Those who are able to give up their freedom in order to gain short-lived protection from danger deserve neither freedom nor security.
— Benjamin Franklin
This digest is intended to increase the interest of the Community in the issue of privacy, which in the light of recent events becomes more relevant than ever.
Features of the OCSP protocol: why the Expect-Staple header is needed
We invite you to summer Medium Summer Meetup August 3 - a meeting of enthusiasts interested in information security, privacy on the Internet and the development of the "Medium" network
Remind me - what is "Medium"?
Medium (English Medium — “intermediary”, original slogan — Don't ask for your privacy. take it back; also in English word medium means "intermediate") - a Russian decentralized Internet provider that provides network access services I2P at no cost.
It was formed in April 2019 as part of the creation of an independent telecommunications environment by providing end users with access to I2P network resources through the use of Wi-Fi wireless data transmission technology.
"Medium" provides users with access to network resources free of charge I2P, due to the use of which it becomes impossible to calculate not only the router where the traffic came from (see. basic principles of "garlic" traffic routing), but also the end user — the Medium subscriber.
When creating a public organization, the community pursued the following goals:
Draw public attention to the issue of privacy
Increase the total number of transit nodes within the I2P network
Create your own ecosystem of I2P services that could replace the most common sites from the "clean" Internet
Create a public key infrastructure inside the Medium network to eliminate the possibility of man-in-the-middle attacks
Create your own domain name system for easier access to I2P services
More information about what "Medium" is can be found in relevant article.
Certificate Authority "Medium Root CA" introduces verification of certificates using the OCSP protocol
Not so long ago, the certification authority "Medium Root CA" in addition to the list of revoked certificates (CRL) provided network users with the ability to check certificates using the OCSP protocol.
OCSP (Online Certificate Status Protocol) is an Internet protocol for checking the status of an SSL certificate, which is faster and more reliable than previously done with CRLs (Certificate Revocation List).
The OCSP protocol works as follows: the end user sends a request to the server for information about the SSL certificate, and the latter returns one of the following responses:
good – SSL certificate has not been revoked or blocked,
revoked – SSL certificate has been revoked,
unknown - Failed to set the status of the SSL certificate because the server does not know the issuer.
Features of the OCSP protocol: why the Expect-Staple header is needed
Expect-Staple is an HTTP security header. Its purpose is to place a field inside the server's HTTP response in which you can tell the browser which address to write complaints to if the presence of OCSP Stapling is declared, but in fact it is absent or unavailable.
This header allows the service operator to configure the reception of OCSP Stapling failure information.
More useful information about OCSP Stapling can be found here.
We invite you to the Summer Medium Summer Meetup on August 3
Medium Summer Meetup is a meeting of enthusiasts interested in information security, privacy on the Internet and development networks "Medium".
Periodically, we meet to discuss the most important issues regarding projects being developed community, as well as exchange experience with the same enthusiasts.
We invite everyone who is interested in information security and privacy on the Internet to participate. Medium Summer Meetup - new knowledge, an opportunity to meet like-minded people and make many useful contacts. Participation is free of charge pre-registration.
Meetup will be held in the format of an informal discussion of the most pressing issues related to information security, privacy on the Internet and development networks "Medium".
What will we tell:
- "Decentralized Internet provider "Medium": educational program on general issues regarding the use of the network and its resources", Mikhail Podivilov
The speaker will tell what is and what is not a decentralized Internet provider "Medium", as well as demonstrate the capabilities of the network and explain how to properly configure network equipment and use network resources.
— “Security when using the Medium network: why you should use HTTPS when visiting eepsites”, Mikhail Podivilov
A report on why it is necessary to use the HTTPS protocol when using I2P network services when you are connected to the network through an access point provided by the Medium operator.
— “About the HyperSphere project and building self-organizing networks in practice: cases and software”, Alexey Vesnin
The speaker will talk about the HyperSphere project and cases of using such networks in practice.
The list of performances will be gradually supplemented.
LokiNet as an additional transport of the "Medium" network - to be or not to be?
Some time ago in the Community there was question raised on the use of the LokiNet network as an additional transport of the Medium network. It is necessary to discuss the feasibility of using this network in the project.
Ecosystem of services of the "Medium" network - the most necessary services and their development
At the moment, we are faced with an important task - to discuss the most necessary and demanded services within the network and their subsequent implementation.
Among them: mail service, blogging platform, news portal, search engine, hosting service and others.
Long-term plans for the development of the "Medium" network
All questions, in one way or another, related to the development of the “Medium” certificate and its resources.
… and other equally interesting questions!
You can suggest a topic for discussion in the comments to the publication.
Gathering of participants and registration: 11: 30 Meetup start: 12: 00 Approximate end of the event: 15: 00 Address: Moscow, metro station Kolomenskaya, Kolomenskoye park
You can render all possible assistance in establishing a free Internet in Russia today. We have compiled a comprehensive list of how you can help the network:
Tell your friends and colleagues about the Medium network. Share reference to this article in social networks or personal blog
Take part in the discussion of technical issues of the Medium network on GitHub