Google and Coronavirus Tech Handbook
This: https://coronavirustechhandbook.com/home is a super useful resource in my opinion. They are using Google Docs because it provides a really accessible way of doing content creation but hitting capacity issues. Are there any Google contacts here who can get them talking to the right people please? Message me offlist and I will update here when sorted. -- Rob Pickering, rob@pickering.org
can I trust its CA? Alex, LF/HF 2 Le 20/03/2020 à 18:54, Rob Pickering a écrit :
This: https://coronavirustechhandbook.com/home is a super useful resource in my opinion.
They are using Google Docs because it provides a really accessible way of doing content creation but hitting capacity issues.
Are there any Google contacts here who can get them talking to the right people please?
Message me offlist and I will update here when sorted.
-- Rob Pickering, rob@pickering.org <mailto:rob@pickering.org>
CA? On Fri, 20 Mar 2020 at 18:07, Alexandre Petrescu < alexandre.petrescu@gmail.com> wrote:
can I trust its CA?
Alex, LF/HF 2
Le 20/03/2020 à 18:54, Rob Pickering a écrit :
This: https://coronavirustechhandbook.com/home is a super useful resource in my opinion.
They are using Google Docs because it provides a really accessible way of doing content creation but hitting capacity issues.
Are there any Google contacts here who can get them talking to the right people please?
Message me offlist and I will update here when sorted.
-- Rob Pickering, rob@pickering.org
-- -- Rob Pickering, rob@pickering.org
CA==Certificate Authority the browser makes me questions before allowing me to see the content, after I click the indicated URL LF/HF Le 20/03/2020 à 19:08, Rob Pickering a écrit :
CA?
On Fri, 20 Mar 2020 at 18:07, Alexandre Petrescu <alexandre.petrescu@gmail.com <mailto:alexandre.petrescu@gmail.com>> wrote:
can I trust its CA?
Alex, LF/HF 2
Le 20/03/2020 à 18:54, Rob Pickering a écrit :
This: https://coronavirustechhandbook.com/home is a super useful resource in my opinion.
They are using Google Docs because it provides a really accessible way of doing content creation but hitting capacity issues.
Are there any Google contacts here who can get them talking to the right people please?
Message me offlist and I will update here when sorted.
-- Rob Pickering, rob@pickering.org <mailto:rob@pickering.org>
-- -- Rob Pickering, rob@pickering.org <mailto:rob@pickering.org>
On Fri, 20 Mar 2020 at 18:11, Alexandre Petrescu < alexandre.petrescu@gmail.com> wrote:
CA==Certificate Authority
the browser makes me questions before allowing me to see the content, after I click the indicated URL
LF/HF
What root CA list are you using?
I'm not at all involved in their hosting, but it looks like they are sitting behind Cloudflare SSL which is trusted by the default CA list of the browser vendor on my desktop. -- Rob Pickering, rob@pickering.org
You are asking what root CA list I am using? I answer: I use firefox browser on Windows 10 latest version. I dont know what root CA I use. I have several root CAs in my browser's option. Most of them came by default in firefow at install time. A few I had to install manually many months ago, because I had a one-to-one trust developped with a few people and their CAs. About cloudflare I think the followiing: I have seen it used at IETF servers. It takes a few seconds to check, which is fine. But I dont understand why its getting in the way. They should stop getting in people's way to browse for information. Now, I do not understand why my browser, that I consider clean, makes me questions about security, certificates, and so on. It might be that the right CA is not inserted in my CA list, I dont know, I have not looked in the firefox options today. But it is strange I could browse IETF ok with cloudflare, no question from the browser, but now there are questions in the browser about cloudflare and the URL you point to. Yours, I sign: Alex, LF/HF 2 (it means low stress) Le 20/03/2020 à 19:40, Rob Pickering a écrit :
On Fri, 20 Mar 2020 at 18:11, Alexandre Petrescu <alexandre.petrescu@gmail.com <mailto:alexandre.petrescu@gmail.com>> wrote:
CA==Certificate Authority
the browser makes me questions before allowing me to see the content, after I click the indicated URL
LF/HF
What root CA list are you using?
