I'm amused how much this is being upvoted, when it was died a few days ago with no decision. Then again, a few days ago no one had changed the title to mention launching nukes.
Since I'm assuming a CloudFlare person is watching this thread, I've been a bit curious about when they plan on releasing that database of SSL certificates they promised almost a year ago.
> Going forward, in addition to releasing the directory of intermediate SSL certificates on Github, we plan on releasing our SSL bundler as a free service so you can package up your SSL certificates as efficiently as possible, even if you're not using CloudFlare. Just one more way we're working to make the web fast and safe.
That looks like a very cool project, and they got a decent amount of attention over it. It would be nice to see some follow through on those plans to release it.
Edit: looks like it needs to be cleaned up a bit and then we'll release it. Seeing if we can get someone on the team to take it on and get it out in the next few weeks.
Red October is based on combinatorial techniques and trusted cryptographic primitives. We investigated using complicated secret primitives like Shamir's sharing scheme, but we found that a simpler combinatorial approach based on primitives from Go's standard library was preferable to implementing a mathematical algorithm from scratch.
Which seems like a reasonable choice for smallish numbers of keys/sharers, especially given the data they're encrypting isn't exactly huge.
Are there good libraries (for any language) implementing shared secrets?
It's exactly the algorithm I've decided to implement in one of my projects [1][shameless plug]. And although secret sharing is maybe not directly easy/relevant to implement in their context and for their type of use it would nevertheless be worth investigating what is currently done and is maybe related in the academic papers such maybe as [2]. At least it could give some ideas.
Is a persons biometric signature something that can be legally compelled to be used by a company, if that person quits or go AWOL?
If an employee/agent has ownership of a text keyfile (assuming no company controlled backups exist), the company could look to police/courts about property theft. But biometric seems a bit different.
Since I'm assuming a CloudFlare person is watching this thread, I've been a bit curious about when they plan on releasing that database of SSL certificates they promised almost a year ago.
> Going forward, in addition to releasing the directory of intermediate SSL certificates on Github, we plan on releasing our SSL bundler as a free service so you can package up your SSL certificates as efficiently as possible, even if you're not using CloudFlare. Just one more way we're working to make the web fast and safe.
http://blog.cloudflare.com/what-we-just-did-to-make-ssl-even...
That looks like a very cool project, and they got a decent amount of attention over it. It would be nice to see some follow through on those plans to release it.