am i wrong that innocent guys must have uploaded their private keys to
>> the income tax department?
>>
>> I wish to stand corrected.
>>
>
> Just took a closer look at
> http://hcpldsc.com/IT%20returns%20pdf/IT%20Return%20Without%20E-Token.pdf
> and it looks like although the private key is uploaded it still asks
> for its passphrase ( shown with password dialog in pdf )

Thats a good illustration of using a .pfx file for DSC registration.

But come on, all that encrypted keys are being taken as secure with a
simple password acting as the watchguard !! We all are too familiar
with the secure password keeping and the simple default passwords kept
by so many.

I still do not believe that a Private Key needs to be uploaded in any case.

There is still something missing because Department of Income Tax has
also published a writeup for registering DSCs.

https://incometaxindiaefiling.gov.in/portal/downloads10-11/itr/"Procedure
for Registration of Digital Signature and Upload of Income Tax Returns
using Digital Signature.pdf"

On Page 3 and 4 of this document they also mention the new
Interoperability guidelines issued by CCA, Govt of India. In essence,
what they say is that the DSC .pfx file should include the PAN number
encrypted.

http://cca.gov.in/rw/resource/dsc_guidelines_r2_4.pdf?download=true

On Page 50 of this document it states, for the Serial Number Attribute
of the end user DSC:

"This attribute should be populated with the SHA 256 hash of the PAN
number of the end user. The hash must be calculated for the PAN number
after deleting all leading and trailing blanks. In case PAN has not
been provided, this field must be omitted"

It seems, DSCs are still being issued without PAN encryption as
required above, nor there is guidance as to how to do it.

I am doubly sure that CCA can not make this mistake of approving
uploading Private Keys. But perhaps there are'nt as many technically
aware users who tried this route, so might have erred in their
procedure.

I wont suggest jumping to a conclusion right away, but perhaps some
more experienced users can throw some light.

Since I tried, there are some issues for the FOSS guys to take note of:

1. The site application requires Sun JRE. I ignored this, assuming
that the applet can run based on Icedtea / openjdk that my Fedora 14
system has, is a good and acceptable FOSS alternate. It was able to
successfully upload the DSC, but could not sign the XML. It generated
an error stating " Unexpected error: netscape.javascript.JSObject
cannot be cast to java.lang.String ". On my Ubuntu 10.04 however, I
could'nt even upload the DSC.

2. There is an excellent tool KeyManager, which is a Firefox addon [
https://addons.mozilla.org/en-US/firefox/addon/key-manager/ ]. This
includes an excellent writeup on the whole process and is a must read.

Sudev:

Please refer http://www.cryer.co.uk/file-types/p/pfx.htm for PFX
primer. PFX and PKCS#12 are related, in fact the Wikipedia article on
the subject PKCS says that PFX is a predecessor to PKCS#12.

For more details:

http://msdn.microsoft.com/en-us/library/ms867088.aspx

Here it also says that you can export a .pfx file without the Private Key.


End of the day, it still seems, implementations of digital signing of
Web based forms, need to have a more closer look for safety and more
"User Friendly" documents need to be in place.

anand

___
Ilugd mailing list
Ilugd@lists.linux-delhi.org
http://frodo.hserus.net/mailman/listinfo/ilugd

Re: [ilugd] DSC Registration for efiling

[krish]

On Sun, Jul 31, 2011 at 11:17 AM, Anand Shankar
 wrote:
> What appears to be strange is that they are asking to upload the DSC
> through a .pfx file or the usb token.
> If u see the standards .pfx file is a pkcs12 file which contains the
> public key as well as the private key!!
> Am i wrong that innocent guys must have uploaded their private keys to
> the income tax department?
>
> I wish to stand corrected.
>

Just took a closer look at
http://hcpldsc.com/IT%20returns%20pdf/IT%20Return%20Without%20E-Token.pdf
and it looks like although the private key is uploaded it still asks
for its passphrase ( shown with password dialog in pdf )

So, unless your private key isn't passphrase protected, you're really
giving it away.
I am still not comfortable to see that our key goes on that site;
unless they are flushing out all keys after filing / like 24 hours.
Any ideas anyone?

