overview/es.html + minor updates to en.html

2 files changed, 419 insertions, 3 deletions

diff --git a/overview/en.html b/overview/en.html
index 43af1e2..d19db34 100644
--- a/overview/en.html
+++ b/overview/en.html
@@ -197,7 +197,7 @@ At LEAP, we have worked to solve the availability problem with a system we call
           <section>
             <h2>Update problem</h2>
             <blockquote style="margin-bottom:2em;">Almost universally, software updates are done in ways that invite attacks and device compromises</blockquote>
-	    <li class="fragment">Thandy (thanks, Tor!)</li>
+	    <li class="fragment">TUF (thanks, Thandy/Tor!)</li>
 <aside class="notes" data-markdown>
 The sad state of update security is especially troublesome because update attacks can now be purchased off the shelf by repressive regimes. The problem of software update is particular bad on desktop platforms. In the case of mobile and HTML5 apps, the vulnerabilities are not as dire, but the issues are also harder to fix.
 
@@ -349,8 +349,8 @@ $ leap --yes deploy
         <section>
           <section>
             <h2>Provider Online</h2>
-            <p><a href="https://bitmask.net">Bitmask.net</a> - Reference Provider of LEAP </p>
-            <p>soon to be open for beta testers</p>
+            <p><a href="https://demo.bitmask.net">demo.bitmask.net</a> - Reference Provider of LEAP </p>
+            <p>already open for beta testers</p>
           </section>
 
           <section>
diff --git a/overview/es.html b/overview/es.html
new file mode 100644
index 0000000..8905e3a
--- /dev/null
+++ b/overview/es.html
@@ -0,0 +1,416 @@
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8">
+    <title>Leap Encryption Access Project</title>
+    <meta name="description" content="Herramientas para Comunicaciones Seguras en la Red">
+    <meta name="author" content="Kali">
+            
+    <meta name="apple-mobile-web-app-capable" content="yes" />
+    <meta name="apple-mobile-web-app-status-bar-style" content="black-translucent" />
+                            
+    <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
+                            
+    <link rel="stylesheet" href="../tools/reveal.js/css/reveal.min.css"> 
+    <link rel="stylesheet" href="custom.css" id="theme">
+                            
+    <!-- For syntax highlighting -->
+    <link rel="stylesheet" href="../tools/reveal.js/lib/css/zenburn.css">
+                    
+    <!-- If the query includes 'print-pdf', use the PDF print sheet -->
+    <script>                
+            document.write( '<link rel="stylesheet" href="../tools/reveal.js/css/print/' + ( window.location.search.match( /print-pdf/gi ) ? 'pdf' : 'paper' ) + '.css" type="text/css" media="print">' );
+    </script>      
+
+
+  </head>
+
+  <body>
+    <div class="reveal">
+      <div class="slides">
+        <section>
+          <h2>LEAP Encryption Access Project</h2>
+           <img width="547" height="402" src="../ta3m/images/kid-jumping.svg" alt="LEAP">
+        </section>
+
+        <section>
+	  <h3 style="margin-bottom:1em;">El Cifrado deberia ser<br />simple de proveer y facil de usar</h3>
+	  <ul>
+            <li>Herramientas para comunicaciones seguras en la red</li>
+            <li>Decentralizar los proveedores de servicios</li>
+	  </ul>
+        </section>
+
+        <section>
+          <section>
+            <h2>La Cripto es Dificil</h2>
+	    <h4 class="fragment">Espera, pero habias dicho...</h4>
+            <h3 class="fragment" style="line-height:1.2em">El Cifrado deberia ser<br /><b style="padding-right:0.2em;color:green !important;">simple</b> de proveer y <b style="padding-right:0.2em;color:green !important;">facil</b> de usar</h2>
+	    <h4 class="fragment">asi que...</h4>
+          </section>
+          <section>
+	    <h2>Solucionemos los Problemas Dificiles</h2>
+	    <div class="fragment">
+              <h3>Los &#8220;7 Magnificos&#8221;</h3>
+              <ol>
+                <li>El problema de la Autenticidad</li>
+                <li>El problema de los Metadatos</li>
+		<li>El problema de la Asincronicidad</li>
+                <li>El problema del Grupo</li>
+                <li>El problema de los Recursos</li>
+                <li>El problema de la Disponibilidad</li>
+                <li>El problema de las Actualizaciones</li>
+              </ol>
+	    </div>
+          </section>
+          <section>
+            <h2>Problema: Autenticidad</h2>
+            <blockquote style="margin-bottom:2em;">La validacion de claves publicas es muy dificil desde el punto de vista de los usuarios, pero sin esto no puedes tener confidencialidad.</blockquote>
+            <li class="fragment"><span style="font-weight:bold;">Nicknym</span> - auto-descubrimiento y validacion de claves publicas, de forma transparente!</li>
+<aside class="notes" data-markdown>
+If proper key validation is a precondition for secure communication, but it is too difficult for most users, what hope do we have? We have developed a unique federated system called Nicknym that automatically discovers and validates public keys allowing the user to take advantage of public key cryptography without knowing anything about keys or signatures.