I'm not at all involved in their hosting, but it looks like they are sitting behind Cloudflare SSL which is trusted by the default CA list of the browser vendor on my desktop.
-- Rob Pickering, rob@pickering.org <mailto:rob@pickering.org>
What is your browser vendor on your desktop? Alex, LF/HF 2 Le 20/03/2020 à 19:40, Rob Pickering a écrit :
On Fri, 20 Mar 2020 at 18:11, Alexandre Petrescu <alexandre.petrescu@gmail.com <mailto:alexandre.petrescu@gmail.com>> wrote:
CA==Certificate Authority
the browser makes me questions before allowing me to see the content, after I click the indicated URL
LF/HF
What root CA list are you using?
I'm not at all involved in their hosting, but it looks like they are sitting behind Cloudflare SSL which is trusted by the default CA list of the browser vendor on my desktop.
-- Rob Pickering, rob@pickering.org <mailto:rob@pickering.org>
Rob, You told me in private a few moments ago that if I cant help with fixin an AS-number issue critical to you, then I should drop from this thread. I think I will drop out from this email list altogether. I wait a bit. Alex LF/HF 2 Le 20/03/2020 à 19:40, Rob Pickering a écrit :
On Fri, 20 Mar 2020 at 18:11, Alexandre Petrescu <alexandre.petrescu@gmail.com <mailto:alexandre.petrescu@gmail.com>> wrote:
CA==Certificate Authority
the browser makes me questions before allowing me to see the content, after I click the indicated URL
LF/HF
What root CA list are you using?
I'm not at all involved in their hosting, but it looks like they are sitting behind Cloudflare SSL which is trusted by the default CA list of the browser vendor on my desktop.
-- Rob Pickering, rob@pickering.org <mailto:rob@pickering.org>
On Fri, 20 Mar 2020, 20:08 Alexandre Petrescu, <alexandre.petrescu@gmail.com> wrote:
Rob,
You told me in private a few moments ago that if I cant help with fixin an AS-number issue critical to you, then I should drop from this thread.
I actually said "help reaching someone from AS15169" but, apart from that, yes good paraphrase. Please don't be offended, I'm just trying to help what I think is a super important resource stay accessible by connecting them to someone at Google who can help with a Google Docs access capacity issue they are having. Conversations about root CAs are noise in that context. Thank you.
please stop writing me private emails, thank you, with due politeness and smiley :-) Alex, LF/HF 2 Le 20/03/2020 à 19:40, Rob Pickering a écrit :
On Fri, 20 Mar 2020 at 18:11, Alexandre Petrescu <alexandre.petrescu@gmail.com <mailto:alexandre.petrescu@gmail.com>> wrote:
CA==Certificate Authority
the browser makes me questions before allowing me to see the content, after I click the indicated URL
LF/HF
What root CA list are you using?
I'm not at all involved in their hosting, but it looks like they are sitting behind Cloudflare SSL which is trusted by the default CA list of the browser vendor on my desktop.
-- Rob Pickering, rob@pickering.org <mailto:rob@pickering.org>
Alex, Rob, So I advised to run through Qualsys’s SSL Test: https://www.ssllabs.com/ssltest/analyze.html?d=coronavirustechhandbook.com <https://www.ssllabs.com/ssltest/analyze.html?d=coronavirustechhandbook.com> It’s pretty much fine, I did manually run though LibreSSL 2.6.5 with OSX 10.14.6 and it errors out, but that’s usually an edge case. ____________ eric$ openssl s_client -connect coronavirustechhandbook.com:443 -showcerts -tls1_2 -crlf CONNECTED(00000006) 4526024300:error:14004410:SSL routines:CONNECT_CR_SRVR_HELLO:sslv3 alert handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.260.1/libressl-2.6/ssl/ssl_pkt.c:1205:SSL alert number 40 4526024300:error:140040E5:SSL routines:CONNECT_CR_SRVR_HELLO:ssl handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.260.1/libressl-2.6/ssl/ssl_pkt.c:585: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 0 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Start Time: 1584736646 Timeout : 7200 (sec) Verify return code: 0 (ok) --- Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300
On Mar 20, 2020, at 4:34 PM, Alexandre Petrescu <alexandre.petrescu@gmail.com> wrote:
please stop writing me private emails, thank you, with due politeness and smiley :-)
Alex, LF/HF 2 Le 20/03/2020 à 19:40, Rob Pickering a écrit :
On Fri, 20 Mar 2020 at 18:11, Alexandre Petrescu <alexandre.petrescu@gmail.com <mailto:alexandre.petrescu@gmail.com>> wrote: CA==Certificate Authority
the browser makes me questions before allowing me to see the content, after I click the indicated URL
LF/HF What root CA list are you using?
