From 5e29d53d1cf83168b7e82e7c12b28c8721aeb2a6 Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <lwirzenius@wikimedia.org>
Date: Mon, 22 Apr 2019 08:30:06 -0500
Subject: Add: pgptalk, docmaint

---
 docmaint.html |  26 +++++
 docmaint.mdwn |  80 +++++++++++++
 pgptalk.html  |  26 +++++
 pgptalk.mdwn  | 361 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 493 insertions(+)
 create mode 100644 docmaint.html
 create mode 100644 docmaint.mdwn
 create mode 100644 pgptalk.html
 create mode 100644 pgptalk.mdwn

diff --git a/docmaint.html b/docmaint.html
new file mode 100644
index 0000000..80b4fc5
--- /dev/null
+++ b/docmaint.html
@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <title>Maintaining documentation: RelEng</title>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
+    <style type="text/css">
+      @import url(https://fonts.googleapis.com/css?family=Yanone+Kaffeesatz);
+      @import url(https://fonts.googleapis.com/css?family=Droid+Serif:400,700,400italic);
+      @import url(https://fonts.googleapis.com/css?family=Ubuntu+Mono:400,700,400italic);
+
+      body { font-family: 'Droid Serif'; }
+      h1, h2, h3 {
+        font-family: 'Yanone Kaffeesatz';
+        font-weight: normal;
+      }
+      .remark-code, .remark-inline-code { font-family: 'Ubuntu Mono'; }
+    </style>
+  </head>
+  <body>
+    <script src="https://remarkjs.com/downloads/remark-latest.min.js" type="text/javascript">
+    </script>
+    <script type="text/javascript">
+      var slideshow = remark.create({sourceUrl: 'docmaint.mdwn'});
+    </script>
+  </body>
+</html>
diff --git a/docmaint.mdwn b/docmaint.mdwn
new file mode 100644
index 0000000..560138b
--- /dev/null
+++ b/docmaint.mdwn
@@ -0,0 +1,80 @@
+class: center, middle
+
+Maintaining documentation: RelEng
+=============================================================================
+
+What, who, how, when.
+
+---
+
+Problem
+=============================================================================
+
+The problem isn't that we have too little documentation.
+
+The problem is what we have too much, it's hard to find, and some of
+it is out of date or otherwise wrong.
+
+---
+
+A proposal
+=============================================================================
+
+* We take **ownership**.
+
+* We **write** docs.
+
+* We **maintain** docs.
+
+* We **update** docs.
+
+* We **fix** docs.
+
+* **Together**.
+
+* No question left unanswered by documentation.
+
+---
+
+class: center, middle
+
+It's more important that do documentation exists and answers questions
+that are asked than that it is great technical writing. A crappy
+document in broken English is better than nothing, as long as it
+doesn't mislead the reader.
+
+---
+
+class: left, middle
+
+**Accuracy, brevity, clarity**
+
+Simon Illyan, head of Imperial Security
+
+---
+
+In more detail
+=============================================================================
+
+* We **pick** the aspects of what we are responsible for, as a team,
+  and list the documentation that we or others need.
+
+* We **find or write** the documentation. Much of it probably already
+  exists.
+
+* We **make a list** of what we take responsibility for: if it's not
+  on the list, it's not our responsibility.
+
+* We **review** all documentation **regularly**, maybe once a quarter,
+  in a rotating fashion.
+
+* We make a **checklist** of what makes good documentation for us.
+
+* We make a **process** for dealing with other documentation that
+  touches our team's scope that we encounter. _Hunt it down and kill
+  it?_ (Or adopt it, or replace with a link to our own document?)
+
+* We make a **feedback loop** for documentation. When anyone asks
+  RelEng about anything, we check if the answer is in our
+  documentation and if not, create a task to improve the
+  documentation?
diff --git a/pgptalk.html b/pgptalk.html
new file mode 100644
index 0000000..28e6c20
--- /dev/null
+++ b/pgptalk.html
@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <title>PGP</title>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
+    <style type="text/css">
+      @import url(https://fonts.googleapis.com/css?family=Yanone+Kaffeesatz);
+      @import url(https://fonts.googleapis.com/css?family=Droid+Serif:400,700,400italic);
+      @import url(https://fonts.googleapis.com/css?family=Ubuntu+Mono:400,700,400italic);
+
+      body { font-family: 'Droid Serif'; }
+      h1, h2, h3 {
+        font-family: 'Yanone Kaffeesatz';
+        font-weight: normal;
+      }
+      .remark-code, .remark-inline-code { font-family: 'Ubuntu Mono'; }
+    </style>
+  </head>
+  <body>
+    <script src="https://remarkjs.com/downloads/remark-latest.min.js" type="text/javascript">
+    </script>
+    <script type="text/javascript">
+      var slideshow = remark.create({sourceUrl: 'pgptalk.mdwn'});
+    </script>
+  </body>
+</html>
diff --git a/pgptalk.mdwn b/pgptalk.mdwn
new file mode 100644
index 0000000..1a08915
--- /dev/null
+++ b/pgptalk.mdwn
@@ -0,0 +1,361 @@
+class: center, middle
+
+PGP
+=============================================================================
+
+Use of unnecessary swearing while using crypto software...