+</aside>
+          </section>
+          <section>
+            <h2>Problema: Metadatos</h2>
+            <blockquote style="margin-bottom:2em;">Los protocolos existentes son vulnerables al analisis de metadatos, pese a que los metadatos son con frecuencia mucho mas sensibles que el contenido.</blockquote>
+            <div class="fragment">
+	      <ul>
+                <li><strong>DNSSEC/DANE</strong> a prueba de downgrades</li>
+	      </ul>
+              <p style="margin-top:1.1em;">Con uno o mas esquemas oportunistas:</p>
+	      <ul>
+                <li><strong>pares de alias</strong> automaticos</li>
+                <li><strong>Onion routing</strong> headers</li>
+                <li>Third party <strong>dropbox</strong></li>
+                <li><strong>Mixmaster</strong> con firmas</li>
+	      </ul>
+            </div>
+<aside class="notes" data-markdown>
+- DNSSEC:
+
+	Short term.  
+	Opportunistic TLS for email and chat among servers/providers  
+	Effective external observers, no protection of user from provider  
+	By itself, potential weaknesses to advanced attacks ( timing, traffic analysis )  
+
+In the long term, we plan to adopt one of several different schemes for securely routing meta-data. These include:
+
+- Auto alias pairs
+
+	auto negotiate aliases  
+	Advantage: backwards compatible  
+	Disadvantage: server stores list of aliases  
+
+- Onion-routing-headers
+
+    A message from user A to user B is encoded so that the “to” routing information only contains the name of B’s server. When B’s server receives the message, it unwraps (unencrypts) a supplementary header that contains the actual user “B”. Like aliases, this provides no benefit if both users are on the same server. As an improvement, the message could be routed through intermediary servers.
+
+- Third party dropbox
+
+	To exchange messages, user A and user B negotiate a unique “dropbox” URL for depositing messages, potentially using a third party. To send a message, user A would post the message to the “dropbox”. To receive a message, user B would regularly polls this URL to see if there are new messages.
+
+- Mixmaster with signatures
+
+	Messages are bounced through a mixmaster-like set of anonymization relays and then finally delivered to the recipient’s server. The user’s client only displays the message if it is encrypted, has a valid signature, and the user has previously added the sender to a ‘allow list’ (perhaps automatically generated from the list of validated public keys).
+
+For a great discussion comparing mix networks and onion routing, see Tom Ritter’s blog post on the topic.
