April 09, 2007

Metricon 2.0 -- Boston, 7.Aug.2007

Better be quick -- Gunnar posts that to get a talk idea into Metricon 2.0, you have to have it in by 11th May.

Second Workshop on Security Metrics (MetriCon 2.0)

August 7, 2007 Boston, MA

Do you cringe at the subjectivity applied to security in every manner? If so, MetriCon 2.0 may be your antidote to change security from an artistic "matter of opinion" into an objective, quantifiable science. The time for adjectives and adverbs has gone; the time for hard facts and data has come.

MetriCon 2.0 is intended as a forum for lively, practical discussion in the area of security metrics. It is a forum for quantifiable approaches and results to problems afflicting information security today, with a bias towards practical, specific implementations. Topics and presentations will be selected for their potential to stimulate discussion in the Workshop.

MetriCon 2.0 will be a one-day event, Tuesday, August 7, 2007, ...

And I just posted over on EC that one needed slow, careful, critical thought to consider metrics and data...

Posted by iang at April 9, 2007 04:39 PM | TrackBack

Why do I get a certificate warning (on www2.futureware.at) every time I visit this site, or keep it in my Firefox livebook marks?

Please can you fix it? I'll be unsubscribing for now.

Posted by: Andrew Ebling at April 11, 2007 08:11 AM

It could be because the browser you are using does not include the CAcert root in the root list that is shipped by default. You can add the root if you want to, from here:


Or it could be that the browser you are using doesn't support multiple names in the same certificate. AFAIK, the cert has the right names in it, so your browser should accept the financialcryptography.com name as being validly in the cert. But the feature, while standard, isn't that well supported.

> Please can you fix it?

In the short term, the way for *me* to fix it is to use a certificate from a CA that has its root in the browser root list. I choose not to do that because they charge money for the privilege of using crypto, which I find a bit odd.

In the longer term, CAcert can fix it by completing their audit process, and pursuing the browsers. That's up to them, not me.

(Disclosure: I am their Auditor, but they still have to do the process :)

> I'll be unsubscribing for now.

Sure! I had a look at the subscription list and your email account is not added to it; can you tell me which other email account you receive emails from?

(Or are you talking about RSS? In which case, that's all at your client end.)

Posted by: Iang at April 11, 2007 09:04 AM


Thank you for your prompt response. I've added the root cert from the link you provided and the problem has gone away.

I've now re-subscribed via RSS :).

Best regards,


Posted by: Andrew Ebling at April 12, 2007 09:46 AM
Post a comment

Remember personal info?

Hit preview to see your comment as it would be displayed.