From john at jjdev.com Wed Sep 1 17:20:01 2004 From: john at jjdev.com (johnd) Date: Wed, 1 Sep 2004 17:20:01 -0700 Subject: [buug] two urls one ip...with ssl Message-ID: <20040902002001.GA20140@stang.jjdev.com> I know I can't use name based virt hosts on apache and ssl... I have two domain names that both point to one ip...they are the same app though. just checking to make sure I'm not over complicating things in my head For each app to be ssl I obviously need two IPs right? -- John de la Garza Computer Support (714) 315-5499 http://jjdev.com/ From jan at caustic.org Wed Sep 1 17:27:47 2004 From: jan at caustic.org (f.johan.beisser) Date: Wed, 1 Sep 2004 17:27:47 -0700 (PDT) Subject: [buug] two urls one ip...with ssl In-Reply-To: <20040902002001.GA20140@stang.jjdev.com> References: <20040902002001.GA20140@stang.jjdev.com> Message-ID: <20040901172652.Q64612@pogo.caustic.org> On Wed, 1 Sep 2004, johnd wrote: > For each app to be ssl I obviously need two IPs right? no. you need two certificates, one for each ssl virtual host (i think). --- f.johan.beisser --- Thanks bash.org! matts: bikes go faster than cars...a bike at 60 mph is a lot faster than a car at 60 mph a bike at 60 mph will blow by a car at 60 mph From atporter at primate.net Wed Sep 1 17:34:23 2004 From: atporter at primate.net (Aaron T Porter) Date: Wed, 1 Sep 2004 17:34:23 -0700 Subject: [buug] two urls one ip...with ssl In-Reply-To: <20040901172652.Q64612@pogo.caustic.org> References: <20040902002001.GA20140@stang.jjdev.com> <20040901172652.Q64612@pogo.caustic.org> Message-ID: <20040902003423.GV801@primate.net> On Wed, Sep 01, 2004 at 05:27:47PM -0700, f.johan.beisser wrote: > On Wed, 1 Sep 2004, johnd wrote: > > > For each app to be ssl I obviously need two IPs right? > > no. you need two certificates, one for each ssl virtual host (i think). The SSL handshake happens before HTTP, so you must pick a cert per IP. I think that if you get/generate a "Wildcard" SSL Cert you can do vhosts within the same domain. From robert at roberthelmer.com Wed Sep 1 17:34:31 2004 From: robert at roberthelmer.com (Rob Helmer) Date: Wed, 01 Sep 2004 17:34:31 -0700 Subject: [buug] two urls one ip...with ssl In-Reply-To: <20040902002001.GA20140@stang.jjdev.com> References: <20040902002001.GA20140@stang.jjdev.com> Message-ID: <41366A97.2000805@roberthelmer.com> Hi John, The SSL negotiation happens before any HTTP headers are passed, which is why you do need one IP per domain. Named-based virtual hosting works by looking at the "Host:" HTTP header, so you're pretty much stuck with whatever the domain the certificate has on it, and this needs to match what the user typed into their web browser. By the time the "Host:" header is encountered by Apache, SSL negotiation has already been decided. This also means that you need a seperate SSL certificate for each domain. -- Rob johnd wrote: > I know I can't use name based virt hosts on apache and ssl... > > > I have two domain names that both point to one ip...they are the same > app though. > > > just checking to make sure I'm not over complicating things in my head > > > For each app to be ssl I obviously need two IPs right? > > From wfhoney at pacbell.net Wed Sep 1 17:39:13 2004 From: wfhoney at pacbell.net (Bill Honeycutt) Date: Wed, 01 Sep 2004 17:39:13 -0700 Subject: [buug] two urls one ip...with ssl In-Reply-To: <20040901172652.Q64612@pogo.caustic.org> References: <20040902002001.GA20140@stang.jjdev.com> <20040901172652.Q64612@pogo.caustic.org> Message-ID: <41366BB1.6070902@pacbell.net> You can configure "which" certificate is used with a virtual host in httpd.conf. One certificate would be needed for each virtual host, as I understand it. I don't think you can create the cert based on IP and get away with it without the browser throwing up a warning about a bad certificate. f.johan.beisser wrote: > On Wed, 1 Sep 2004, johnd wrote: > > >>For each app to be ssl I obviously need two IPs right? > > > no. you need two certificates, one for each ssl virtual host (i think). > > > > --- f.johan.beisser --- > Thanks bash.org! > matts: bikes go faster than cars...a bike at 60 mph > is a lot faster than a car at 60 mph > a bike at 60 mph will blow by a car at 60 mph > _______________________________________________ > Buug mailing list > Buug at weak.org > http://www.weak.org/mailman/listinfo/buug > From wfhoney at pacbell.net Wed Sep 1 17:43:17 2004 From: wfhoney at pacbell.net (Bill Honeycutt) Date: Wed, 01 Sep 2004 17:43:17 -0700 Subject: [buug] two urls one ip...with ssl In-Reply-To: <20040902003423.GV801@primate.net> References: <20040902002001.GA20140@stang.jjdev.com> <20040901172652.Q64612@pogo.caustic.org> <20040902003423.GV801@primate.net> Message-ID: <41366CA5.6040508@pacbell.net> How would the Wildcard work? Something like *.mydomain ...when you generate the certificate? Aaron T Porter wrote: > On Wed, Sep 01, 2004 at 05:27:47PM -0700, f.johan.beisser wrote: > >>On Wed, 1 Sep 2004, johnd wrote: >> >> >>>For each app to be ssl I obviously need two IPs right? >> >>no. you need two certificates, one for each ssl virtual host (i think). > > > The SSL handshake happens before HTTP, so you must pick a cert per > IP. I think that if you get/generate a "Wildcard" SSL Cert you can do > vhosts within the same domain. > _______________________________________________ > Buug mailing list > Buug at weak.org > http://www.weak.org/mailman/listinfo/buug > From robert at roberthelmer.com Wed Sep 1 18:30:52 2004 From: robert at roberthelmer.com (Rob Helmer) Date: Wed, 01 Sep 2004 18:30:52 -0700 Subject: [buug] two urls one ip...with ssl In-Reply-To: References: Message-ID: <413677CC.8000605@roberthelmer.com> Jeff Harris wrote: > On Wed, 1 Sep 2004, Rob Helmer wrote: >>The SSL negotiation happens before any HTTP headers are passed, which is >>why you do need one IP per domain. Named-based virtual hosting works by >>looking at the "Host:" HTTP header, so you're pretty much stuck with >>whatever the domain the certificate has on it, and this needs to match >>what the user typed into their web browser. By the time the "Host:" >>header is encountered by Apache, SSL negotiation has already been decided. >> >>This also means that you need a seperate SSL certificate for each domain. >> > > > SSL can work with name based virt hosts if each one uses a different > port. I remember seeing this come up somewhere when I wasn't looking for > it, so I didn't commit it to memory. > > IIRC, Each IP:port combination can use a different certificate, but I > don't remember if they can be run from the same apache or if you need an > apache instance for each set of ports. True. One Apache instance can bind to multiple ports and send the traffic to different name or IP based vhosts. However if each port represents a site being served on a different domain name, you will still need two certificates.. this could be a way to save on IP addresses, if you don't have any to spare. I've used the same certificate to serve both HTTPS (:443) and IMAPS (:993), and I know that when requesting a certificate you don't need to specify the ports you intend to use. I don't know if any user agents care if you're using a non-standard port for HTTPS though. If it's for a public site and I had to do the above, I'd be concerned about users neglecting to enter the port as part of the URL. I'd probably set up a name-based non-SSL vhost for each domain, and advertise that as the website address. This non-SSL vhost would then redirect to the proper domain:port at the proper time. This seems to be how most public websites work anyway, because most browsers substitute "http://" for the user, and the general public doesn't neccessarily notice the "https://". -- Rob From jan at caustic.org Wed Sep 1 18:33:11 2004 From: jan at caustic.org (f.johan.beisser) Date: Wed, 1 Sep 2004 18:33:11 -0700 (PDT) Subject: [buug] odd DHCPd issue. Message-ID: <20040901182815.P64612@pogo.caustic.org> I'm working with a small Mom & Pop 802.11b based wireless ISP. They're tiny, community based, and pretty cool. So, we're working on converting to a different DHCP server (off of a linksys hardware one, and on to the ISC dhcpd, version 3), but there's a couple clients that time out now which didn't before. wierd. they're dumping traffic on the default broadcast address range (169.254.0.0/16) since the timeout with the linksys happened. they don't, for some reason, respond to the new dhcp server. thoughts? --- f.johan.beisser --- Thanks bash.org! matts: bikes go faster than cars...a bike at 60 mph is a lot faster than a car at 60 mph a bike at 60 mph will blow by a car