]> pere.pagekite.me Git - homepage.git/blob - blog/archive/2017/06/06.rss
projects / homepage.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Generated.
[homepage.git] / blog / archive / 2017 / 06 / 06.rss
1 <?xml version="1.0" encoding="ISO-8859-1"?>
2 <rss version='2.0' xmlns:lj='http://www.livejournal.org/rss/lj/1.0/'>
3 <channel>
4 <title>Petter Reinholdtsen - Entries from June 2017</title>
5 <description>Entries from June 2017</description>
6 <link>http://people.skolelinux.org/pere/blog/</link>
7
8
9 <item>
10 <title>Idea for storing trusted timestamps in a Noark 5 archive</title>
11 <link>http://people.skolelinux.org/pere/blog/Idea_for_storing_trusted_timestamps_in_a_Noark_5_archive.html</link>
12 <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Idea_for_storing_trusted_timestamps_in_a_Noark_5_archive.html</guid>
13 <pubDate>Wed, 7 Jun 2017 21:40:00 +0200</pubDate>
14 <description>&lt;p&gt;&lt;em&gt;This is a copy of
15 &lt;a href=&quot;https://lists.nuug.no/pipermail/nikita-noark/2017-June/000297.html&quot;&gt;an
16 email I posted to the nikita-noark mailing list&lt;/a&gt;. Please follow up
17 there if you would like to discuss this topic. The background is that
18 we are making a free software archive system based on the Norwegian
19 &lt;a href=&quot;https://www.arkivverket.no/forvaltning-og-utvikling/regelverk-og-standarder/noark-standarden&quot;&gt;Noark
20 5 standard&lt;/a&gt; for government archives.&lt;/em&gt;&lt;/p&gt;
21
22 &lt;p&gt;I&#39;ve been wondering a bit lately how trusted timestamps could be
23 stored in Noark 5.
24 &lt;a href=&quot;https://en.wikipedia.org/wiki/Trusted_timestamping&quot;&gt;Trusted
25 timestamps&lt;/a&gt; can be used to verify that some information
26 (document/file/checksum/metadata) have not been changed since a
27 specific time in the past. This is useful to verify the integrity of
28 the documents in the archive.&lt;/p&gt;
29
30 &lt;p&gt;Then it occured to me, perhaps the trusted timestamps could be
31 stored as dokument variants (ie dokumentobjekt referered to from
32 dokumentbeskrivelse) with the filename set to the hash it is
33 stamping?&lt;/p&gt;
34
35 &lt;p&gt;Given a &quot;dokumentbeskrivelse&quot; with an associated &quot;dokumentobjekt&quot;,
36 a new dokumentobjekt is associated with &quot;dokumentbeskrivelse&quot; with the
37 same attributes as the stamped dokumentobjekt except these
38 attributes:&lt;/p&gt;
39
40 &lt;ul&gt;
41
42 &lt;li&gt;format -&gt; &quot;RFC3161&quot;
43 &lt;li&gt;mimeType -&gt; &quot;application/timestamp-reply&quot;
44 &lt;li&gt;formatDetaljer -&gt; &quot;&amp;lt;source URL for timestamp service&amp;gt;&quot;
45 &lt;li&gt;filenavn -&gt; &quot;&amp;lt;sjekksum&amp;gt;.tsr&quot;
46
47 &lt;/ul&gt;
48
49 &lt;p&gt;This assume a service following
50 &lt;a href=&quot;https://tools.ietf.org/html/rfc3161&quot;&gt;IETF RFC 3161&lt;/a&gt; is
51 used, which specifiy the given MIME type for replies and the .tsr file
52 ending for the content of such trusted timestamp. As far as I can
53 tell from the Noark 5 specifications, it is OK to have several
54 variants/renderings of a dokument attached to a given
55 dokumentbeskrivelse objekt. It might be stretching it a bit to make
56 some of these variants represent crypto-signatures useful for
57 verifying the document integrity instead of representing the dokument
58 itself.&lt;/p&gt;
59
60 &lt;p&gt;Using the source of the service in formatDetaljer allow several
61 timestamping services to be used. This is useful to spread the risk
62 of key compromise over several organisations. It would only be a
63 problem to trust the timestamps if all of the organisations are
64 compromised.&lt;/p&gt;
65
66 &lt;p&gt;The following oneliner on Linux can be used to generate the tsr
67 file. $input is the path to the file to checksum, and $sha256 is the
68 SHA-256 checksum of the file (ie the &quot;&lt;sjekksum&gt;.tsr&quot; value mentioned
69 above).&lt;/p&gt;
70
71 &lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
72 openssl ts -query -data &quot;$inputfile&quot; -cert -sha256 -no_nonce \