I'm not at all involved in their hosting, but it looks like they are sitting behind Cloudflare SSL which is trusted by the default CA list of the browser vendor on my desktop.
-- Rob Pickering, rob@pickering.org <mailto:rob@pickering.org>
Thank you very much for the confirmation. I will now access the http about the handbook and accept the exception in my browser. There is no offence and I thank you for your understanding. Yours, Alex, LF/HF 2 Le 20/03/2020 à 21:40, Eric Tykwinski a écrit :
Alex, Rob,
So I advised to run through Qualsys’s SSL Test: https://www.ssllabs.com/ssltest/analyze.html?d=coronavirustechhandbook.com It’s pretty much fine, I did manually run though LibreSSL 2.6.5 with OSX 10.14.6 and it errors out, but that’s usually an edge case. ____________ eric$ openssl s_client -connect coronavirustechhandbook.com:443 <http://coronavirustechhandbook.com:443> -showcerts -tls1_2 -crlf CONNECTED(00000006) 4526024300:error:14004410:SSL routines:CONNECT_CR_SRVR_HELLO:sslv3 alert handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.260.1/libressl-2.6/ssl/ssl_pkt.c:1205:SSL alert number 40 4526024300:error:140040E5:SSL routines:CONNECT_CR_SRVR_HELLO:ssl handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.260.1/libressl-2.6/ssl/ssl_pkt.c:585: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 0 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Start Time: 1584736646 Timeout : 7200 (sec) Verify return code: 0 (ok) ---
Sincerely,
Eric Tykwinski TrueNet, Inc. P: 610-429-8300
On Mar 20, 2020, at 4:34 PM, Alexandre Petrescu <alexandre.petrescu@gmail.com <mailto:alexandre.petrescu@gmail.com>> wrote:
please stop writing me private emails, thank you, with due politeness and smiley :-)
Alex, LF/HF 2 Le 20/03/2020 à 19:40, Rob Pickering a écrit :
On Fri, 20 Mar 2020 at 18:11, Alexandre Petrescu <alexandre.petrescu@gmail.com <mailto:alexandre.petrescu@gmail.com>> wrote:
CA==Certificate Authority
the browser makes me questions before allowing me to see the content, after I click the indicated URL
LF/HF
What root CA list are you using?
I'm not at all involved in their hosting, but it looks like they are sitting behind Cloudflare SSL which is trusted by the default CA list of the browser vendor on my desktop.
-- Rob Pickering, rob@pickering.org <mailto:rob@pickering.org>
After trying to access it, I hit my company http gateway (I am on a VPN for my default route, company policy) who blocks it. I will get off the VPN to try to access the Coronavirus Tech Handbook on the Internet. Alex, LF/HF 2 Le 20/03/2020 à 22:04, Alexandre Petrescu a écrit :
Thank you very much for the confirmation.
I will now access the http about the handbook and accept the exception in my browser.
There is no offence and I thank you for your understanding.
