OVH Community, your new community space.

The authenticated and encrypted "Secure Net"
04-02-2010, 01:12 PM

If you did not believe our announcement on 1 April, you were wrong not to dream.

Our announcement is only 20% an April's Fool ... or 30%. We do not block HTTP or POP3 ports ... whatsoever ... TELNET is ok dead, no ? In short, we will be able to give you all the details of which the database is "done" ...

In any case, at OVH, you find a good domain name with national ecofax and class 1 SSL for €5.99 ex. VAT / year all included and those who already have a domain name at OVH may well require these services and more for free ...

the movement is well underway ... it will be good for hosting ... but it will take some years ... and not the snap of fingers ...

Regarding the VSDL2, for technical issues this standard is prohibited in France. Indeed, the rates of VSDL2 are in Mbps approximately 20 times higher than ADSL because the signal is much stronger than that of ADSL2. This signal is so strong that ADSL is too disrupted and no longer works. Basically, the VSDL puts down the ADSL and therefore it is either ADSL either VSDL.

For France, ARCEP chose ADSL, presumably to protect the investments of telecom operators who have deployed their networks in the NRA with all DSLAM ADSL and all the BOX ADSL. With the VSDL, should throw all garbage. Not cool. Instead, operators must invest in the ... fiber optics. Will they do it? And why? To propose essentially the same thing may have with the VSDL2 ... Not cool and not logical either.

On VSDL2 you can have a symmetrical 34Mbps/34Mbps or asymmetrical 10Mbps/100Mbps on a single copper wire which you have today on fibre optic, if you're lucky enough to live in the right place at the right time. We can therefore conclude that in France in 50 years everyone will have the equivalent rates that they can have already in Germany or Belgium. It is true that the market for individuals who watch TV at night on the box, that their benefits of these connections are reduced. Why have many Mbps? On the other hand, this decision will impact the growth of companies in France who will pay significantly more than elsewhere in Europe for essentially the same service. This is not just a problem of technological backwardness but of competitiveness and performance of countries vis--vis its neighbors in Europe. France has chosen. We will not fight. Ovh still offer performance and attractive prices to companies based on standards that were validated by ARCEP. The tests have been validated in the lab and in production will be validated within a few months ... Roubaix Valley ... So the time of massive local loop unbundling will commence ... yeah we're going to laugh ... yeah ... what's the point of life if you can't laugh when you're doing well ... so, we hope that many of you will laugh with us on this new project

All the best,
03-31-2010, 10:48 PM

Recent events give reasons for our internal discussions we wish to share with you today. Your feedback is essential to enable us to take the necessary decisions. Basically, you have to move the lines and think that the movement must go from the hosts.

Here are our thoughts.

There are technologies that ensure encryption information that is transferred on the Net. It speaks well of course SSL and more broadly of "digital keys" alias certificates. Certificates to encrypt information between client / server server / server, but also to authenticate people. Except that these technologies were held 2-3 by American giants, follow my eyes, that block the use of these technologies through the price. It is no secret that the SSL cost relatively expensive, and then finally even if we have the means to buy one prefers not to put in place. Search simplicity? Too many technical problems? Lack of habit? Laziness? In any case it is because the technologies are not free and that everyone can not use them newspaper that eventually no one uses them. And there Many examples of problems that result: it had to one of the giant American (follow my eyes) said the flight webmail sessions from the Chinese, however, where everyone knows that all traffic through the firewall Government for mandating SSL on their webmail. Only recently large French ISP has set up SSL on the page "My Account". The place where you enter the login and password. And more commonplace, many of our customers offering "my space" not encrypt the information flowing. Phishing, spam, the hacks, packet sniffing it exists, is used and consequences range from a simple theft of information, money several years in prison because they think aloud what people do not allow themselves to imagine.

We made this observation it several years ago. And it why we proposed a cheap SSL certificate ago 3 years. Then we even dropped the price of this technology 3 times in less than 12 months.

It is time to go even further and make all these technologies at hand for system administrators and developers instead of a few U.S. companies (follow my view) that sell them too expensively.

A few weeks ago, we did a test SSL certificate Thank you for your feedback which has led to progress in this "Secure Net" project.

OVH will distribute free SSL certificates with all domains not only deposited at OVH, but all domain names hosted at OVH. Including wildcards and containers. With a guarantee of €1 for class 1 to €1,000,000 for the EV. Totally free, but it will be your host domain names at OVH, on shared hosting or dedicated servers. And now you provide any free will and for anything you want. The objective is twofold. First visit all these technologies available, like "open source" and to popularise among system administrators, with end users and visitors. Then create a totally secure network where trust is not only digital a law but it is an everyday reality.

Outside the WEB (https) is desired awareness sysadmins the use of SSL on the POP3, IMAP and SMTP. The fact propose alternative S (SSL) of these 3 protocols should not be a matter of choice but must win by itself. For this We'll also offer SSL certificates fully free for servers.