73 | curl -s -H &quot;Content-Type: application/timestamp-query&quot; \
74 --data-binary &quot;@-&quot; http://zeitstempel.dfn.de &gt; $sha256.tsr
75 &lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;
76
77 &lt;p&gt;To verify the timestamp, you first need to download the public key
78 of the trusted timestamp service, for example using this command:&lt;/p&gt;
79
80 &lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
81 wget -O ca-cert.txt \
82 https://pki.pca.dfn.de/global-services-ca/pub/cacert/chain.txt
83 &lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;
84
85 &lt;p&gt;Note, the public key should be stored alongside the timestamps in
86 the archive to make sure it is also available 100 years from now. It
87 is probably a good idea to standardise how and were to store such
88 public keys, to make it easier to find for those trying to verify
89 documents 100 or 1000 years from now. :)&lt;/p&gt;
90
91 &lt;p&gt;The verification itself is a simple openssl command:&lt;/p&gt;
92
93 &lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
94 openssl ts -verify -data $inputfile -in $sha256.tsr \
95 -CAfile ca-cert.txt -text
96 &lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;
97
98 &lt;p&gt;Is there any reason this approach would not work? Is it somehow against
99 the Noark 5 specification?&lt;/p&gt;
100 </description>
101 </item>
102
103 <item>
104 <title>Når nynorskoversettelsen svikter til eksamen...</title>
105 <link>http://people.skolelinux.org/pere/blog/N_r_nynorskoversettelsen_svikter_til_eksamen___.html</link>
106 <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/N_r_nynorskoversettelsen_svikter_til_eksamen___.html</guid>
107 <pubDate>Sat, 3 Jun 2017 08:20:00 +0200</pubDate>
108 <description>&lt;p&gt;&lt;a href=&quot;http://www.aftenposten.no/norge/Krever-at-elever-ma-fa-annullert-eksamen-etter-rot-med-oppgavetekster-622459b.html&quot;&gt;Aftenposten
109 melder i dag&lt;/a&gt; om feil i eksamensoppgavene for eksamen i politikk og
110 menneskerettigheter, der teksten i bokmåls og nynorskutgaven ikke var
111 like. Oppgaveteksten er gjengitt i artikkelen, og jeg ble nysgjerring
112 på om den fri oversetterløsningen
113 &lt;a href=&quot;https://www.apertium.org/&quot;&gt;Apertium&lt;/a&gt; ville gjort en bedre
114 jobb enn Utdanningsdirektoratet. Det kan se slik ut.&lt;/p&gt;
115
116 &lt;p&gt;Her er bokmålsoppgaven fra eksamenen:&lt;/p&gt;
117
118 &lt;blockquote&gt;
119 &lt;p&gt;Drøft utfordringene knyttet til nasjonalstatenes og andre aktørers
120 rolle og muligheter til å håndtere internasjonale utfordringer, som
121 for eksempel flykningekrisen.&lt;/p&gt;
122
123 &lt;p&gt;Vedlegge er eksempler på tekster som kan gi relevante perspektiver
124 på temaet:&lt;/p&gt;
125 &lt;ol&gt;
126 &lt;li&gt;Flykningeregnskapet 2016, UNHCR og IDMC
127 &lt;li&gt;«Grenseløst Europa for fall» A-Magasinet, 26. november 2015
128 &lt;/ol&gt;
129
130 &lt;/blockquote&gt;
131
132 &lt;p&gt;Dette oversetter Apertium slik:&lt;/p&gt;
133
134 &lt;blockquote&gt;
135 &lt;p&gt;Drøft utfordringane knytte til nasjonalstatane sine og rolla til
136 andre aktørar og høve til å handtera internasjonale utfordringar, som
137 til dømes *flykningekrisen.&lt;/p&gt;
138
139 &lt;p&gt;Vedleggja er døme på tekster som kan gje relevante perspektiv på
140 temaet:&lt;/p&gt;
141
142 &lt;ol&gt;
143 &lt;li&gt;*Flykningeregnskapet 2016, *UNHCR og *IDMC&lt;/li&gt;
144 &lt;li&gt;«*Grenseløst Europa for fall» A-Magasinet, 26. november 2015&lt;/li&gt;
145 &lt;/ol&gt;
146
147 &lt;/blockquote&gt;
148
149 &lt;p&gt;Ord som ikke ble forstått er markert med stjerne (*), og trenger
150 ekstra språksjekk. Men ingen ord er forsvunnet, slik det var i
151 oppgaven elevene fikk presentert på eksamen. Jeg mistenker dog at
152 &quot;andre aktørers rolle og muligheter til ...&quot; burde vært oversatt til
153 &quot;rolla til andre aktørar og deira høve til ...&quot; eller noe slikt, men
154 det er kanskje flisespikking. Det understreker vel bare at det alltid
155 trengs korrekturlesning etter automatisk oversettelse.&lt;/p&gt;
156 </description>
157 </item>
158
159 </channel>
160 </rss>
Nettsider og blogg.