Hoping all DSC's, when created are passphrase protected ( I see a
password written on my USB token :D ) and I'm sure everyone in my CA's
office knows my token password.  FacePunch :X




-- 
Srikrishna Das
(krish at irc.freenode.net)

___
Ilugd mailing list
Ilugd@lists.linux-delhi.org
http://frodo.hserus.net/mailman/listinfo/ilugd

Re: [ilugd] DSC Registration for efiling

[Shayon Pal]

If any of you wish you write a feature on the same, I am willing to publish
it on Hindustan Times.

Regards,

*Shayon Pal**
Twitter:* @shayonpal 
*Flickr:* http://www.flickr.com/photos/shayon/
*Mob:* +91 99589 46497
*BB PIN:* 2373AA31



On Tue, Aug 2, 2011 at 4:00 PM, H.S.Rai  wrote:

> On Tue, Aug 2, 2011 at 1:20 PM, Kamal Dave 
> wrote:
> > This in effect nullifies authenticity vis-a-vis the whole concept
> > of digitally signing document/ e-return.  This issue should certainly be
> > raised with income tax officials.
>
> Don't you think news in paper will be more effective than dealing with
> official of IT department?
>
> --
> H.S.Rai
>
> ___
> Ilugd mailing list
> Ilugd@lists.linux-delhi.org
> http://frodo.hserus.net/mailman/listinfo/ilugd
>
___
Ilugd mailing list
Ilugd@lists.linux-delhi.org
http://frodo.hserus.net/mailman/listinfo/ilugd

Re: [ilugd] DSC Registration for efiling

[H.S.Rai]

On Tue, Aug 2, 2011 at 1:20 PM, Kamal Dave  wrote:
> This in effect nullifies authenticity vis-a-vis the whole concept
> of digitally signing document/ e-return.  This issue should certainly be
> raised with income tax officials.

Don't you think news in paper will be more effective than dealing with
official of IT department?

-- 
H.S.Rai

___
Ilugd mailing list
Ilugd@lists.linux-delhi.org
http://frodo.hserus.net/mailman/listinfo/ilugd

Re: [ilugd] DSC Registration for efiling

[Kamal Dave]

It is really strange that the income tax seeks the private key besides the
public.  This in effect nullifies authenticity vis-a-vis the whole concept
of digitally signing document/ e-return.  This issue should certainly be
raised with income tax officials.

Kamal Dave
Advocate

On Mon, Aug 1, 2011 at 9:51 PM, Mahesh T. Pai  wrote:

> Anand Shankar said on Sun, Jul 31, 2011 at 11:17:42AM +0530,:
>
>  > Have any of you done your income tax efiling with digital signature?
>
> What is the cost of a signature authentication from a
> what-are-those-guys-called?
>
>  > Strangely it asks you to register your digital signature certificate
>  > (DSC) before you proceed.
>  > That appears to be genuine that they want my CA certified Public Key
>  > and digital signature.
>  >
>  > What appears to be strange is that they are asking to upload the DSC
>  > through a .pfx file or the usb token.
>  > If u see the standards .pfx file is a pkcs12 file which contains the
>  > public key as well as the private key!!
>  > Am i wrong that innocent guys must have uploaded their private keys to
>  > the income tax department?
>
> Looks more like a case of misapplied standards - probably, non-free
> apps on non-free OSes (obviously) do not comply with the standards.
>
>  >
>  > I wish to stand corrected.
>
> --
> Mahesh T. Pai   ||
> "The greatest enemy of knowledge is not ignorance,
> it is the illusion of knowledge."
> --Stephen hawking
>
> ___
> Ilugd mailing list
> Ilugd@lists.linux-delhi.org
> http://frodo.hserus.net/mailman/listinfo/ilugd
>
___
Ilugd mailing list
Ilugd@lists.linux-delhi.org
http://frodo.hserus.net/mailman/listinfo/ilugd