1 files changed, 534 insertions, 0 deletions
diff --git a/leap33c3/index.html b/leap33c3/index.html
new file mode 100644
index 0000000..10ce86e
--- /dev/null
+++ b/leap33c3/index.html
@@ -0,0 +1,534 @@
+<!doctype html>
+<html lang="en">
+
+<head>
+	<meta charset="utf-8">
+
+	<title>
+	Introduction to LEAP & Pixelated
+	</title>
+
+	<meta name="description" content=""
+	<meta name="author" content="kali kaneko">
+
+	<meta name="apple-mobile-web-app-capable" content="yes">
+	<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent">
+
+	<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
+
+	<link rel="stylesheet" href="css/reveal.css">
+	<link rel="stylesheet" href="css/theme/sky2.css" id="theme">
+
+	<!-- Theme used for syntax highlighting of code -->
+	<link rel="stylesheet" href="lib/css/zenburn.css">
+
+	<!-- Printing and PDF exports -->
+	<script>
+		var link = document.createElement( 'link' );
+		link.rel = 'stylesheet';
+		link.type = 'text/css';
+		link.href = window.location.search.match( /print-pdf/gi ) ? 'css/print/pdf.css' : 'css/print/paper.css';
+		document.getElementsByTagName( 'head' )[0].appendChild( link );
+	</script>
+
+	<!--[if lt IE 9]>
+	<script src="lib/js/html5shiv.js"></script>
+	<![endif]-->
+</head>
+
+<body>
+<div class="reveal">
+
+<div class="slides">
+<section>
+	<section data-markdown>
+	# Introduction to LEAP & Pixelated
+	### meskio && zara && varac && kali @Hamburg
+	### 33c3 - Dec 2016
+	</section>
+
+	<section data-markdown>
+	### Pixelated hands-on: 28th 1100 HALL C4
+	### Platform hands-on:  28th 1700 HALL C2
+	</section>
+
+	<section>
+	<img src="images/intersection.png">
+	</section>
+
+	<section>
+	<img src="images/jump.png">
+        </section>
+
+	<section data-markdown>
+	## here to provide
+	easy-to-use software for end-to-end encrypted communication between individual users
+	</section>
+
+	<section>
+	<video autoplay="false" width="800" controls="controls" loop src="video/fbi.mp4"></video>
+	</section>
+
+	<section>
+	<img src="images/lavabit.png">
+	</section>
+
+	<section>
+	<img src="images/bitmask2.png">
+	<br/>
+	<img src="images/bitmask-logo.svg" width=30% height=30%>
+	</section>
+
+	<section data-markdown>
+	## decentralization & privacy
+	will NOT be magically achieved!
+	* must be built from below and regained
+	* federation is at stake (even if it means less traction or control!)
+	* services have costs
+	* "demand" is a two-way game
+	</section>
+
+	<section>
+	<img src="images/crimson.jpg" alt="the crimson permanent insurance">
+	</section>
+
+	<section>
+	<img src="images/monster.jpg" alt="a monster with many eyes - complexity creeps in any project">
+	</section>
+
+</section>
+
+<section>
+	<section>
+	<video autoplay="false" width="800" controls="controls" loop src="video/gpgforjournalists.mp4"></video>
+	</section>
+
+	<section>
+	<img src="images/pizarra.jpg">
+	</section>
+
+	<section>
+	<video autoplay="false" width="800" controls="controls" loop src="video/my-first-email.avi"></video>
+	</section>
+
+
+	<section data-markdown>
+	## why [greenwald] can't encrypt? (since 2005!)
+	* encryption difficult to use 
+	* encryption difficult to provide
+	* security and privacy not possible without usability
+	* security and privacy not possible without usability
+	* security and privacy not possible without usability
+	* was that point already clear?
+	* do not overwhelm or scare the user
+	* provide sensible defaults
+	* convenience trade-offs: fail close!
+	</section>
+
+	<section>
+	<img src="images/pgp.png">
+	</section>
+
+	<section>
+	<img src="images/serrapelada.jpg">
+	</section>
+
+	<section data-markdown>
+	## "WE WANT CRYPTO
+	## BUT ROSES TOO"
+	</section>
+
+	<section data-markdown>
+	## break down the problem
+	1. server-side infrastructure
+	2. usable client software
+	3. protocols for sync
+	</section>
+
+	<section>
+	<img src="images/holygrail.jpg">
+	</section>
+
+	<section data-markdown>
+	## what $user sees 
+	* VPN client
+	* Application proxies
+	* Key management 
+	</section>
+
+	<section data-markdown>
+	## native apps, really?
+	* user can do...
+	* ...if incentives aligned
+	* first tunnel, then mail thru secure channel.
+	* opportunistic mail encryption
+	* eip: encrypted internet proxy (VPN)
+	* cross-device synchronization
+	* VPN helps to fight commoditization! (provider can monetize)
+	</section>
+</section>
+
+<section>
+	<section>
+	<img src="images/cryptorally.png">
+	</section>
+
+	<section data-markdown>
+	# interoperability is a must 
+	### many projects converging for massive adoption of crypto
+	## Keep tuned for AUTOCRYPT: Enigmail, K9, Mailpile, Pixelated, Bitmask
+	</section>
+</section>
+<section>
+
+	<section data-markdown>
+	## LEAP platform
+	### A toolkit to make it easy for you to run a federated service provider.
