x509's or ????
I am trying to figure out a way to tame the password beast. Is there something I can do along the lines of an SSL cert or a GPG key that I could use to sign the website in question and use that key as long as I want? Things like banking and secure transactions and then on the other end we have mundane transactions that need to be taken care of too. This for the sake of argument would be two keys/certs. I guess some sort or assymetric/symetric password would also need to be done, but as long as the certificate is in hand the transaction can occur. I'm not picking anybody out but I bet Lisa answers first *grinz* ;) Vi^3PP -- This is a GNUPG signed and/or encrypted email. If it does not reach your inbox properly validated, then most likely someone has tampered with the contents in transit. Please verify by phone if you believe that is the case. Return of encrypted emails by GNUPG highly encouraged. RTF, TXT, PDF, LA/TEX and DJVU files gladly accepted inline or by attachment. 0xD537A8E1 NOTE: I do NOT send out mass mailings for social networking sites and other forms of SPAM. Confidentiality is never guaranteed in unencrypted means, regardless of notice or not. Windows Version: ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.10b.exe 0xD537A8E1.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
x509's or ????
On Tue, 17 Nov 2009, GK wrote: I am trying to figure out a way to tame the password beast. Is there something I can do along the lines of an SSL cert or a GPG key that I could use to sign the website in question and use that key as long as I want? The internet police will not come and arrest you for using a self-signed SSL certificate with a very long expiration date -- I would probably avoid going into 2034, though as supporting subsystems may balk. I'm not picking anybody out but I bet Lisa answers first *grinz* ;) yeah -- probably -- Russ herrold --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: x509's or ????
I also think Lisa will have something to say... ducks / On Tue, Nov 17, 2009 at 3:42 PM, R P Herrold herr...@owlriver.com wrote: On Tue, 17 Nov 2009, GK wrote: I am trying to figure out a way to tame the password beast. Is there something I can do along the lines of an SSL cert or a GPG key that I could use to sign the website in question and use that key as long as I want? The internet police will not come and arrest you for using a self-signed SSL certificate with a very long expiration date -- I would probably avoid going into 2034, though as supporting subsystems may balk. I'm not picking anybody out but I bet Lisa answers first *grinz* ;) yeah -- probably -- Russ herrold --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss -- Eric Cope http://cope-et-al.com --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: x509's or ????
Technically, the GPG will sit in the SSL cert that the client and host trade back and forth to create the https session. While there are security issues to be aware of what you want to accomplish can be done with SSL Certificate (x509) Brian On Tue, Nov 17, 2009 at 3:30 PM, GK gm5...@gmail.com wrote: I am trying to figure out a way to tame the password beast. Is there something I can do along the lines of an SSL cert or a GPG key that I could use to sign the website in question and use that key as long as I want? Things like banking and secure transactions and then on the other end we have mundane transactions that need to be taken care of too. This for the sake of argument would be two keys/certs. I guess some sort or assymetric/symetric password would also need to be done, but as long as the certificate is in hand the transaction can occur. I'm not picking anybody out but I bet Lisa answers first *grinz* ;) Vi^3PP -- This is a GNUPG signed and/or encrypted email. If it does not reach your inbox properly validated, then most likely someone has tampered with the contents in transit. Please verify by phone if you believe that is the case. Return of encrypted emails by GNUPG highly encouraged. RTF, TXT, PDF, LA/TEX and DJVU files gladly accepted inline or by attachment. 