Yours,
Alex, LF/HF 2 Le 20/03/2020 à 21:40, Eric Tykwinski a écrit :
Alex, Rob,
So I advised to run through Qualsys’s SSL Test: https://www.ssllabs.com/ssltest/analyze.html?d=coronavirustechhandbook.com It’s pretty much fine, I did manually run though LibreSSL 2.6.5 with OSX 10.14.6 and it errors out, but that’s usually an edge case. ____________ eric$ openssl s_client -connect coronavirustechhandbook.com:443 <http://coronavirustechhandbook.com:443> -showcerts -tls1_2 -crlf CONNECTED(00000006) 4526024300:error:14004410:SSL routines:CONNECT_CR_SRVR_HELLO:sslv3 alert handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.260.1/libressl-2.6/ssl/ssl_pkt.c:1205:SSL alert number 40 4526024300:error:140040E5:SSL routines:CONNECT_CR_SRVR_HELLO:ssl handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.260.1/libressl-2.6/ssl/ssl_pkt.c:585: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 0 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Start Time: 1584736646 Timeout : 7200 (sec) Verify return code: 0 (ok) ---
Sincerely,
Eric Tykwinski TrueNet, Inc. P: 610-429-8300
On Mar 20, 2020, at 4:34 PM, Alexandre Petrescu <alexandre.petrescu@gmail.com <mailto:alexandre.petrescu@gmail.com>> wrote:
please stop writing me private emails, thank you, with due politeness and smiley :-)
Alex, LF/HF 2 Le 20/03/2020 à 19:40, Rob Pickering a écrit :
On Fri, 20 Mar 2020 at 18:11, Alexandre Petrescu <alexandre.petrescu@gmail.com <mailto:alexandre.petrescu@gmail.com>> wrote:
CA==Certificate Authority
the browser makes me questions before allowing me to see the content, after I click the indicated URL
LF/HF
What root CA list are you using?
I'm not at all involved in their hosting, but it looks like they are sitting behind Cloudflare SSL which is trusted by the default CA list of the browser vendor on my desktop.
-- Rob Pickering, rob@pickering.org <mailto:rob@pickering.org>
1. I did not understand why you call it "_Google_ and... Handbook" Is Google part of this? I dont see it in the pages. 2. Now I realize it works ok to browse https://coronavirustechhandbook.com/home but only if I am not on mandatory organisation VPN (my employer). 3. That handbook shows sole facebook group to subscribe to, a twitter, a chat opportunity. There is also a "Isolation Toolkit Tips for staying at home, doing physical distancing correctly, and managing your mental health." among others. There are directories of volunteering groups, which I think it is a great idea. The presentation reminds of Altavista and Yahoo directories when I imagined I could browse all the Internet through it. It's strange Google does the same now, instead of searching :-) Also, about the presentation, they use a particular logo, round shape, three black circles like they were 'claws' on yellow background. I think that's hazardous logo for chemistry material: when I see that typically I stay away from such logos, it spells danger. I dont knnow why they put that there. Finally, if this handbook is something that comes from UK (because they say "If you are not a specialist: www.gov.uk/coronavirus (or your regional equivalent)") then my advice is the following: UK recently went through a denial period; during that denial period they made wrong advices (remember: travel from US to UK only, not to EU); I hope they changed their advice and very fast. Otherwise, UK is not trustful for me at this time. No offence to anyone from UK (I have trustful friends in UK), and with all due respect. Yours, Alex, LF/HF 2 Le 20/03/2020 à 22:06, Alexandre Petrescu a écrit :
After trying to access it, I hit my company http gateway (I am on a VPN for my default route, company policy) who blocks it.
I will get off the VPN to try to access the Coronavirus Tech Handbook on the Internet.
Alex, LF/HF 2 Le 20/03/2020 à 22:04, Alexandre Petrescu a écrit :
Thank you very much for the confirmation.
I will now access the http about the handbook and accept the exception in my browser.
There is no offence and I thank you for your understanding.