+</aside>
+          </section>
+          <section>
+            <h2>Problema: Asincronicidad</h2>
+            <blockquote style="margin-bottom:2em;">Para las comunicaciones cifradas, tienes que elegir entre forward secrecy o la capacidad de comunicar asincronamente</blockquote>
+	    <div class="fragment">
+	      <ul>
+                <li>OpenPGP vs. OTR</li>
+	        <li>A corto: Una capa de transporte forward secrecy sobre OpenPGP</li>
+	        <li>A largo plazo: Colaborar con otros grupos para crear nuevos estandares para protocolos de cifrado</li>
+	      </ul>
+	    </div>
+<aside class="notes" data-markdown>
+With the pace of growth in digital storage and decryption, forward secrecy is increasingly important. Otherwise, any encrypted communication you engage in today is likely to become cleartext communication in the near future.
+
+In the example of email and chat, we have OpenPGP with email and OTR with chat: the former provides asynchronous capabilities, and the latter forward secrecy, but neither one supports both abilities. We need both better security for email and the ability to send/receive offline chat messages.
+
+In the short term, we are layering forward secret transport for email and chat relay on top of traditional object encryption (OpenPGP). This approach is identical to our stop-gap approach for the meta-data problem, with the one addition that relaying servers need the ability to not simply negotiate TLS transport, but to also negotiate forward secret ciphers and to prevent a cipher downgrade.
+
+This approach is potentially effective against external network observers, but does not achieve forward secrecy from the service providers themselves.
+
+In the long term, we plan to work with other groups to create new encryption protocol standards that can be both asynchronous and forward secret. :
+
+    Forward Secrecy Extensions for OpenPGP
+    Triple elliptical curve Diffie-Hellman handshake
+</aside>
+          </section>
+          <section>
+            <h2>Problema: Grupos</h2>
+            <blockquote style="margin-bottom:2em;">En la practica, trabajamos en grupos, pero... la criptografia de clave publica no.</blockquote>
+	    <ul>
+	      <li class="fragment" data-fragment-index="1">Lo primero... ummm</li>
+	      <li class="fragment" data-fragment-index="2">Avances interesantes en backup/sync/comparticion segura de archivos (e.g. Wuala and SpiderOak)
+	      <li class="fragment" data-fragment-index="3">Proxy con re-encryptacion</li>
+	      <li class="fragment" data-fragment-index="3">Firmas en anillo</li>
+	    </ul>
+<aside class="notes" data-markdown>
+We have a lot of ideas, but we don’t have any solutions yet to fix this. Essentially, the question is how to use existing public key primitives to create strong cryptographic groups, where membership and permissions are based on keys and not arbitrary server-maintained access control lists.
+
+Most of the interesting work in this area has been done by companies working on secure file backup/sync/sharing, such as Wuala and Spideroak. Unfortunately, there are not yet any good open protocols or free software packages that can handle group cryptography.
+
+### There is some free software work on some of interesting building blocks that could be useful in building group cryptography. For example: ###
+
+- Proxy re-encryption:
+
+	See Wikipedia  
+	This allows the server to re-encrypt to new recipients without gaining access to the cleartext. The SELS mailing list manager (Secure Email List Services) uses OpenPGP to implement a clever scheme for proxy re-encryption.
+
+- Ring signatures:
+
+	See Wikipedia  
+	This allows any member of a group to sign, without anyone knowing which member.
+</aside>
+          </section>
+          <section>
+            <h2>Problema: (acceso a) recursos</h2>
+            <blockquote style="margin-bottom:2em;">No existen protocolos abiertos para permitir a los usuarios compartir un recurso</blockquote>
+	    <ul>
+	      <li class="fragment" data-fragment-index="1">Pues... no les trajimos nada :/</li>
+	      <li class="fragment" data-fragment-index="2">"Read-write-web" les presenta [ponga la solucion al "Group problem" aqui]
+	      <li class="fragment" data-fragment-index="2">De nuevo, mirando hacia el campo del sincronizado de archivos (Lazy Revocation y Key Regression)
+	    </ul>
+<aside class="notes" data-markdown>
+For example, when using secure chat or secure federated social networking, you need some way to link to external media, such as an image, video or file, that has the same security guarantees as the message itself. Embedding this type of resource in the messages themselves is prohibitively inefficient.