+	</section>
+
+	<section data-markdown>
+	* Configuration Management using puppet
+	* Installs and configures the servers
+	* leap_cli is the tool to deploy to the servers
+	* Provider confiduration is stored on admin laptop
+	</section>
+
+	<section>
+	<h2>LEAP Platform Example: Setup single node email provider</h2>
+
+<pre><code class="hljs" data-trim contenteditable>
+sudo gem install leap_cli
+leap new example --domain example.org
+cd example
+leap add-user --self
+leap cert ca
+leap cert csr
+leap node add raspberry \
+  services:couchdb,webapp,soledad,mx ip_address:1.1.1.3
+leap init node
+leap deploy
+</code></pre>
+	</section>
+
+	<section data-markdown>
+	## LEAP Platform: Install and configure the server/s
+	* Email: Postfix, spamassassin, clamav
+	* Database: couchdb, stunnel
+	* Webserver: apache
+	* Encrypting remailer: leap-mx
+	* Synchronisation: soledad
+	* Account management, issue tracking: leap-webapp
+	* Firewall: shorewall
+	* Monitoring: nagios, check_mk
+	</section>
+
+
+	<section data-markdown>
+	## Server-side techstack
+
+	* PLatform: Puppet
+	* leap_cli: ruby
+	* leap_web: Ruby on Rails
+	* leap_mx, soledad: Python Twisted
+	</section>
+
+	<section data-markdown>
+	## Other LEAP components 
+	* SOLEDAD
+	* Bonafide (registration, auth, pass change...)
+	* Current Services: VPN, Encrypted Email
+	</section>
+
+
+	<section data-markdown>
+	## LEAP Webapp
+
+	* API for user authentication
+	* Help Tickets
+	* User Management
+	* Payment processing
+	*  Customisable
+	</section>
+
+	<section>
+	<img src="https://rawgit.com/leapcode/leap_presentations/master/rgsoc2016_leap_overview/images/leap-webapp1.png">
+	</section>
+
+
+	<section>
+	<img src="https://rawgit.com/leapcode/leap_presentations/master/rgsoc2016_leap_overview/images/leap-webapp2.png">
+	</section>
+
+	<section>
+	<img src="https://rawgit.com/leapcode/leap_presentations/master/rgsoc2016_leap_overview/images/leap-webapp-tickets.png">
+	</section>
+   </section>
+
+   <section>
+
+	<section data-markdown>
+	## the client: Bitmask
+	* basically an encryption proxy
+	* protocol specific for mail
+	* linux (deb, bundles), [windows, osx]
+	* android client
+	</section>
+
+	<section>
+	<img src="images/bitmask1.png">
+	</section>
+
+ 	<section data-markdown>
+	## show me the code!
+	<a href="https://github.com/leapcode/">https://github.com/leapcode/</a>
+	* ~30 repos
+	* GPL code
+	</section>
+
+</section>
+
+
+<section>
+	<section data-markdown>
+	## threat model
+	* Active or passive adversary
+	* Avoid the recovering of Communications Plaintext
+	* Avoid the recovering of the Social Graph (*)
+	</section>
+
+
+	<section data-markdown>
+	## trust model
+	* do *not* trust the provider too much
+	* passwords never reach the server in cleartext (srp + encrypted keys)
+	* TOFU for key and certificate discovery
+	* encrypted data
+	* minimize metadata!
+	</section>
+
+	<section data-markdown>
+	### backwards compatible
+	* vpn
+	* OpenPGP
+	* imap, smtp (clientside proxies)
+	</section>
+
+	<section data-markdown>
+	## VPN
+
+	* prevent eavesdropping.
+	* circunvent internet censorship.
+	* firewall: prevent leaks (DNS, IPv6, ...).
+	* static portable builds, mbed SSL
+	* targeting home routers too (openwrt port)
+	* autoconf, reconnect, fail close
+	* obsproxy integration
+	</section>
+</section>
+
+<section>
+	<section data-markdown>
+	## SOLEDAD
+	* Synchronization of Locally Encrypted Data Among Devices
+	* auth: srp
+	* kdf: scrypt
+	* AES-256-GCM
+	* built on top of canonical's u1db
+	* vector clocks
+	* clientside: sqlcipher backend
+	* serverside: couchdb cluster (+ distribuded fs?!)
+	</section>	
+
+	<section data-markdown>
+	## Problem: Attachments
+	* Syncing blobs in a convoluted store
+	* Pluggable BlobsIO backend for server (in dev)
+	* FS as MVP, others welcome!
+	* Follow the "git-annex" model
+	</section>
+
+</section>
+
+
+
+<section>
+	<section>
+	<img src="images/schema.jpg">
+	</section>
+
+	<section>
+	<img src="images/soledad.jpg">
+	</section>
+
+	<section>
+	<img src="images/mx.jpg">
+	</section>
+
+	<section>
+	<img src="images/architecture.png">
+	</section>
+</section>
+
+<section>
+	<section data-markdown>
+	## TRANSITIONAL KEY VALIDATION
+	generic rules for automatic key management, transition from TOFU to more advanced ruleset.