Yours,
Alex, LF/HF 2 Le 20/03/2020 à 21:40, Eric Tykwinski a écrit :
Alex, Rob,
So I advised to run through Qualsys’s SSL Test: https://www.ssllabs.com/ssltest/analyze.html?d=coronavirustechhandbook.com It’s pretty much fine, I did manually run though LibreSSL 2.6.5 with OSX 10.14.6 and it errors out, but that’s usually an edge case. ____________ eric$ openssl s_client -connect coronavirustechhandbook.com:443 <http://coronavirustechhandbook.com:443> -showcerts -tls1_2 -crlf CONNECTED(00000006) 4526024300:error:14004410:SSL routines:CONNECT_CR_SRVR_HELLO:sslv3 alert handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.260.1/libressl-2.6/ssl/ssl_pkt.c:1205:SSL alert number 40 4526024300:error:140040E5:SSL routines:CONNECT_CR_SRVR_HELLO:ssl handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.260.1/libressl-2.6/ssl/ssl_pkt.c:585: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 0 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Start Time: 1584736646 Timeout : 7200 (sec) Verify return code: 0 (ok) ---
Sincerely,
Eric Tykwinski TrueNet, Inc. P: 610-429-8300
On Mar 20, 2020, at 4:34 PM, Alexandre Petrescu <alexandre.petrescu@gmail.com <mailto:alexandre.petrescu@gmail.com>> wrote:
please stop writing me private emails, thank you, with due politeness and smiley :-)
Alex, LF/HF 2 Le 20/03/2020 à 19:40, Rob Pickering a écrit :
On Fri, 20 Mar 2020 at 18:11, Alexandre Petrescu <alexandre.petrescu@gmail.com <mailto:alexandre.petrescu@gmail.com>> wrote:
CA==Certificate Authority
the browser makes me questions before allowing me to see the content, after I click the indicated URL
LF/HF
What root CA list are you using?
I'm not at all involved in their hosting, but it looks like they are sitting behind Cloudflare SSL which is trusted by the default CA list of the browser vendor on my desktop.
-- Rob Pickering, rob@pickering.org <mailto:rob@pickering.org>
On Fri, 20 Mar 2020 at 21:20, Alexandre Petrescu < alexandre.petrescu@gmail.com> wrote:
1. I did not understand why you call it "_Google_ and... Handbook"
For goodness sake I posted here looking for an AS15169 contact for a useful project that needs some of their help. What I seem to be getting is a bunch of critique from folks who don't understand the difference between the Internet and a corporate VPN which is MITMing their SSL traffic about the merits of the technology choices the project made and the country it originates in (in case you haven't noticed all of our governments are all screwing this up). Nanog has gone to the dogs, it wasn't like this after 9/11! Thanks folks.
Rob, It is all fine. I did not want to say anything to enter part of a bunch of critique, sorry. I value the pointer to document. Being on VPN means to some times get useful info that others dont have, and other times it means to be denied useful info that others have. But VPN is mandatory policy in some places. It has nothing to do with Nanog policy, if there is one. There might be a need to link together the VPN world with the non-VPN world. Nanog is a great place where people keep the Internet running by collaboration, including AS numbers. Yours, Alex, LF/HF 2 Le 20/03/2020 à 22:47, Rob Pickering a écrit :
On Fri, 20 Mar 2020 at 21:20, Alexandre Petrescu <alexandre.petrescu@gmail.com <mailto:alexandre.petrescu@gmail.com>> wrote:
1. I did not understand why you call it "_Google_ and... Handbook"
For goodness sake I posted here looking for an AS15169 contact for a useful project that needs some of their help.
What I seem to be getting is a bunch of critique from folks who don't understand the difference between the Internet and a corporate VPN which is MITMing their SSL traffic about the merits of the technology choices the project made and the country it originates in (in case you haven't noticed all of our governments are all screwing this up).
Nanog has gone to the dogs, it wasn't like this after 9/11!
Thanks folks.
it has "Places Tracking the Data" but needs "Places Tracking You" considering the javascript i had to enable in the scratch vm i spun up to read it, i suspect this would be on that list. randy
participants (4)
-
Alexandre Petrescu
-
Eric Tykwinski
-
Randy Bush
-
Rob Pickering