+has been approved
+
+**THIS IS A DRAFT AND WILL BE USED INTERNALLY AT WORK**
+
+---
+
+Everyday uses of PGP
+=============================================================================
+
+* email: sign, encrypt (all emails I send are signed by default)
+
+* git: signed tags, signed commits (for releases)
+
+* software releases: sign your tarballs, downloadables
+
+* SSH: you can use your PGP key as an SSH key
+
+    * I use a PGP subkey on my Yubikey for SSH
+
+* amaze people at parties, be an international celebrity
+
+---
+
+Threat models
+=============================================================================
+
+* Why would anyone attack **you**?
+
+    * you, your data, or your computing resources might be valuable
+    * you might be a stepping stone to another target, such as
+      your employer
+    * you might be an easy target
+
+* An attacker may want to...
+
+    * **impersonate** you
+    * **falsify** a file you need or provide, such as a software
+      download
+    * **eavesdrop** your communications to steal sensitive information
+
+* An attacker may be...
+
+    * a government: US, UK, Russia, China, etc, possibly illegally
+    * law enforcement, possibly illegally
+    * a large private organisation, possibly your employer
+    * a criminal organisation
+    * a minor criminal
+    * someone with too much time and a twisted sense of humour
+    * someone you know who doesn't like you
+---
+
+Defences
+=============================================================================
+
+* cryptography
+
+* widespread use of cryptography ("herd immunity")
+
+* general infosec and opsec: keep your devices secure, and don't
+  do stuff that leaves you open for an attack
+
+* this can be really difficult, depending who you are and who's
+  attacking you; if you're a desirable target, you need to learn to
+  be secure, but if you're not, a few basic precautions is enough
+
+* compare with driving
+
+    * if you're just running errands, you'll be OK after normal
+      driving lessons
+    * if you're in a Formula 1 race, you need to learn a lot more and
+      work hard to even be allowed in the car
+
+* if the attacker is sufficiently motivated or sufficiently
+  well-funded, and has sufficient time, you will probably eventually
+  lose, sorry
+
+---
+
+Basics of public key cryptography
+=============================================================================
+
+* Everyone has a key pair: a **public** and a **secret** key, which
+  are linked together using advanced maths, such that data encrypted
+  with one can only be decrypted with the other
+
+    * you keep the **secret key secure** so that only you have a copy,
+      and only you can use it
+    * you **publish the public key** so that everyone can have a copy
+
+* Prove data or message is from you by **signing**: encrypt with your
+  secret key, anyone can check by decrypting with your public key
+
+* Keep communications **secret**: everyone can encrypt with your
+  public key, only you can decrypt using your secret key
+
+* RSA, ElGamal, Diffie-Hellman, elliptic curve, etc: interesting maths
+  if that's your thing, not required to be understood for using crypto
+  (this might be a little controversial)
+
+* Subkeys: the main key is kept safe and forms the identity, but
+  additional keys, linked to the main key (using advanced maths), new
+  ones can be generated at will for specific purposes, such as for
+  keeping on a laptop for email
+
+---
+
+Storing keys securely
+=============================================================================
+
+* Consider your threat models: what do you need to protect against
+
+* You should probably at least keep your main key pair off-line,
+  on a USB stick, and only use it in a device whose security you
+  trust
+
+* This can be taken into extremes, if the threat model warrants it
+
+    * Be careful you're not so secure you don't use crypto at all
+
+* Subkeys can be stored on your normal devices, since they're easy
+  to replace with new ones if they're compromised
+
+* Subkeys can also be stored on special devices for more secure key
+  storage, such as Yubikeys
+
+---
+
+Creating a key, with subkeys, with GnuPG
+=============================================================================
+
+* Install GnuPG aka GPG aka gpg, version 2.1 or later
+
+    * Linux, Mac, Windows, ...
+
+* **`gpg --gen-key`**, use defaults unless you know better
+
+* Also create subkeys, at least one for encryption and one for signing
+
+* Follow one of these:
+
+    * <https://alexcabal.com/creating-the-perfect-gpg-keypair>
+
+    * <https://blog.liw.fi/posts/2017/05/29/using_a_yubikey_4_for_ensafening_one_s_encryption/>
+
+* Remember to create a **key revocation certificate** and store that
+  somewhere safe that you can access without your PGP key
+
+---
+
+Publishing a public key
+=============================================================================
+
+* A network of key servers exist for this, to make it easy to find
+  keys
+
+* Always use full fingerprints or 64-bit ("long") key ids to refer
+  to keys
+
+    * 32-bit (8 hex digit) short ids are no longer secure, and there
+      are hoax keys with real names
+
+* **In principle** it doesn't matter which keyserver you use, the
+  built-in default should be good enough
+
+---
+
+Signing a key
+=============================================================================
+
+* You can add any names and email addresses you like to a key
+  generate; **anyone can create a new key and put your name on it;**
+  how can anyone trust any given key?