at 60 mph From john at jjdev.com Wed Sep 1 19:55:35 2004 From: john at jjdev.com (John de la Garza) Date: Wed, 1 Sep 2004 19:55:35 -0700 Subject: [buug] two urls one ip...with ssl In-Reply-To: <20040902003423.GV801@primate.net> References: <20040902002001.GA20140@stang.jjdev.com> <20040901172652.Q64612@pogo.caustic.org> <20040902003423.GV801@primate.net> Message-ID: <8FF1621A-FC8B-11D8-8EA9-000393CB11D4@jjdev.com> That is what I thought...they are two domain names. I told managment that SSL and name based vhosts don't work together and we need two IP's I pretty much new this, but wanted to double check. On Sep 1, 2004, at 5:34 PM, Aaron T Porter wrote: > On Wed, Sep 01, 2004 at 05:27:47PM -0700, f.johan.beisser wrote: >> On Wed, 1 Sep 2004, johnd wrote: >> >>> For each app to be ssl I obviously need two IPs right? >> >> no. you need two certificates, one for each ssl virtual host (i >> think). > > The SSL handshake happens before HTTP, so you must pick a cert per > IP. I think that if you get/generate a "Wildcard" SSL Cert you can do > vhosts within the same domain. > _______________________________________________ > Buug mailing list > Buug at weak.org > http://www.weak.org/mailman/listinfo/buug From mp at rawbw.com Wed Sep 1 22:53:24 2004 From: mp at rawbw.com (Michael Paoli) Date: Wed, 1 Sep 2004 22:53:24 -0700 Subject: [buug] hardware load balancing vs software In-Reply-To: <20040901005140.GA16080@stang.jjdev.com> References: <20040828052102.18852.qmail@web80605.mail.yahoo.com> <458B776C-F8FF-11D8-8C81-000393CB11D4@jjdev.com> <41351A6F.9040200@brc2.com> <20040901005140.GA16080@stang.jjdev.com> Message-ID: <1094104404.4136b5545da8c@webmail.rawbw.com> Well, actually, BIND (generally) hands out all the IPs each time, but round-robins the order each time it hands out the IPs. Generally speaking if the client doesn't get a response from the first of multiple IPs, it eventually times out and goes on to subsequent IPs, until it gets one that responds, or exhausts trying the various IPs. Note however if the server does "respond" - such as with connection refused (server being brought up or down, or server up but service down), the client doesn't bother trying other IPs. So, in short, BIND DNS round-robin can do some crude "load balancing" of sorts, and it may be adequate for some scenarios, but in many situations, at least by itself, it may not be sufficient. Quoting johnd : > our system (hardware and software) knows not to send traffic to boxes > that our down > if I did this and a server went down, bind would still give the ip > out and teh client would get a error > On Tue, Aug 31, 2004 at 07:40:15PM -0500, Neal Samarakkody wrote: > > John de la Garza wrote: > > >I'm not asking if we should use tomcat or apache > > >Im asking if we should use a hardware loadbalancer or apache to load > > >balance > > >apache will be used regardless > > the easiest way to do load balancing between webservers is to have dns > > do the work. having the same name like www point to different ip's will > > cause dns to cycle through the list of ip's for a certain name as > > requests arrive. actually, this is the manner in which bind behaves. i > > am assuming most other dns daemons behave similarly. > > so you do not need a hardware load balancer or apache to do load > balancing. From brian at dessent.net Thu Sep 2 06:04:37 2004 From: brian at dessent.net (Brian Dessent) Date: Thu, 02 Sep 2004 06:04:37 -0700 Subject: [buug] two urls one ip...with ssl References: <20040902002001.GA20140@stang.jjdev.com> <20040901172652.Q64612@pogo.caustic.org> <20040902003423.GV801@primate.net> <8FF1621A-FC8B-11D8-8EA9-000393CB11D4@jjdev.com> Message-ID: <41371A65.5C061498@dessent.net> John de la Garza wrote: > > That is what I thought...they are two domain names. I told managment > that SSL and name based vhosts don't work together and we need two IP's You can use seperate ports on the same IP or seperate IPs with the same port. You can't do them both on the same IP and port though, as you've noted. Brian From john at jjdev.com Thu Sep 2 07:15:26 2004 From: john at jjdev.com (John de la Garza) Date: Thu, 2 Sep 2004 07:15:26 -0700 Subject: [buug] two urls one ip...with ssl In-Reply-To: <41371A65.5C061498@dessent.net> References: <20040902002001.GA20140@stang.jjdev.com> <20040901172652.Q64612@pogo.caustic.org> <20040902003423.GV801@primate.net> <8FF1621A-FC8B-11D8-8EA9-000393CB11D4@jjdev.com> <41371A65.5C061498@dessent.net> Message-ID: <893B2DF7-FCEA-11D8-8793-000393CB11D4@jjdev.com> they have to be port 80 and 443...that is pretty much a given for a commerical web site http on 80 https on 443 I pretty much got what I was looking for I just wanted a confirmation of what I knew, before I tell management they must do it different On Sep 2, 2004, at 6:04 AM, Brian Dessent wrote: > John de la Garza wrote: >> >> That is what I thought...they are two domain names. I told managment >> that SSL and name based vhosts don't work together and we need two >> IP's > > You can use seperate ports on the same IP or seperate IPs with the same > port. You can't do them both on the same IP and port though, as you've > noted. > > Brian From brian at dessent.net Thu Sep 2 20:41:09 2004 From: brian at dessent.net (Brian Dessent) Date: Thu, 02 Sep 2004 20:41:09 -0700 Subject: [buug] two urls one ip...with ssl References: <20040902002001.GA20140@stang.jjdev.com> <20040901172652.Q64612@pogo.caustic.org> <20040902003423.GV801@primate.net> <8FF1621A-FC8B-11D8-8EA9-000393CB11D4@jjdev.com> <41371A65.5C061498@dessent.net> <893B2DF7-FCEA-11D8-8793-000393CB11D4@jjdev.com> Message-ID: <4137E7D5.A858FB28@dessent.net> John de la Garza wrote: > > they have to be port 80 and 443...that is pretty much a given for a > commerical web site > > http on 80 > https on 443 There's no technical reason you can't do http and https on any port you want, it's hardly a requirement. However, it does ease compatibility and is most likely to be able to travel through firewalls. So I think what you meant to say is that "management has the requirement that..." and not that it is a hard rule defined anywhere. Brian From john at jjdev.com Thu Sep 2 20:48:38 2004 From: john at jjdev.com (John de la Garza) Date: Thu, 2 Sep 2004 20:48:38 -0700 Subject: [buug] two urls one ip...with ssl In-Reply-To: <4137E7D5.A858FB28@dessent.net> References: <20040902002001.GA20140@stang.jjdev.com> <20040901172652.Q64612@pogo.caustic.org> <20040902003423.GV801@primate.net> <8FF1621A-FC8B-11D8-8EA9-000393CB11D4@jjdev.com> <41371A65.5C061498@dessent.net> <893B2DF7-FCEA-11D8-8793-000393CB11D4@jjdev.com> <4137E7D5.A858FB28@dessent.net> Message-ID: <23823644-FD5C-11D8-858D-000393CB11D4@jjdev.com> actually they are know as well known ports for those services I don't know what you experience is with this, so forgive me if I over simplify. When you put http in a browser it defaults to port 80 https goes to 443 if you run a website and want the user to put the domain name alone as the url you must run your http external listening things on port 80 and https on 443 I didn't mean to say management requires it... Everyone expects it it is default behavior. I have not decided this. On Sep 2, 2004, at 8:41 PM, Brian Dessent wrote: > John de la Garza wrote: >> >> they have to be port 80 and 443...that is pretty much a given for a >> commerical web site >> >> http on 80 >> https on 443 > > There's no technical reason you can't do http and https on any port you > want, it's hardly a requirement. However, it does ease compatibility > and is most likely to be able to travel through firewalls. So I think > what you meant to say is that "management has the requirement that..." > and not that it is a hard rule defined anywhere. > > Brian > _______________________________________________ > Buug mailing list > Buug at weak.org > http://www.weak.org/mailman/listinfo/buug From brian at dessent.net Fri Sep 3 02:20:39 2004 From: brian at dessent.net (Brian Dessent) Date: Fri, 03 Sep 2004 02:20:39 -0700 Subject: [buug] two urls one ip...with ssl References: <20040902002001.GA20140@stang.jjdev.com> <20040901172652.Q64612@pogo.caustic.org> <20040902003423.GV801@primate.net> <8FF1621A-FC8B-11D8-8EA9-000393CB11D4@jjdev.com> <41371A65.5C061498@dessent.net> <893B2DF7-FCEA-11D8-8793-000393CB11D4@jjdev.com> <4137E7D5.A858FB28@dessent.net> <23823644-FD5C-11D8-858D-000393CB11D4@jjdev.com> Message-ID: <41383767.5D432467@dessent.net> John de la Garza wrote: > > actually they are know as well known ports for those services > > I don't know what you experience is with this, so forgive me if I over > simplify. Oh, condescending