lackof.org - security

Secure services

Where possible we provide secure access to our services. Currently this means,

Certificate authority

We are our own Certificate Authority. If your machine doesn't know about us as a certificate authority (likely) then upon connecting when you are prompted about the SSL certificate it may say something like "Self signed certificate" or "Could not verify". If this happens you can verify the certificate yourself with the information below.

Adding lackof as a Certificate Authority

You can add lackof to the list of certificate authorities that your system trusts and then you won't be prompted when connecting the first time to any of lackof's services. Before doing so you should very carefully check that the CA cert you are installing is indeed the correct one, see the section below on how to do this. You can download lackof's CA cert here. If you are on Microsoft Windows you may need this alternative format.

Verifying certificates

GPG

Here is a gpg signed file that contains the MD5 fingerprints of the various service keys and the CA key itself. You can use the GPG web of trust to verify that it was signed by the true "Matt Taggart <matt@lackof.org>" and then compare the fingerprint with those of the certificates presented when you connect to a service or download the CA cert above.

In person

If you can't use gpg you can talk to one of the lackof administrators in person and they can confirm fingerprints for you.


Lackof Admins <admins@lackof.org>