Archive for August 2nd, 2014|Daily archive page

“An Open Audit of an Open Certification Authority”

An Open Audit.

The author, Ian Grigg is Independent Auditor for CAcert. This long work is worth going over. The abstract: 

How does a lightweight community Certification Authority (“CA”) engage in the heavyweight world of PKI and secure browsing?

With the introduction of PKI — Public Key Infrastructure — as a framework that brought together cryptography, contract law, and institutional views from postal and telecommunications ministries, the Internet security framework rapidly became too complex for individuals and small groups to deal with, and the Audit stepped into the gulf to provide a kinder face, in the form of a simple opinion or judgement call. Classically, the audit process oversights a CA for its suitability for reliance in the root lists of popular software distributions.

Yet, a community of Internet enthusiasts does not match the classical target customer of an audit: little money, loose structures, no deadlines, self-directed tasking, uncertain customer list, all inspired by an original goal of as many free certificates as you can use. Internet communities can make up for an apparent lack of professionalism with enthusiasm, numbers, loyalty and innovative thinking, but does that help or hinder a formal, criteria-directed audit process?

This talk tracks the systems audit of CAcert, an open-membership CA, as a case study in auditing versus the open Internet, community versus professionalism, quality versus enthusiasm. It will walk through the background of “what, why, wherefore an audit,” look at how CAcert found itself at this point, and then walk through some big ticket items: risks/liabilities/obligations; assurance and what’s in a name; disputes and reliance; privacy and data protection; the mission of a CA; open governance; and systems and security.

Can CAcert deliver on its goal of free certs? The audit is into its 3rd year as of this writing; and remains incomplete. Some parts are going well, and other parts are not; by the end of the year 2008, we should be able to check all of the important areas, or rethink the process completely. Hence, finally, the talk will close with progress and status, and recommendations for the future.

Improving performance on twitter.com (2012) | Twitter Blogs

Improving performance on twitter.com | Twitter Blogs.

Follows from Brehm’s article on isomorphic JavaScript, in which he discussed how modern JavaScript WebApps work. Twitter’s architectural change (taken back in 2012) was a relevant example because Twitter radically altered the fundamental logic of its operations and removing obstacles to “First Tweet.” It’s a fascinating account not only of the smart use of user data but also of architecture in the service of company goals. One would think that’d be standard but …. many companies don’t seem to know their goals, especially on the Web, and thus cannot really fix matters.

I actually don’t know what Twitter does now to render pages fast on desktops as well as on mobiles.

Spike Brehm (Airbnb) on Isomorphic JavaScript

There’s a reason this seemingly abstruse talk has proliferated across the Web. It’s a superb explication of a complex subject whose actual importance to us as consumers *and* producers was never quite so evident before.

The future of web apps is — ready? — isomorphic JavaScript | VentureBeat | Dev | by Spike Brehm.