Issues, Design Needs
- User - Server
- Server - Server
- Storing the data
- Logs
- Usability and users freedom of movement
Hosting
- Logs
- Uploading
- Scripting language exploits
- https
- Certificates
- Shell accounts
- Physical location of servers
Security Elements
- Tech
- Social
- Admin
- Political
Tech focused was focused on:-
What should be included in a security certificate
Webmail
- Patches...
- to identify starttls headers
- no outgoing ips in the headers
- session fixation attacks (easy to attack webmail - but there is a plug in to solve)
- session storage (users shouldn't have access to /tmp for example)
- cookie storage (should not be in url either) also no sensative data in them - make sure not using program that does this
- https only (issues with https only - slow on old hw and sw)
SSL Certificates
- verification: cacert, caa, many groups (tended to happy with cacert, but much discussion)
- unlocking certs: private key - storage
- unlocking certs: private key - storage (issues with old hardware and software - tech solidarity) (only ie use the strong one that riseup want to use - can't log the conversation an replay)
Logs
Logs are evil / Logs are useful / Logs are needed by law
- software: syslog-ng-anon, mod_noip, postfix-anon, postgrey-anon, sqpuirellmail-anon, imp-anon
use of logging example http://losvigilantes.nodo50.org/infoenglish.html
- "to reduce user data in logs"
- "to make them hard to get / secure"
- Levels of the standard?
Other
- No SSH except to vservers
- what has to be on an encrypted partition