+	* bind key <-> email address
+	* key directory
+	* endorser (provider)
+	* binding info: evidence for "educated guess"
+	* verified key transition (automatic)
+	</section>	
+
+	<section data-markdown>
+	## keymanager current rules
+	# TOFU (yes, but*)
+	### with a bunch of exceptions
+	</section>
+
+	<section data-markdown>
+	## 1. First Contact
+	
+	When one or more keys are first discovered for a particular email address, the key with the highest validation level is registered.
+	</section>
+
+	<section>
+	<h2>2. Regular Refresh</h2>
+	
+	<p>All keys are regularly refreshed to check for modified expirations, or new subkeys, or new keys signed by old keys.</p>
+	<p><small>This refresh SHOULD happen via some anonymizing mechanism.</small></p>
+	</section>
+
+	<section>
+	<h2>3. Key Replacement</h2>
+
+	<p>A registered key MUST be replaced by a new key in one of the following situations, and ONLY these situations:</p>
+	<ul>
+	<li class="fragment">Verified key transitions.</li>
+	<li class="fragment">If the user manually verifies the fingerprint of the new key.</li>
+	<li class="fragment">If the registered key is expired or revoked and the new key is of equal or higher validation level.</li>
+	<li class="fragment">If the registered key has never been successfully used and the new key has a higher validation level.</li>
+	<li class="fragment">If the registered key has no expiration date.</li>
+	</ul>
+
+	<aside class="notes">
+ 	verified key transtion == signed by the previously
+	</aside>
+	</section>
+</section>
+
+<section>
+	<section data-markdown>
+	# Validation levels
+
+	low == less trust on the source
+	</section>
+
+	<section data-markdown>
+	## 1. Weak Chain
+	<sub>ej: sks key servers, email attached key, OpenPGP header, ...</sub>
+	</section>
+
+	<section data-markdown>
+	## 2. Provider Trust
+	<sub>ej: webfinger, provider mailvelope</sub>
+
+	Note:
+	* Certified by the provider
+	* Not auditable
+	</section>
+
+	<section data-markdown>
+	## 3. Provider Endorsement
+	<sub>ej: NickNym</sub>
+
+	Note:
+	* auditable
+	</section>
+
+	<section data-markdown>
+	## 4. Historical Auditing
+	<sub>ej: CONIKS, google's transparent keyserver</sub>
+	</section>
+
+	<section data-markdown>
+	## 5. Known Key
+	<sub>client pinned keys</sub>
+	</section>
+
+	<section data-markdown>
+	## 6. Fingerprint
+	<sub>manual verification</sub>
+	</section>
+</section>
+
+<section>
+	<section data-markdown>
+	## users wants a webmail?
+	</section>
+
+	<section data-markdown>
+	## give them a webmail 
+	## (kudos to pixelated!)
+	</section>
+
+	<section>
+	<img src="images/pixelated-user-agent.png">
+	</section>
+
+	<section>
+	<img src="images/pix.png">
+	</section>
+</section>
+
+<section>
+	<section data-markdown>
+	## developments ahead 
+	* Torbirdy integration
+	* NEXTLEAP/PANORAMIX
+	* AUTOCRYPT! (in-band opportunistic key encryption)
+	* MEMORYHOLE (protecting most mail headers while in transit)
+	* mix networks
+	</section>
+</section>
+
+<section>
+	<section>
+	<h2>thanks! questions?</h1>
+	<img src="images/contact-QR.png" alt="QR with info contact for kali & leap">
+	<h3>BE23 FB4A 0E9D B36E CB9A  B8BE 2363 8BF7 2C59 3BC1</h2>
+	</section>
+</section>
+
+</div>
+		<script src="lib/js/head.min.js"></script>
+		<script src="js/reveal.js"></script>
+
+		<script>
+
+			// More info https://github.com/hakimel/reveal.js#configuration
+			Reveal.initialize({
+			        /*parallaxBackgroundImage: 'images/rainforest.jpg', */
+				/*parallaxBackgroundSize: '2400px 1758px',*/
+				controls: true,
+				progress: true,
+				history: true,
+				center: true,
+
+				transition: 'slide', // none/fade/slide/convex/concave/zoom
+
+				// More info https://github.com/hakimel/reveal.js#dependencies
+				dependencies: [
+					{ src: 'lib/js/classList.js', condition: function() { return !document.body.classList; } },
+					{ src: 'plugin/markdown/marked.js', condition: function() { return !!document.querySelector( '[data-markdown]' ); } },
+					{ src: 'plugin/markdown/markdown.js', condition: function() { return !!document.querySelector( '[data-markdown]' ); } },
+					{ src: 'plugin/highlight/highlight.js', async: true, callback: function() { hljs.initHighlightingOnLoad(); } },
+					{ src: 'plugin/zoom-js/zoom.js', async: true },
+					{ src: 'plugin/notes/notes.js', async: true }
+				]
+			});
+
+		</script>
+
+	</body>
+</html>