< Notes...

Not long ago, I noted about the InCommon mess. It is worth repeating that it is certainly not something that was “done carefully”. Last Friday, after quitting time, I got an email from Sectigo—the CA InCommon is migrating away from—that reads, amongst other things:

As schools plan their response to InCommon’s forced migration, many are taking a moment to do their due diligence before locking into a long-term commitment.

This isn’t just a vendor swap, it’s a change in Certificate Authority and backend, which can have lasting operational impact. Changing CAs and backends is not the simplest path forward.

Does that sounds like there is no war at Ba Sing Se?

cryptography rants work

“After careful evaluation, InCommon has decided to transition from our current platform provider, Sectigo, to CertiNext for our certificate authority (CA) services. This transition will better position InCommon to address changes in the certificate industry more broadly and will be completed by July 17, 2026.”

Wait, wut?! Do that sounds like something done carefully? It breaks everything we have built around certificate automation, and more. What an extraordinary clusterf*ck, InCommon!

cryptography rants work

If I were Satoshi, I would denied it too. For someone that has tried, and is still trying, to remain anonymous, denying it would be the first thing to do after being exposed. There can also be that he, indeed, isn’t Satoshi. Or is he?

cryptography tubes

Today, Apple announced iPhone and iPad are the first and only consumer devices in compliance with the information assurance requirements of NATO nations. This enables iPhone and iPad to be used with classified information up to the NATO restricted level without requiring special software or settings — a level of government certification no other consumer mobile device has met.

This is quite nice, and as an Apple fanatic it makes me happy (proud?). Long live NATO—for as long as it is needed, that is.

apple cryptography

Even though I moved away from using 1Password in 2023, Horsie wasn’t able to do so. With their upcoming price increase she now promises, for sure, “cross my heart and hope to die”, to she will stop using it before our next renewal date comes up (November 2026).

apple cryptography horsie tech

“So secure was the annual contest to fill three director and four officer positions that when one trustee lost his cryptographic key to unlock the results, the error made it impossible.”

The International Association of Cryptologic Research election was so secure , that its results couldn’t be known. Now, that’s one way to do it, ain’t it?

cryptography humour

Even though I was able to move away from using 1Password back then, Horsie wasn’t, or didn’t. So, here we are, two years after, and a $59.85 subscription renewal coming up on 23 November. Of course she promises this year will be the last. 🙄

apple cryptography horsie

When it comes to encryption, I have always used PGP, now GnuPG. All my files, now stored on Apple’s iCloud, are encrypted with it. Using that tool has widthstood the test of time. Lately, mostly because of size (program and key), portability, and lack of dependencies, I have been considering re-encrypting everything with age. My only worry is, will age widthstand the test of time too?

cryptography tech

Not long ago I mentioned SecretDrop. On the same cryptography/encryption topic, I have also found FileKey, and its GitHub repository, which I think is very neat. It is also pretty simple to selfhost.

cryptography

Found SecretDrop.io, and its corresponding GitHub repository, which I find useful enough to be considering to selfhost. I would like the interface to be less flashy, and minimal (the FAQ, for example, is way too verbose for my liking). Maybe I can change that a little.

cryptography

I have tried a few encryption and digital signature tools in the past. Each and everyone of them have found the same fate: abandonware. Not too long ago there was miniLock. Gone. Then came Keys—oh, so nice! Gone.

The only one that hasn’t let me down, and the reason why I will no longer look for another tool, is GnuPG, a free implementation of the OpenPGP standard. Regardless of the flaws some might find in it, it works quite well, and I am sure it will continue to for the foreseable future.

cryptography

Found the FIDO News article, which is missing on the Microsoft blog I mentioned on the previous note. Now, “15 billion online accounts” is more likely!

cryptography tech

“According to the FIDO Alliance, more than 15 billion user accounts can now sign in using passkeys instead of passwords. But we need billions more to make every sign-in passwordless.”

Does that makes any sense at all? I mean, 15 billion accounts, sure. But 15 billion user accounts, not a chance. They quote the FIDO alliance, but provide no link their alleged statement.

cryptography rants tech

On Keys.pub, I knew it. I emailed Gabriel early 2022 when I saw the project slowing down. I just can’t describe how easy, and clean, and streamlined the app is (yes, it works like it did on its best days).

BEGIN SALTPACK SIGNED MESSAGE. kXR7VktZdyH7rvq v5weRa0zkDCU2lW iMkdfIdqh3M2CpZ m9XIcrqT60yyh90 6ZjZBnea32okiLQ DDoeC9rTPTnIP8a JR9OieJF8tUzb5D AnXAhpm64p4eWNQ wgToLoxtGksKfsj L6trUfotLUwhrQ2 sGs9ZxkAqwRSlqx S2tUNq27ZxjiKVT k65tuXtGnef1rax dRZOp0EL4BFN2rX rOBUKDnUMhpRJXx LnurairmqvNgyz1 FQqblgToiEtKTde 9kNRqN2wpU7HDpp N9NuVSYxyrtJRja VFwpzEPEjFYl058 w7ecu0kz3uDS2by iRNWdP3uPGeekfo xJ1eSKkMe44jXF7 8L. END SALTPACK SIGNED MESSAGE.

cryptography tech

On Keys.pub:

“Unfortunately, this project is not currently being worked on. I may revisit this in the future, if you would like to sponsor development or hire me please reach out at gabriel@keys.pub.”

So sad. I really wanted to place all my eggs on this basket, I had started to. Back to the reliable gpg for now.

cryptography tech

As a sign that I wasn’t kidding when I said I would move from 1Password to iOS Passwords, I have now done so. This weekend I will dedicate some time, and clean my list, making sure all important stuff works and, once that’s achived, I will get rid of 1Password, and cancel my subscription.

apple cryptography tech

I have decided to move from 1Password (for which I pay a yearly subscription) to iOS native Passwords before the year is over. The ability to share passwords with family tilted me over. I will not wait for Passwords to become an app of its own—though I am sure that’s coming—because I don’t think that should hold me back now.

apple cryptography