OpenSC @ FOSDEM 2011

OpenSC @ FOSDEM 2011

• What, Where, When?
  • FOSDEM 2011, February 05-06 2011, Brussels, Belgium. Security / hardware crypto devroom took place on Saturday, 05.02.2011 in room AW1.105, from 13.00 to 19.00.
• Why?
  • To raise the awareness of OpenSC and smart cards in general; to meet with other developers and promote integration; to meet with a wide audience and hear their thoughts and needs; to have fun and enjoy Belgian beer. (thread on opensc-devel).

Activities

• Devroom, “Security and hardware cryptography” (see below), with talk(s) about OpenSC/smart cards ecosystem/PKCS#11
• A dinner in the evening

Schedule

• Official schedule of the devroom: http://fosdem.org/2011/schedule/track/security_hardware_crypto_devroom

Time	Code	Topic	Slides	Video
13.00-13.15	A	Setup, short introduction of presenters	[attachment:FOSDEM_INTRO.pdf slides (pdf)]	video
13.15-13.45	C	Smart card jungle	[attachment:01_jean-michel.pdf slides (pdf) ]	video
13.45-14.15	D	SSH libraries: SSH vs TLS; libssh	[attachment:SSH_libraries.pdf slides (pdf)]	video
14.15-14.45	J	libcurl: Supporting seven SSL libraries and one SSH library	"slides (slideshare) ":http://www.slideshare.net/bagder/libcurl-seven-ssl-libraries-and-one-ssh-library	video
14.45-15.00	N	CyaSSL: why it is different	slides	video
15.00-15.30	I	Fribid and browser security software	[attachment:FriBID-FOSDEM-2011.pdf slides (pdf)]	video
15.30-16.00	F	EJBCA and OpenSC	[attachment:ejbca-opensc-1.odp slides (odp)]	video
16.00-16.30	H	Unifying access to PKCS#11 tokens	[attachment:talk-199.pdf slides (pdf)]	video
16.30-17.00	G	How to store Trust: Trust assertions in PKCS#11	[attachment:trust-assertion-notes.ps slides (ps)]	video
17.00-17.30	K	BOFH meets SystemTap: rootkits made trivial	[attachment:systemtap-bofh-fosdem2011020501.pdf slides (pdf)]	video
17.30-18.00	E	Dynalogin: two-factor authentication with HOTP.	[attachment:dynalogin.pdf slides (pdf) ]	video
18.00-18.15	M	OpenSC in 2015 – future vision	[attachment:FOSDEM_OPENSC.pdf slides (pdf)]	video
18.15-19.00		Open Discussion Panel	N/A	N/A

Open discussion continued at a nearby bar and then in a nearby restaurant.

Video Recordings

Kai Engert kindly recorded the presentations and made them available through BitTorrent at http://kuix.de/misc/fosdem_2011_talks_webm.torrent
Please keep your BitTorrent client running after download as to help share the bandwidth cost. Alternatively the videos can be downloaded one by one here.

Proposals / submissions

• A (15m) Set up of tech, introduction of talkers and some words for participants.
• B (30m, Jean-Michel Pouré) Smart card training session. Installing OpenSC. 50 tokens will be available for the audience. webpage.
• C (30m, Jean-Michel Pouré) Smarcard jungle. Presentation of the various frameworks. This presentation is intended to explain how difficult it is to use the various frameworks and that we should work together to make crypto and security easier.
• D (30m, Aris Adamantiadis) SSH libraries : what they can do for you, and how different SSH is from TLS/SSL. Specific case of libssh : its API in two words, features and roadmap. (mailing list post)
• E (30m, Daniel Pocock) dynalogin: two-factor authentication with HOTP, integrating with other products (mailing list post)
• F (30m, Tomas Gustavsson) EJBCA and OpenSC (mailing list post), [attachment:ejbca-opensc-1.odp presentation]
• G (30m, Stef Walter) How to Store Trust: Trust Assertions in PKCS#11 (mailing list post)
• H (30m, Nikos Mavrogiannopoulos) Unifying access to PKCS#11 tokens (mailing list post)
• I (30m, Samuel Lidén Borell) Fribid and browser security software (mailing list post)
• J (30m, Daniel Stenberg) “Supporting seven SSL libraries and one SSH library” – how libcurl does to support them all and something about their differences (mailing list post)
• K (30m, Adrien Kunysz) BOFH meets SystemTap: rootkits made trivial (mailing list post)
• M (15m, Martin Paljak) OpenSC in 2015 – a future vision.
• N (15m, Larry Stefonic) CyaSSL mailing list post)

Participants (not necessarily presenters)

• Aris Adamantiadis (libssh)
• Andreas Jellinghaus (OpenSC)
• Andreas Schneider (libssh)
• Daniel Pocock (dynalogin)
• Daniel Stenberg (libssh2, libcurl)
• Jean-Michel Pouré (Gooze)
• Kai Engert (NSS)
• Larry Stefonic (yaSSL)
• Martin Paljak (OpenSC)
• Nikos Mavrogiannopoulos (GnuTLS)
• Peter Koch (OpenSC)
• Peter Stuge (OpenSC, libssh2, OpenSSH-portable)
• Simon Josefsson (GNU SASL, GNU Shishi, GNU GSS, HOTP Toolkit, GnuTLS, libssh2)
• Stef Walter (!GnomeKeyring)
• Tomas Gustavsson (EJBCA)
• Emanuele Pucciarelli (OpenSC)

Devroom

This was proposed to the FOSDEM people, fields in bold went into the application. (Confirmation e-mail)

• devroom name: “Security / hardware crypto keys”
• topic, goals and target projects
  • see above “Why?”
  • as long as there is software that has a “key_file …; certificate_file …;” stanza in the configuration file and does not work with hardware based keys, there is progress to be made.
  • to map the open source software scene and promote interoperability.
  • to promote and help developers integrate with crypto the “best possible way” and share best practices
• related projects and participants:
  • OpenSC
    • To have seamless support in applications for cards supported by OpenSC, either pre-personalized with created with pkcs15-init or some other mechanism.
  • NSS (confirmed, Kai Engert)
    • resonates with NSS Shared DB and Fedora crypto consolidation efforts
  • EJBCA (confirmed, Tomas Gustavsson)
    • signing certificates via OpenSC PKCS#11, assuring that a relatively straightforward personalization/enrollment would be possible with OpenSC. Full cycle from generation to certification and destruction.
  • libssh (confirmed, Aris Adamantiadis, Andreas Schneider)
  • GnomeKeyring (confirmed, Stef Walter)
  • GnuTLS (confirmed, Nikos Mavrogiannopoulos and Simon Josefsson)
  • yaSSL (confirmed, Larry Stefonic)
  • libssh2 (confirmed, Peter Stuge, Daniel Stenberg & Simon Josefsson)
  • libcurl (confirmed, Daniel Stenberg)
  • GNU SASL, GNU Shishi, GNU Generic Security Service (confirmed, Simon Josefsson)
  • dynalogin modular and versatile two-factor authentication suite
  • OATH Toolkit – OATH HOTP/TOTP/etc implementation
  • Fribid
• comments
  • Martin: mailing list post

Brainstorm

• (martin) To catch the attention of developers, share a leaflet with the problem description while wearing a properly themed t-shirt with the message “Protect your privates!” and a complimentary condom. Would be quite funny and catchy, if some condom manufacturer donated a few hundred/thousand condoms for health (and tech!) education purposes.