+
+We don’t have a proposal for how to address this problem. There are a lot of great initiatives working under the banner of read-write-web, but these do not take encryption into account. In many ways, solutions to the resource problem are dependent on solutions to the the group problem.
+
+As with the group problem, most of the progress in this area has been by people working on encrypted file sync (e.g. strategies like Lazy Revocation and Key Regression).
+</aside>
+          </section>
+          <section>
+            <h2>Problema: Disponibilidad</h2>
+            <blockquote style="margin-bottom:2em;">Queremos ser capaces de cambiar de dispositivo sin pensarlo, y recuperar nuestros datos si perdemos un dispositivo... pero es dificil hacerlo de forma segura</blockquote>
+	    <li class="fragment">Soledad - Synchronization of Locally Encrypted Documents Among Devices<br /><em class="fragment">vaya! no nos habiamos quedado del todo sin ideas!</em></li>
+<aside class="notes" data-markdown>
+Users today demand the ability to access their data on multiple devices and to have piece of mind that there data will not be lost forever if they lose a device. In the free software world, only Firefox has addressed this problem adequately and in a secure way (with Firefox Sync).
+
+At LEAP, we have worked to solve the availability problem with a system we call Soledad (for Synchronization of Locally Encrypted Documents Among Devices). Soledad gives the client application an encrypted, synchronized, searchable document database. All data is client encrypted, both when it is stored on the local device and synced with the cloud. As far as we know, there is nothing else like it, either in the free software or commercial world.
+</aside>
+          </section>
+          <section>
+            <h2>Problema: Actualizaciones</h2>
+            <blockquote style="margin-bottom:2em;">De forma casi universal, las actualizaciones de software se hacen de forma que invitan a los ataques y el compromiso de dispositivos</blockquote>
+	    <li class="fragment">TUF (thanks, Thandy/Tor!)</li>
+	    <li class="fragment">Gitian en la mira</li>
+<aside class="notes" data-markdown>
+The sad state of update security is especially troublesome because update attacks can now be purchased off the shelf by repressive regimes. The problem of software update is particular bad on desktop platforms. In the case of mobile and HTML5 apps, the vulnerabilities are not as dire, but the issues are also harder to fix.
+
+To address the update problem, LEAP is adopting a unique update system called Thandy from the Tor project. Thandy is complex to manage, but is very effective at preventing known update attacks.
+
+Thandy, and the related TUF, are designed to address the many security vulnerabilities in existing software update systems. In one example, other update systems suffer from an inability of the client to confirm that they have the most up-to-date copy, thus opening a huge vulnerability where the attacker simply waits for a security upgrade, prevents the upgrade, and launches an attack exploiting the vulnerability that should have just been fixed. Thandy/TUF provides a unique mechanism for distributing and verifying updates so that no client device will install the wrong update or miss an update without knowing it.
+
+Related to the update problem is the backdoor problem: how do you know that an update does not have a backdoor added by the software developers themselves? Probably the best approach is that taken by Gitian, which provides a “deterministic build process to allow multiple builders to create identical binaries”. We hope to adopt Gitian in the future.
