working session report backs
nothing to report back. elijah met with himself and posted a draft at SecurityProtocolsWorkingGroup/DraftOne and introduced it.
Should have a preamble explaining the political as well as technical background.
Points to discuss:
- Acceptable cyphers for encryption
- Acceptability of enforcing encryption between the server and the user
- Additions for hosting section
- The acceptable certification authority/ies
- List of system data that should be encrypted
- _Logging_ difference of opinion and the laws; what is personal information; where can logs be stored if they are
- Backups... other best practice?
- Webmail gpg: if a server provides it, what level of safeguards should they have for the private key? store private keys using a one way hash and on encrypted partition...
- Technical server defence against attackers?
- Documentation: each item in the security protocols must have an easy howto, in multiple languages.
- Who controls network? Concern over the 'authority' which would be certifying servers.
- How do we hold each other accountable without having hierarchy?
- How political is the document which is mostly technical?
How to documentations, patches etc. to be part of the network/process to be followed up with more disussion, preferably once the italians are here - (they are expected to be here on wednesday) - Wed 15hr defending autonomous servers #3 the political struggle?
Meet at 22:00 tonight to work on an initial draft of a communique. who is interested? darkveggie, elijah, ???.