Hi Everyone, The Crypto++ Website, Wiki, and Source Control cut-over happened without much fanfare.
Crypto++ now resides in its own virtual machine, disgorged from shared hosting environments. The VM provides the WikiMedia software, so its hosting the Wiki too. Source control is now provided by GitHub, and that cut-over occurred back in June/July 2015. The links on the Home page have been updated. There's a CAcert (https://www.cacert.org/) issued certificate on the website, and the browser mixed-content issues have been resolved. Its hit-or-miss whether you will get browser warnings for CAcert warez. Firefox is OK, but Safari complains. The site's key fingerprints are: * SHA1: 77:61:4A:23:81:93:26:5A:34:2E:1E:BC:8A:C8:38:A9:85:A4:FD:90 * SHA256: A8:BC:CA:3F:BF:73:4A:80:18:5B:96:80:75:9B:30:AA:F4:A9:91:CB:8F:D6:AE:E0:13:28:30:CF:20:2A:ED:3C If needed/desired you an install the CAcert Class 1 Root Signing Certificate from https://www.cacert.org/index.php?id=3. The fingerprints of interest are: * SHA1 Fingerprint: 13:5C:EC:36:F4:9C:B8:E9:3B:1A:B2:70:CD:80:88:46:76:CE:8F:33 * MD5 Fingerprint: A6:1B:37:5E:39:0D:9C:36:54:EE:BD:20:31:46:1F:6B Don't get your feathers too ruffled over the CAcert. The web security model has bigger problems, so a little known CA is one of the least of our worries. The bigger problems include "interception is a valid use case", where user phishing is embraced; "Organizational Validated (OV) certificates", where organizations like Google or CNNIC mint certificates for web properties they don't own or control (and they did away with the third party auditor; and the audit trail never existed); and "Host Public Key Pinning with Overrides (RFC 7469)", where an attacker can break a known good pinset (and the reporting is suppressed, too). We are going to attempt to practice key-continuity for the site. That means the only time you should suspect a problem is when the public key changes. If the public key remains the same (and in the absence of a announced key compromise), you can assume everything is OK. Browsers are brain dead and and don't have minimal intelligence (they could have had it, but the HPKP Overrides destroyed the security property). Jeff -- -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