+
+* "Web of trust" vs "Trust on first use"
+
+* Keys can have signatures, which mean **"the person who signed this
+  key is confident that this key belongs to the person named in
+  the key"**
+
+    * Does *not* mean "is a trustworthy person, you should loan them
+      money and your car"
+    * "Is confident" is up to the signer, there are no rules
+
+* Key signatures are also published on the keyservers
+
+* You can tell GnuPG which keys' signatures you trust, and how
+  much, and GnuPG will tell you if you can trust a key, even if
+  you haven't signed it yourself
+
+    * compare with introducing people in real life
+    * "I trust Alice to introduce me to new people and not lie to me"
+
+---
+
+Signing a key: HOWTO, part 1
+=============================================================================
+
+* You need the fingerprint of the key you want to sign (KEYID below)
+  and to get the actual key from the keyservers; or you can get in a
+  file via email or similar
+
+    * **`gpg --recv-key KEYID`**
+    * **`gpg --import FILENAME`**
+
+* Sign key key, which is done by "editing" the key
+
+    * **`gpg --edit-key KEYID`**
+    * this will result in a **`gpg>`** prompt
+    * enter the **`sign`** command, *check the fingerprint*, answer yes
+      if you want to sign; this will ask for your key passphrase
+    * enter the **`save`** command at the prompt
+
+
+---
+
+Signing a key: HOWTO, part 2
+=============================================================================
+
+* Export and encrypt the signed key:
+
+    * **`gpg --export --armor KEYID > key.pub`**
+    * **`gpg --encrypt -r KEYID key.pub`**
+    * GnupPG may tell you that the key isn't ultimately trusted; tell
+      it to use the key anyway
+
+* Email the encrypted file **`key.pub.gpg`** (note suffix!) to the email
+  address listed on the key
+
+* This ensures the person who controls the secret key actually
+  receives email to the address given on the key
+
+
+---
+
+Receiving a signature for your key
+=============================================================================
+
+* Decrypt the email
+
+* Save the signed copy of your key to a file
+
+* Import the key: **`gpg --import FILENAME`**
+
+* Send the update key to the keyserver: **`gpg --send-key YOURKEYID`**
+
+
+
+---
+
+Signing a key: the easy way
+=============================================================================
+
+* On Debian and derived Linux distributions
+
+* **`apt install signing-party`**
+
+* **`caff FINGERPRINT`**
+
+* may require for a mail transport agent to be configured on the
+  laptop
+
+---
+
+Extending key expiration date
+=============================================================================
+
+* Every key can have an expiration date
+
+* The secret key holder can extend the expiration date
+
+* It's optional, and not terribly useful
+
+    * makes sure you don't forget how to use GnuPG
+
+    * if you lose your secret key (careless!) it warns people to not
+      use your key after it's expired
+
+* Make sure you have a revocation certificate and can get that even if
+  you lose your secret key
+
+---
+
+Using a USB stick: why?
+=============================================================================
+
+* Store main key only on USB stick
+
+* Keep USB stick physically safe
+
+    * full-disk encryption with stong passphrase
+    * maybe stored in a safe
+    * possibly guarded by armed guards with dogs
+    * castles, moats, and sharks are probably overkill
+
+* Also, only use USB stick in a computer you trust
+
+* You may want to mark all copies of the stick clearly
+
+* Have subkeys on laptop for everyday use
+
+---
+
+Using a USB stick: overall approach
+=============================================================================
+
+* GnuPG keeps everything in **`~/.gnupg`** by default, override by
+  setting the **`GNUPGHOME`** environment variable
+
+* Use this to have two GnuPG instances: **main key on a USB stick**,
+  and **subkeys on your laptop**
+
+    * format a dedicated USB stick with a suitable filesystem (e.g.,
+      **ext4**), give it a filesystem **label**, and mount it (e.g.,
+      **`/media/liw/usb-stick`**)
+    * make backup copies of the stick; probably best give each backup
+      copy a dedicated filesystem label so you know which one is which
+
+* To use the main key, set **`export GNUPGHOME=/media/liw/usb-stick`**
+  for key signing, importing signatures, creating new subkeys
+
+* For everything else, don't set the environment variable
+
+* GnuPG sometimes starts **background services**; you should **kill
+  them** when switching between keys, or you'll be confused
+
+    * **`gpgconf --kill gpg-agent`**
+    * **`gpgconf --kill dirmngr`**
+
+---
+
+Using a USB stick: moving main key
+=============================================================================
+
+* Create your PGP and subkeys normally on your laptop, mount your USB stick
+
+    * Mount point it something like **`/media/liw/usb-stick`**
+
+* Export secret subkeys to a file (on laptop)
+
+    * **`gpg --export-secret-subkeys YOURKEYID > secret.key`**
+
+* Move the laptop's GnuPG stuff to USB stick.
+
+    * **`mv ~/.gnupg /media/liw/usbstick/gnupg`**
+
+* Import the exported keys to laptop
+
+    * **`gpg --import secret.key`**
+    * this creates a new **`~/.gnupg`** directory; you may want to
+      configure it
+
+* Check results: **`gpg -K`**
+
+    * should show **`sec#`** to indicate missing main secret key
+    * should show **`ssb`** to indicate secret subkey being present
-- 
cgit v1.2.1