OpenSC @ FOSDEM 2011
Table of Contents
- What, Where, When?
- FOSDEM 2011, February 05-06 2011, Brussels, Belgium. Security / hardware crypto devroom took place on Saturday, 05.02.2011 in room AW1.105, from 13.00 to 19.00.
- Why?
- To raise the awareness of OpenSC and smart cards in general; to meet with other developers and promote integration; to meet with a wide audience and hear their thoughts and needs; to have fun and enjoy Belgian beer. ( thread on opensc-devel).
- security-devroom@lists.fosdem.org mailing list.
- Call for participation (CLOSED) in the security devroom.
Activities
- Devroom, "Security and hardware cryptography" (see below), with talk(s) about OpenSC/smart cards ecosystem/PKCS#11
- A dinner in the evening
Schedule
- Official schedule of the devroom: http://fosdem.org/2011/schedule/track/security_hardware_crypto_devroom
| Time | Code | Topic | Slides | Video |
| 13.00-13.15 | A | Setup, short introduction of presenters | slides (pdf) | video |
| 13.15-13.45 | C | Smart card jungle | slides (pdf) | video |
| 13.45-14.15 | D | SSH libraries: SSH vs TLS; libssh | slides (pdf) | video |
| 14.15-14.45 | J | libcurl: Supporting seven SSL libraries and one SSH library | slides (slideshare) | video |
| 14.45-15.00 | N | CyaSSL: why it is different | slides (pdf) | video |
| 15.00-15.30 | I | Fribid and browser security software | slides (pdf) | video |
| 15.30-16.00 | F | EJBCA and OpenSC | slides (odp) | video |
| 16.00-16.30 | H | Unifying access to PKCS#11 tokens | slides (pdf) | video |
| 16.30-17.00 | G | How to store Trust: Trust assertions in PKCS#11 | slides (ps) | video |
| 17.00-17.30 | K | BOFH meets SystemTap?: rootkits made trivial | slides (pdf) | video |
| 17.30-18.00 | E | Dynalogin: two-factor authentication with HOTP. | slides (pdf) | video |
| 18.00-18.15 | M | OpenSC in 2015 - future vision | slides (pdf) | video |
| 18.15-19.00 | Open Discussion Panel | N/A | N/A |
Open discussion continued at a nearby bar and then in a nearby restaurant.
Video Recordings
Kai Engert kindly recorded the presentations and made them available through BitTorrent at http://kuix.de/misc/fosdem_2011_talks_webm.torrent Please keep your BitTorrent client running after download as to help share the bandwidth cost. Alternatively the videos can be downloaded one by one, see below.
Proposals / submissions
- A (15m) Set up of tech, introduction of talkers and some words for participants.
- B (30m, Jean-Michel Pouré) Smart card training session. Installing OpenSC. 50 tokens will be available for the audience. webpage.
- C (30m, Jean-Michel Pouré) Smarcard jungle. Presentation of the various frameworks. This presentation is intended to explain how difficult it is to use the various frameworks and that we should work together to make crypto and security easier.
- D (30m, Aris Adamantiadis) SSH libraries : what they can do for you, and how different SSH is from TLS/SSL. Specific case of libssh : its API in two words, features and roadmap. ( mailing list post)
- E (30m, Daniel Pocock) dynalogin: two-factor authentication with HOTP, integrating with other products ( mailing list post)
- F (30m, Tomas Gustavsson) EJBCA and OpenSC ( mailing list post), presentation
- G (30m, Stef Walter) How to Store Trust: Trust Assertions in PKCS#11 ( mailing list post)
- H (30m, Nikos Mavrogiannopoulos) Unifying access to PKCS#11 tokens ( mailing list post)
- I (30m, Samuel Lidén Borell) Fribid and browser security software ( mailing list post)
- J (30m, Daniel Stenberg) "Supporting seven SSL libraries and one SSH library" - how libcurl does to support them all and something about their differences ( mailing list post)
- K (30m, Adrien Kunysz) BOFH meets SystemTap?: rootkits made trivial ( mailing list post)
- M (15m, Martin Paljak) OpenSC in 2015 - a future vision.