+</aside>
+          </section>
+        </section>
+
+	<section>
+	  <h2>Bien, pero... que nos traen hoy?</h2>
+	</section>
+
+        <section>
+          <h2>Servicios</h2>
+          <p>Encrypted Internet Proxy aka VPN - Bitmask 0.6.1</p>
+          <p>Email - Bitmask 0.7.0</p>
+        </section>
+        
+        <section>
+          <h2>Servicios Planeados</h2>
+          <p>Chat (comenzado)</p>
+          <p>Client-Encrypted Filehosting</p>
+          <p>Voip</p>
+          <p>Collaborative Text Editor</p>
+        </section>
+
+        <section>
+          <section>
+            <h2>Para usuarias</h2>
+	    <li>Bitmask-Client for Linux, Android</li>
+	    <li>OSX, Windows de camino...</li>
+          </section>
+          <section>
+            <img src="../ta3m/images/bitmask-icon.png" alt="Bitmask-Client">
+          </section>
+          <section>
+            <img width="547" height="402" src="../img/en/bitmask-client-0.5.png" alt="Bitmask-Client">
+          </section>
+        </section>
+
+        <section>
+          <section>
+            <h2>Para proveedores</h2>
+            <ul>
+              <li>Instalacion y configuracion de servicios "automatica"</li>
+              <li>Configuraciones de crypto seguras por defecto (parametros TLS, etc)</li>
+            </ul>  
+          </section>
+          <section>
+            <h2>leap-platform</h2>
+            <p>Recetas Puppet para configurar el servidor</p>
+            <pre><code data-trim contenteditable>
+# smtp TLS                                                                    
+postfix::config {                                                             
+  'smtp_use_tls':        value  => 'yes';                                     
+  'smtp_tls_CApath':     value  => '/etc/ssl/certs/';                         
+  'smtp_tls_CAfile':     value  => $ca_path;                                  
+  'smtp_tls_cert_file':  value  => $cert_path;                                
+  'smtp_tls_key_file':   value  => $key_path;                                 
+  'smtp_tls_ask_ccert':  value  => 'yes';                                     
+  'smtp_tls_loglevel':   value  => '1';                                       
+  'smtp_tls_exclude_ciphers':                                                 
+    value => 'aNULL, MD5, DES';                                               
+  # upstream default is md5 (since 2.5 and older used it), we force sha1      
+  'smtp_tls_fingerprint_digest':                                              
+    value => 'sha1';                                                          
+  'smtp_tls_session_cache_database':                                          
+    value => 'btree:${queue_directory}/smtp_cache';                           
+  'smtp_tls_security_level':                                                  
+    value  => 'may';                                                          
+  # see issue #4011                                                           
+  'smtp_tls_protocols':                                                       
+    value => '!SSLv2, !SSLv3';                                                
+}                            
+            </code></pre>
+
+          </section>
+          <section>
+            <h2>Configuracion del Proveedor</h2>
+            <p>Server Layout, IPs, contact details, etc</p>
+            <pre><code data-trim contenteditable>
+$ cat provider.json 
+//
+// General service provider configuration.
+//
+{
+  "domain": "example.org",
+  "name": {
+    "en": "example"
+  },
+  "description": {
+    "en": "You really should change this text"
+  },
+  "contacts": {
+    "default": "admin@example.org"
+  },
+  "languages": ["en"],
+  "default_language": "en",
+  "enrollment_policy": "open"
+}
+
+$ cat nodes/web1.json 
+{
+  "ip_address": "99.231.92.23",
+  "services": "webapp",
+  "tags": "production"
+}
+            </code></pre>
+          </section>
+          <section>
+            <h2>Leap-cli</h2>
+            <p>Herramientas de linea de comandos para Admins</p>
+            <pre><code data-trim contenteditable>
+$ leap --yes deploy
+ Deploying to these nodes: web1, vpn1, couch1
+ = updated hiera/couch1.yaml
+ = updated hiera/web1.yaml
+ = checking node 
+   - [web1] ok
+   - [couch1] ok
+   - [vpn1] ok
+ = synching configuration files
+   - hiera/web1.yaml -> web1:/etc/leap/hiera.yaml
+   - hiera/vpn1.yaml -> vpn1:/etc/leap/hiera.yaml
+   - hiera/couch1.yaml -> couch1:/etc/leap/hiera.yaml
+   - files/branding/tail.scss, files/branding/head.scss -> web1:/etc/leap
+ = synching puppet manifests
+   - /home/demo/leap/demo/leap_platform/[bin,puppet] -> web1:/srv/leap
+   - /home/demo/leap/demo/leap_platform/[bin,puppet] -> vpn1:/srv/leap
+   - /home/demo/leap/demo/leap_platform/[bin,puppet] -> couch1:/srv/leap
+...
