Services/Security

From DcUsers

Introduction

All services containing sensitive information are protected using cryptography. Whenever possible, we add the necessary configuration to ensure unsecure usages are not possible, to protect your data. Nevertheless, a few things are needed on you side to improve security, that's why we are providing the following notes in order to help you configure your software in a secure fashion.


Areas of Security

Web-based Services

To ensure you're talking to the right server, and noone pretend to be a DC's server to tricks you, you need to install the following certificate in your browser : File:Duckcorp.crt (clicking on the link should ask for installation, and you'll just need to confirm you trust it).

Mails from DC's Administrators

You should not trust mails pretenting to come from us. The only way to be sure a mail is from someone, is to agree on exchanging cryptographically-protected messages. On this page you'll find the list of DC's administrators from which you may receive mails (on the users's mailing-list for example). You could trust their GPG keys directly, but that would not be secure at all. The best way is to meet, live, in a key signing party. If a friend has already signed our key, and is not too far from you, you may also propagate your trust to our key. Once done, you'll be sure what seems to come from us is really from us.