mode. Goodie. You see there are these things called URLs which Uniformly Locate Resouces. One of the fields they contain is the port on the server. Inside web pages we have tags called anchors which create links using URLs. So you could have links on your main example.com page as follows: Click here for my very important site or: Click here to enter my secure area! The port is usually selected from the list of well-known ports out of custom but there is no requirement for this whatsoever. > When you put http in a browser it defaults to port 80 > > https goes to 443 > > if you run a website and want the user to put the domain name alone as > the url > you must run your http external listening things on port 80 > and https on 443 Yes, that is true of your initial URL. However, there's nothing that says you cannot have an arbitrarily complex link on your main pages for the "click here to add to shopping cart" or "click here to check-out securely." Banks and check-out scripts do this all the time, and users are perfectly used to it. Go do some online banking and come back and let me know if /anything/ but the initial home site url is simple and easy to comprehend by a human. > I didn't mean to say management requires it... > > Everyone expects it it is default behavior. I have not decided this. You have also not read RFC1738 recently, apparently. Brian From john at jjdev.com Fri Sep 3 09:42:40 2004 From: john at jjdev.com (John de la Garza) Date: Fri, 3 Sep 2004 09:42:40 -0700 Subject: [buug] two urls one ip...with ssl In-Reply-To: <41383767.5D432467@dessent.net> References: <20040902002001.GA20140@stang.jjdev.com> <20040901172652.Q64612@pogo.caustic.org> <20040902003423.GV801@primate.net> <8FF1621A-FC8B-11D8-8EA9-000393CB11D4@jjdev.com> <41371A65.5C061498@dessent.net> <893B2DF7-FCEA-11D8-8793-000393CB11D4@jjdev.com> <4137E7D5.A858FB28@dessent.net> <23823644-FD5C-11D8-858D-000393CB11D4@jjdev.com> <41383767.5D432467@dessent.net> Message-ID: <453CAE33-FDC8-11D8-858D-000393CB11D4@jjdev.com> On Sep 3, 2004, at 2:20 AM, Brian Dessent wrote: > John de la Garza wrote: >> >> actually they are know as well known ports for those services >> >> I don't know what you experience is with this, so forgive me if I over >> simplify. > > Oh, condescending mode. Goodie. > > You see there are these things called URLs which Uniformly Locate > Resouces. One of the fields they contain is the port on the server. > Inside web pages we have tags called anchors which create links using > URLs. So you could have links on your main example.com page as > follows: > > Click here for my very > important site > > or: > > Click here to enter my > secure area! > > The port is usually selected from the list of well-known ports out of > custom but there is no requirement for this whatsoever. > >> When you put http in a browser it defaults to port 80 >> >> https goes to 443 >> >> if you run a website and want the user to put the domain name alone as >> the url >> you must run your http external listening things on port 80 >> and https on 443 > > Yes, that is true of your initial URL. However, there's nothing that > says you cannot have an arbitrarily complex link on your main pages for > the "click here to add to shopping cart" or "click here to check-out > securely." Banks and check-out scripts do this all the time, and users > are perfectly used to it. Go do some online banking and come back and > let me know if /anything/ but the initial home site url is simple and > easy to comprehend by a human. > >> I didn't mean to say management requires it... >> >> Everyone expects it it is default behavior. I have not decided this. > > You have also not read RFC1738 recently, apparently. > > Brian > _______________________________________________ > Buug mailing list > Buug at weak.org > http://www.weak.org/mailman/listinfo/buug From jcdouville at sbcglobal.net Sat Sep 4 13:10:59 2004 From: jcdouville at sbcglobal.net (Jarell Douville) Date: Sat, 4 Sep 2004 13:10:59 -0700 (PDT) Subject: [buug] Traffic switch script Message-ID: <20040904201059.63649.qmail@web81010.mail.yahoo.com> Hi, I was wondering if there is a port in freebsd that monitors network traffic, and if there is a way to write a script so if any ip address uses 'somuch' bandwidth in 'somuch' amount of time the script