-<p>I'm really sorry I cannot say much more about that :(!</p>
-
-<p><strong>Which free software do you use daily?</strong></p>
-
-<p>First of all, all software I use is free and open. I have abandoned
-all non-free software (except for firmware on my darned phone) this
-year.</p>
-
-<p>I run Debian GNU/Linux on all PC systems I use. On that, I mostly
-run text tools. I use
-<a href="https://www.mirbsd.org/mksh.htm">mksh</a> as shell,
-<a href="https://www.mirbsd.org/jupp.htm">jupp</a> as very advanced
-text editor (I even got the developer to help me write a script/macro
-based full-featured student management software with the two),
-<a href="http://mcabber.com/">mcabber</a> for XMPP and
-<a href="http://www.irssi.org/">irssi</a> for IRC. For that overly
-coloured world called the WWW, I use
-<a href="https://www.mozilla.org/en-US/firefox/new/">Iceweasel
-(Firefox)</a>. Oh, and <a href="http://www.mutt.org/">mutt</a> for
-e-mail.</p>
-
-<p>However, while I am personally aware of the fact that text tools
-are more efficient and powerful than anything else, I also use (or at
-least operate) some tools that are suitable to bring open source to
-kids. One of these things is <a href="http://jappix.org/">Jappix</a>,
-which I already introduced to some kids even before they got aware of
-Facebook, making them see for themselves that they do not need
-Facebook now ;).</p>
-
-<p><strong>Which strategy do you believe is the right one to use to
-get schools to use free software?</strong></p>
-
-<p>Well, that's a two-sided thing. One side is what I believe, and one
-side is what I have experienced.</p>
-
-<p>I believe that the right strategy is showing them the benefits. But
-that won't work out as long as the acceptance of free alternatives
-grows globally. What I mean is that if all the kids are almost forced
-to use Windows, Facebook, Skype, you name it at home, they will not
-see why they would want to use alternatives at school. I have seen
-students take seat in front of a fully-functional, modern Debian
-desktop that could do anything their Windows at home could do, and
-they jsut refused to use it because "Linux sucks". It is something
-that makes the council of our city spend around 600000 € to buy
-software - not including hardware, mind you - for operating school
-networks, and for installing a system that, as has been proved, does
-not work. For those of you readers who are good at maths, have you
-already found out how many lives could have been saved with that money
-if we had instead used it to bring education to parts of the world
-that need it? I have, and found it to be nothing less dramatic than
-plain criminal.</p>
-
-<p>That said, the only feasible way appears to be the bottom up
-method. We have to bring free software to kids and parents. I have
-founded an association named
-<a href="https://www.teckids.org">Teckids</a> here in Germany that does
-just that. We organise several events for kids and adolescents in the
-area of free and open source software, for example the
-<a href="http://kids.froscon.org">FrogLabs</a>, which share staff with
-Teckids and are the youth programme of
-<a href="http://www.froscon.org">the Free and Open Source Software
-Conference (FrOSCon)</a>. We do a lot more than most other conferences
-- this year, we first offered the FrogLabs as a holiday camp for kids
-aged 10 to 16. It was a huge success, with approx. 30 kids taking part
-and learning with and about free software through a whole weekend. All
-of us had a lot of fun, and the results were really exciting.</p>
-
-<p>Apart from that, we are preparing a campaign that is supposed to bring
-the message of free alternatives to stuff kids use every day to them and
-their parents, e.g. the use of Jabber / Jappix instead of Facebook and
-Skype. To make that possible, we are planning to get together a team of
-clever kids who understand very well what their peers need and can bring
-it across to them. So we will have a peer-driven network of adolescents
-who teach each other and collect feedback from the community of minors.
-We then take that feedback and our own experience to work closely with
-open source projects, such as Skolelinux or Jappix, at improving their
-software in a way that makes it more and more attractive for the target
-group. At least I hope that we will have good cooperation with
-Skolelinux in the future ;)!</p>
-
-<p>So in conclusion, what I believe is that, if it weren't for the world
-being so bad, it should be very clear to the political decision makers
-that the only way to go nowadays is free software for various reasons,
-but I have learnt that the only way that seems to work is bottom up.</p>
-
-<!--
-
-> * Who should be interviewed with this questions in the future?
-
-That's probably the hardest question of them all, as I do not know the
-community. However, I would be willing to do the following:
-
- <li>Run an interview with a German headteacher who is very open to
- free software, and also prefers it, but cannot really use it because
- of the decision makers above;
- <li>Run interviews with some kids, both with and without previous
- knowledge about free software
-
-If that is wanted, just let me know ;).
-
--->
+<p>This assume a service following
+<a href="https://tools.ietf.org/html/rfc3161">IETF RFC 3161</a> is
+used, which specifiy the given MIME type for replies and the .tsr file
+ending for the content of such trusted timestamp. As far as I can
+tell from the Noark 5 specifications, it is OK to have several
+variants/renderings of a dokument attached to a given
+dokumentbeskrivelse objekt. It might be stretching it a bit to make
+some of these variants represent crypto-signatures useful for
+verifying the document integrity instead of representing the dokument
+itself.</p>
+
+<p>Using the source of the service in formatDetaljer allow several
+timestamping services to be used. This is useful to spread the risk
+of key compromise over several organisations. It would only be a
+problem to trust the timestamps if all of the organisations are
+compromised.</p>
+
+<p>The following oneliner on Linux can be used to generate the tsr
+file. $input is the path to the file to checksum, and $sha256 is the
+SHA-256 checksum of the file (ie the "<sjekksum>.tsr" value mentioned
+above).</p>
+
+<p><blockquote><pre>
+openssl ts -query -data "$inputfile" -cert -sha256 -no_nonce \
+ | curl -s -H "Content-Type: application/timestamp-query" \
+ --data-binary "@-" http://zeitstempel.dfn.de > $sha256.tsr
+</pre></blockquote></p>
+
+<p>To verify the timestamp, you first need to download the public key
+of the trusted timestamp service, for example using this command:</p>
+
+<p><blockquote><pre>
+wget -O ca-cert.txt \
+ https://pki.pca.dfn.de/global-services-ca/pub/cacert/chain.txt
+</pre></blockquote></p>
+
+<p>Note, the public key should be stored alongside the timestamps in
+the archive to make sure it is also available 100 years from now. It
+is probably a good idea to standardise how and were to store such
+public keys, to make it easier to find for those trying to verify
+documents 100 or 1000 years from now. :)</p>
+
+<p>The verification itself is a simple openssl command:</p>
+
+<p><blockquote><pre>
+openssl ts -verify -data $inputfile -in $sha256.tsr \
+ -CAfile ca-cert.txt -text
+</pre></blockquote></p>
+
+<p>Is there any reason this approach would not work? Is it somehow against
+the Noark 5 specification?</p>
projects / homepage.git / blobdiff