0xD537A8E1 NOTE: I do NOT send out mass mailings for social networking sites and other forms of SPAM. Confidentiality is never guaranteed in unencrypted means, regardless of notice or not. Windows Version: ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.10b.exe -BEGIN PGP PUBLIC KEY BLOCK- Version: GnuPG v1.4.10 (GNU/Linux) mQGiBEoZpcQRBACezcEEEQKeW0q8X3QXqtMyVDQazAoF0bUxFriJLdr/jmcnm51n USRhHsqegp7vJuMqw273sa0UqX5OV5nTd2HEh+rxdaHhEepUfZr5kPnMN2l/XvgK yH2mmbo6Fpv6dX8gZ/TtPcrRPaxhYTtZ6Ds1z2dPxgwm8+NZD7a8nZMyNwCgzZh5 LgQTOv81a0+CtdQpqYSNfkcD/Av6zFR1cuDY0rop1aFAUocdUdyNJ9patRoIZ7bZ rhWV3K0B33HRPHyELa98xh3nKTDYjdShpRGmU0M3D62/YB4NLRnLJaNu2IdC4hn4 dUIEw19RGkJsHBFi5w87EhJHogow3tIFopJ6CXWmrkMGnfWbnyy3Q3Xw9PX4sKJh soAaA/455tusVynpIru++khkARSRCMRcLP1aeL6+ivxla9Al9TsATLY0ve8oUnkV ivl9zvPqQFq1TsMwgCtzbCxq12JV6Mxo5dhA/fY2++w0qomt791Z6IB65icFkw4j lPQgAwCj59fX0S9SRZgpq90FSDEyZAugjo2+GzvAAD8n8JvDerRKVmleM1BpcmVQ ZW5neSAoNS0yNC0wOSBQcmVjZWRlcyBhbGwgb3RoZXIgcHVibGljIGtleXMuKSA8 Z201NzI5QGdtYWlsLmNvbT6IYAQTEQIAIAUCShmlxAIbAwYLCQgHAwIEFQIIAwQW AgMBAh4BAheAAAoJEIEazBTVN6jhBhUAn0lOMspLEZhVCgKNuUniGfNT5ZqqAJ9e 13f62fAwFYUF/5tNxyJ9ZeMKvbkEDQRKGaXEEBAAqXyVAk9Q2j2PwDhE9U90RNIi isOcBv+GkI5I9BPxQTnpes9gUQlqoH7pgP2JiUgRtGwCBEUuFbQH7gtrwLASoWaa TzgNNmOK4YRKxO3YyaDIGNRPy500Ol9VHUFNZjIP9VWop3g2uAN1CXdzusHLjkN1 pwdilsy14mzYl1aQ8PzDgMPluMgq5slTISb4FfaVDgv8gO1nYBc3O+4kCXiZIyX6 f4wjcaF392qnGHao/aWemoYSHRnbUxZ9eg2+wkfNV5s9eO/F62E1Fcs56lh0YI/N ZaI1GdvlLEDx+7X+CLknCngZoEMG6uvvF4jpK5sq07wgy0EJ4rDdq8VDT7aneAUB sBzk3Mr3yUzgTLCMwSfP+obrv7q2r4CrYEo2yINjcmyKABXl/KHLaRskysk9rUls hpoRstt9wuqQyrtRxZm5wluUgKH926Z6z5PRcCxXe9Q8rUiAMtgHUM6594Z5csDl RBA/WirsFtPl3g59G3UoSdkPdlVOlXId5ogMNI6Za0w3ycLCLPQklkF8N4zvi9mh Ti6YPYIXm1nCaNIvqVuO6LKV5AWuw5nmOtpth9BW/+2LtC3MAMer1xpHVshCKWJj bTVj1gg5vD89yd/muQ1ujPiiD3WXQFSpozXo5mCwWFITUXJsSW5M/DVkl/ug4WAd FRZPNCA3WUNtoxMU7bsAAwUP/RsI1jmHV24t+EwnsP/RVMpwkMa/7m41tNlMW5ph kNfqSwpXwdkL3883pdfR67fD4c6j5JjIzQx5YDe8HTdMXQVpmpKuSp+8snVVaTsK 2jXj57GIOoyqXmRHLaUPed8g/MVbkXnIWUrKWAVqCPiZI5e91UAswehKZgZx1Paz nbzeugaM3UodzorwZsgh80qe+61/8iz6lggVuGzuRGOIGin8+vyY0RKnLz4F/Vz5 7iIpvdp20p/Dpjn3kXhcgikR3wZ8AIITV1aTaeDXlLA1tRr8lSrRdjV8tE3oAAQu lMAIK4Jr1g6VZI9kLpUXY23F9u35d6b5sZ/BuMaV4Xk/O+DErny8DZatn4S7C8vw uojB75j1o0R+6V0nfXOc931OOvmQWk1Uwu7hLeThTYa2Ij4BuWyQ0uRVs0D07nWm zUubamfQK+pSHF1fEoTM6m9kzS11RL884UpdBQUxumTBXoOVtegk+P0dLd50KTKz RqBmc/sBmhVjVmAQo/5iCWZkAIJ4dlpJWH+ylAHlOuSIbLfa9eCy9m9XeF0syUfV A2mABvVJsJgf/eVkkg4VRcvkUqJQfWJfV9qVENvUoK0WAYSpRmfg+K7dnylkqI+g 4bBKKQsyFhZZWRwHN2YOuaKHy5UESDCuS+9H7SSeRcyBnZpyG1l9pp8mxA/Xm/2t K5aOiEkEGBECAAkFAkoZpcQCGwwACgkQgRrMFNU3qOEhUQCff+yxHA8DuY8lxnMq 2U6Ba8kr7swAnizBGZXXeyAR9TSdSyVfBi8XvBma =IbuK -END PGP PUBLIC KEY BLOCK- --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: x509's or ????
On Tue, 17 Nov 2009, Eric Cope wrote: I also think Lisa will have something to say... ducks / I am probably beyond her range atm ;0 - R --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: x509's or ????
LOng term certs (x509s) would be great. I'm looking/wanting to do like an old style kings ring stamp electronically so I don't have to fill out all the BS. I really don't know if its possible. I have seen some password generators that have like a master key and create subkeys based on website. Most of them that I have seen are java based, and java leaks information so I wouldn't trust it as far as I can throw it. I already manually have my bands of passphrases that are used depending on what they are being used for at the time. OTR is cool, and I have used tokens at work before. I'm becoming more mobile and I can guarantee the security on my boxen but not necessarily the network I am on. So I have had to find secure methods of communication at least until it reaches another server out of my direct IP zone. This in turn would mean that whats coming to me once it hits certain servers is coming into me secure. I recently sat in my house and turned on wireshark to see what was in the air around here. It's pretty enlightening to say the least. Oh the wonders of trying to keep yourself free from those that want your personal data for their use. Vi^3PP -- This is a GNUPG signed and/or encrypted email. If it does not reach your inbox properly validated, then most likely someone has tampered with the contents in transit. Please verify by phone if you believe that is the case. Return of encrypted emails by GNUPG highly encouraged. RTF, TXT, PDF, LA/TEX and DJVU files gladly accepted inline or by attachment. 0xD537A8E1 NOTE: I do NOT send out mass mailings for social networking sites and other forms of SPAM. Confidentiality is never guaranteed in unencrypted means, regardless of notice or not. Windows Version: ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.10b.exe 0xD537A8E1.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss