At the zoo last Sunday. Yep, that’s four spots that were taken up to ensure they didn’t risk a door ding. There was a ticket on it when we left.

While I was at the SCIP conference I was able to meet several folks from Strategy Software, who make several products I use. We talked about their products and their features, and we also ended up talking about creating a user’s group.

There were a few of us “power users” there, and everyone seemed to think it was a good idea. It was one of those discussions where everyone’s nodding, but no one is talking about what they’re going to do, so I volunteered to put it together.

So on the way home in the airport I found a spot with free wi-fi and set to work. One of the things I really love about the internet is how quickly things can be done. In less than an hour I had found software (PHPBB) and had uploaded it to my web servers, defined the forums, thought up a name (poorly chosen and later changed), written posts, and emailed the others about it.

That was Friday, and Saturday I registered a domain, cleaned up the site, set up security on the Strategy Software forums (they’re for licensees only) and wrote more posts. Since then the domain as changed to www.speakstrategy.com. The folks from Strategy Software have been participating, and now we have 48 articles and 10 users.

But that’s not enough!

So, please come and have a look when you can!

www.speakstrategy.com is a place where CI professionals and others involved in research or information security can network and discuss issues that are important to them, as well as their experience with Strategy Software products. It’s still in it’s infancy, so now’s the time to get in on the ground floor!

I’ve been doing a lot more experimenting after my last post, and looking back I realize now that I came into this with a very strong PGP bias.

Don’t get me wrong - I still think PGP is neat. It’s the most flexible in pure terms, and because there are open source versions of it there is a solution for almost every need. The problem is that in day to day use, they almost all get pretty tiresome pretty quickly.

I also realized that while Thawte’s process for getting a key is a bit lumpy, it’s really not as bad as I thought. First, you can have multiple ID’s in one key. Second, you can export the keys from one application to another. True, you do have to enter the password three times but the reason is that two of those times are because it’s offering to let you choose a new password.

Thunderbird with Enigmail is the most graceful solution for free. It is really slick, with the PGP part working as smoothly as the Digital ID - s/mime part. If I had to use both, it would be my first choice.

The thing about s/mime (what I was improperly calling Digital ID) is that it’s really quite transparent in daily use, but not so invisible that you don’t know if it’s working or not. A small lock or ribbon icon on an email confirms that it’s secure, while in Outlook it even prevents you from viewing the email in the preview pane.

Transferring keys is different as well - the software can be set to send your key (they call it a certificate) when you send a signed email. This allows the recipient to pull your key in and use it to send you encrypted email in the future.

Key management isn’t as bad as I thought. While they may expire (I’m not sure they all do) the system keeps track of them more or less automatically - at least in my brief experience it seems to. They are reasonably easy to back up as well, and don’t seem to be computer-dependant as I had originally thought.

So, while I had thought PGP was the easier method, I now believe s/mime is easier - at least it has been in actual use.