+            </code></pre>
+          </section>
+          <section>
+            <!--<h2>Leap-cli Screencasts</h2>-->
+            <!--<li><a href="http://shelr.tv/users/524415e69660807910000021">Shelr Screencasts</a> - Setup and Installation of a Provider</li>-->
+            <h2>Instalando un nuevo Proveedor</h2>
+            <iframe border='0' height='684' id='shelr_record_52444667966080752b000024' scrolling='no' src='http://shelr.tv/records/52444667966080752b000024/embed' style='border: 0' width='885'></iframe>
+          </section>
+          <section>
+            <!--<h2>Leap-cli Screencasts</h2>-->
+            <!--<li><a href="http://shelr.tv/users/524415e69660807910000021">Shelr Screencasts</a> - Setup and Installation of a Provider</li>-->
+            <h2>Inicializacion y puesta en marcha de nuevos nodos</h2>
+            <iframe border='0' height='684' id='shelr_record_52444667966080752b000024' scrolling='no' src='http://shelr.tv/records/52444667966080752b000024/embed' style='border: 0' width='885'></iframe>
+          </section>
+
+        </section>
+
+        <section>
+          <section>
+            <h2>Proveedor de pruebas</h2>
+            <p><a href="https://demo.bitmask.net">demo.bitmask.net</a> - Proveedor de referencia de LEAP</p>
+            <p>ya abierto para beta testers =)</p>
+          </section>
+
+          <section>
+            <h2>Proveedores futuros</h2>
+	    <ul>
+              <li><a href="https://calyxinstitute.org">The Calyx Institute</a></li>
+              <li><a href="https://riseup.net">Riseup</a></li>
+              <li><a href="https://oblivia.vc">Oblivia.vc</a></li>
+              <li><a href="https://espora.org">espora.org</a></li>
+              <!--<li><a href="https://genopoly.org">Genopoly.org</a></li>-->
+              <li>...</li>
+	    </ul>
+          </section>
+        </section>
+
+         <section>
+           <h2>Etc</h2>
+	   <p>para servirles 24/7 en <b>#leap</b> @ irc.freenode.org</p>
+           <p>Website: <a href="https://leap.se">https://leap.se</a></p>
+           <p>Github Mirror: <a href="https://github.com/leapcode">https://github.com/leapcode</a></li>
+           <p>Hecho con <a href="https://github.com/hakimel/reveal.js">reveal.js</a></li>
+</p>
+         </section>
+
+      </div>
+
+    </div>
+
+    <script src="../tools/reveal.js/lib/js/head.min.js"></script>
+    <script src="../tools/reveal.js/js/reveal.min.js"></script>
+
+    <script>
+      // Full list of configuration options avai  lable here:
+      // https://github.com/hakimel/reveal.js#configuration
+      Reveal.initialize({
+        controls: true,
+        progress: true,
+        history: true,
+        center: true,
+
+        theme: Reveal.getQueryHash().theme, // available themes are in /css/theme
+        transition: Reveal.getQueryHash().transition || 'default', // default/cube/page/concave/zoom/linear/fade/none
+
+        // Optional libraries used to extend on reveal.js
+        dependencies: [
+        { src: '../tools/reveal.js/lib/js/classList.js', condition: function() { return !document.body.classList; } },
+        { src: '../tools/reveal.js/plugin/markdown/marked.js', condition: function() { return !!document.querySelector( '[data-markdown]' ); } },
+        { src: '../tools/reveal.js/plugin/markdown/markdown.js', condition: function() { return !!document.querySelector( '[data-markdown]' ); } },
+        { src: '../tools/reveal.js/plugin/highlight/highlight.js', async: true, callback: function() { hljs.initHighlightingOnLoad(); } },
+        { src: '../tools/reveal.js/plugin/zoom-js/zoom.js', async: true, condition: function() { return !!document.body.classList; } },
+        { src: '../tools/reveal.js/plugin/notes/notes.js', async: true, condition: function() { return !!document.body.classList; } }
+        ]
+      });
+    </script>
+
+  </body>
+</html>