gets run which updates a database. And what language should that script be in? So far I'm just using php. BandwidthD ? Thanks. Jarell From grayarea at reddagger.org Sat Sep 4 15:29:38 2004 From: grayarea at reddagger.org (jwithers) Date: Sat, 04 Sep 2004 15:29:38 -0700 Subject: [buug] Traffic switch script In-Reply-To: <20040904201059.63649.qmail@web81010.mail.yahoo.com> References: <20040904201059.63649.qmail@web81010.mail.yahoo.com> Message-ID: <1094336978.2386.893.camel@localhost> http://www.freebsd.org/cgi/man.cgi?query=dummynet&sektion=4 Google, friend of the masses. jpw On Sat, 2004-09-04 at 13:10, Jarell Douville wrote: > Hi, > > I was wondering if there is a port in freebsd that > monitors network traffic, and if there is a way to > write a script so if any ip address uses 'somuch' > bandwidth in 'somuch' amount of time the script gets > run which updates a database. And what language should > that script be in? So far I'm just using php. > BandwidthD ? > Thanks. > > Jarell > _______________________________________________ > Buug mailing list > Buug at weak.org > http://www.weak.org/mailman/listinfo/buug From grayarea at reddagger.org Sat Sep 4 16:49:05 2004 From: grayarea at reddagger.org (jwithers) Date: Sat, 04 Sep 2004 16:49:05 -0700 Subject: [buug] Traffic switch script In-Reply-To: <20040904201059.63649.qmail@web81010.mail.yahoo.com> References: <20040904201059.63649.qmail@web81010.mail.yahoo.com> Message-ID: <1094341745.2385.902.camel@localhost> My smartassed reply earlier was off when I read your message closer, I apologize. I didn't pay attention to the fact that you weren't trying to limit bandwidth but to trigger a script. Yeah, bandwidthD should do it along with a script written in most anything, I would use python, but I pretty much will always use python for anything that isn't severely crunch intensive. On Sat, 2004-09-04 at 13:10, Jarell Douville wrote: > Hi, > > I was wondering if there is a port in freebsd that > monitors network traffic, and if there is a way to > write a script so if any ip address uses 'somuch' > bandwidth in 'somuch' amount of time the script gets > run which updates a database. And what language should > that script be in? So far I'm just using php. > BandwidthD ? > Thanks. > > Jarell > _______________________________________________ > Buug mailing list > Buug at weak.org > http://www.weak.org/mailman/listinfo/buug From mp at rawbw.com Thu Sep 9 21:27:21 2004 From: mp at rawbw.com (Michael Paoli) Date: Thu, 9 Sep 2004 21:27:21 -0700 Subject: [buug] Re: Bay area keysigning meetings and mailing list In-Reply-To: <20040909190715.GX33243@klapaucius.zer0.org> References: <20040909190715.GX33243@klapaucius.zer0.org> Message-ID: <1094790441.41412d2913fba@webmail.rawbw.com> There's now a (San Francisco) Bay Area keysigning mailing list, with archiving, and some upcoming keysigning events in the Bay Area. http://zer0.org/mailman/listinfo/ba-keysign/ 2004-09-28 Mountain View https://www.biglumber.com/x/web?ev=40234 2004-10-04 Berkeley (at least proposed, see below) Seems an e-mail to some regional folks on www.biglumber.com and a lot of reply-all lead to the list (with archiving, and at least some initial keysigning events) :-). references/excerpts: http://www.buug.org/ http://bad.debian.net/ http://www.balug.org/ http://oakland.pm.org/ Quoting Gregory Sutter : > Hey all. After discussion at our Tied House keysigning last night, I > came up with a couple of ideas. > First, why is there no semi-regular keysigning meeting? BALUG and > BAFUG and countless others seem to be able to have monthly meetings. > So, I propose meeting at Jupiter in Berkeley on October 4 2004, > and continuing monthly meetings on the first Monday of each month, > perhaps in rotating Berkeley-SF-peninsula locations. Jupiter, 21st > Amendment in SF, and Tied House in Mtn View all seem like great > places to be drinkers with a PGP problem. Or vice versa. > Second, to facilitate coordination and discussion for those who are > interested, without bothering those who are not interested, I've > created a mailing list. Please feel free to sign yourself up. > IMO we should continue our discussion on the list so we can stop > flooding random email addresses. > http://zer0.org/mailman/listinfo/ba-keysign/ > ba-keysign-subscribe at zer0.org