We will incorporate into our webmail "certificates of persons" that you can turn a simple click. Thus all emails you send from our webmail will be signed with your certificate. The person who will receive your email, can verify that the email comes from you and has not been Amended by one third, thanks to your public key. You sign with your private key and allow you to verify your signature with your public key. We think that after 12-18 months, we going to add this check at the server level to verify the signatures of all the emails and this automatically. Then classify spam emails or not by also based on this signature. In any case it will be a information that take into account in the detection algorithm SPAM.

Finally, we offer these "Certificates of people" replace the medium term, with authentication "login / password Password "authentication by a soft-token." Indeed, for access "My Account", "Manager", "my space" you will be able forget login / password and use your certificate. Forget phishing, forget the hack, forget the sniffing of packages. In addition to the encrypted information has been authenticated and then the server knows who is really connected. It is a true technological breakthrough qu'Ovh use to you offer a secure payment really secure. We did not think otherwise you will be requesting and storing your number credit card to simply avoid mistakes that Other actors have done before us. Take my eyes, always where American giants. And no giant in Europe in all these trades! Is this normal?

We have our webmail you can use it without secure login / password only with your certificate. You can sign and verify signatures emails you receive and send. This is ideal for offer a safe high quality services with timestamp and storage along time (30 years). Thus, each received document is signed and therefore has a legal value, because you will not be able to backdate this document or any modification. But you will say the document is always stored in "plain". It is easy. It adds a layer of encryption in your safe and all your documents are automatically encrypted with your public key. They are now stored encrypted and nobody can read them without your key ... private. Nothing be pooled with spaces ... euhh "safes" that Some insurers and banks are beginning to offer their customers. A true technological joke ... Our safes authenticated encrypted, time stamped are smart in that they can receive documents such as a pay slip or invoice. Simply by email! Signing a document will verify who signed it and then classify the document in your safe. Automatically.

The certificates of persons class 1 will be based only on 1 element, such as your email. And Class 3 of 3 items and So a meeting face-to-face "that you will be able perform ... at the Post Office or your Bank. Indeed, thanks to Project IDeNum the French state licenses people will become a reality in France on the horizon of 5 years. Already to declare your income you will need such a certificate you will be able to buy some euros support "smart card". So why not generalize and use the same certification for all interfaces on the web. Forget all your logins / passwords on all sites Simplify your life, secure your trade, log so sure. Insert your smart card and surf so Secure.

It speaks well for 5 years. Go 2015. In this term we believe that will begin to force the hand of all the sysadmins who do not made the turn toward the "Secure Net. Indeed, even if free all these technologies, visitors still use http, consult emails via POP3 and send emails without sign is that a sysadmin has not done its job.

Step 1 is to make it more expensive services without encryption. That is, if you want allows you qu'Ovh to use services "unencrypted" he will pay more. 2 times more expensive in 2015, 3 times in 2016 ... and 10 times more expensive in 2025. Otherwise? Otherwise you can use only encrypted and secure services for the price unchanged. Step 2 is the hard way. Starting in 2025 we think it will reduce resources allocated to these protocols and therefore insecure decrease the bandwidth. Now Step 3. From 2030 All services not secure our network will be cut and finally the "Net Secure" is a reality on our wide network of accommodation.

In parallel, the level of Internet access, OVH propose the VDSL based on future VDSL2-S. This is an Internet access Symmetrical 34Mbps on a single pair of copper with encryption integrated. Not to be confused with a simple VPN is a service on the IP layer.

Indeed, we are currently working with a giant network equipment (take my eyes) on the future standard VDSL2-S allowing a debit interesting but will encrypt end to end. Everything happens at the OSI layer 2 where we want to integrate the authentication of Ethernet packets through MAC certificates and encryption between switches, modems and routers. Each MAC has its own certificate and can communicate with other MAC after an exchange of certificate with the other MAC. Also, if a MAC does not certificate it can not communicate with the other MAC. Basically, exactly the same principle as SSL. Except that integrating the certificate at the MAC, we can create encrypted tunnels between the MAC and IP and thus establish the secure connection between your post office and the final sites, outside of our network, completely automatically. Person can sniff your packets, even an admin here. Confidence is good. Ensuring trust through technology is better. This technology works in our lab but we still performance issues. As you can imagine, must encrypt a lot of information at very low level. We believe that this problem will be solved with the arrival of future 8 CPU cores that our partner will integrate directly at the switch 2960-S. All dedicated server customers may and enjoy a secure network to the OSI level 2 and this without the dedicated VLAN, private VLAN, or mode of switchport protected. Techniques of tinkering again because the technology has been developed to ensure security is not available.

For all these projects, OVH is given 10 years. If it succeeds because you will use these technologies. And you use If you agree with our findings and how they wants to put in place to rectify the Internet today and propose the "Secure Net" tomorrow.

Thanks for your feedback.

All the best,