- N (15m, Larry Stefonic) CyaSSL mailing list post)
Participants (not necessarily presenters)
- Aris Adamantiadis (libssh)
- Andreas Jellinghaus (OpenSC)
- Andreas Schneider (libssh)
- Daniel Pocock (dynalogin)
- Daniel Stenberg (libssh2, libcurl)
- Jean-Michel Pouré (Gooze)
- Kai Engert (NSS)
- Larry Stefonic (yaSSL)
- Martin Paljak (OpenSC)
- Nikos Mavrogiannopoulos (GnuTLS)
- Peter Koch (OpenSC)
- Peter Stuge (OpenSC, libssh2, OpenSSH-portable)
- Simon Josefsson (GNU SASL, GNU Shishi, GNU GSS, HOTP Toolkit, GnuTLS, libssh2)
- Stef Walter (GnomeKeyring)
- Tomas Gustavsson (EJBCA)
- Emanuele Pucciarelli (OpenSC)
Devroom
This was proposed to the FOSDEM people, fields in bold went into the application. ( Confirmation e-mail)
- devroom name: "Security / hardware crypto keys"
- topic, goals and target projects
- see above "Why?"
- as long as there is software that has a "key_file ...; certificate_file ...;" stanza in the configuration file and does not work with hardware based keys, there is progress to be made.
- to map the open source software scene and promote interoperability.
- to promote and help developers integrate with crypto the "best possible way" and share best practices
- related projects and participants:
- OpenSC
- To have seamless support in applications for cards supported by OpenSC, either pre-personalized with created with pkcs15-init or some other mechanism.
- NSS (confirmed, Kai Engert)
- resonates with NSS Shared DB and Fedora crypto consolidation efforts
- EJBCA (confirmed, Tomas Gustavsson)
- signing certificates via OpenSC PKCS#11, assuring that a relatively straightforward personalization/enrollment would be possible with OpenSC. Full cycle from generation to certification and destruction.
- libssh (confirmed, Aris Adamantiadis, Andreas Schneider)
- GnomeKeyring/Seahorse (confirmed, Stef Walter)
- GnuTLS (confirmed, Nikos Mavrogiannopoulos and Simon Josefsson)
- yaSSL (confirmed, Larry Stefonic)
- libssh2 (confirmed, Peter Stuge, Daniel Stenberg & Simon Josefsson)
- libcurl (confirmed, Daniel Stenberg)
- GNU SASL, GNU Shishi, GNU Generic Security Service (confirmed, Simon Josefsson)
- dynalogin modular and versatile two-factor authentication suite
- OATH Toolkit - OATH HOTP/TOTP/etc implementation
- Fribid (Free BiD)
- PLEASE ADD MORE
- OpenSC
- comments
Brainstorm
- (martin) To catch the attention of developers, share a leaflet with the problem description while wearing a properly themed t-shirt with the message "Protect your privates!" and a complimentary condom. Would be quite funny and catchy, if some condom manufacturer donated a few hundred/thousand condoms for health (and tech!) education purposes.
Attachments
-
talk-199.pdf
(133.3 KB) -
added by nmav 13 months ago.
Slides: Unifying access to PKCS#11 tokens
-
FriBID-FOSDEM-2011.pdf
(228.8 KB) -
added by samuellb 13 months ago.
Slides: FriBID and browser security software
-
systemtap-bofh-fosdem2011020501.pdf
(219.8 KB) -
added by Krunch 13 months ago.
BOFH meets SystemTap? presentation slides
-
ejbca-opensc-1.odp
(2.2 MB) -
added by shredder 13 months ago.
-
trust-assertion-notes.ps
(1.9 MB) -
added by stefw 13 months ago.
Slides: Trust Assertions and other PKCS#11 Glue
-
dynalogin.pdf
(99.2 KB) -
added by martin 13 months ago.
Dynalogin slides
-
FOSDEM_INTRO.pdf
(1.2 MB) -
added by martin 13 months ago.
-
FOSDEM_OPENSC.pdf
(376.3 KB) -
added by martin 13 months ago.
Slides: OpenSC in 2015
-
01_jean-michel.pdf
(792.4 KB) -
added by martin 13 months ago.
Slides: smart card jungle
-
SSH_libraries.pdf
(826.9 KB) -
added by martin 13 months ago.
Slides: SSH vs TLS; libssh
