gf4
/
www
2
0
Fork 0
Code Issues 2 Pull Requests Projects Releases Wiki Activity

Additions to wg/ca instructions

master
Keith Irwin 2022-01-21 09:48:37 -07:00
parent 3c9d76458e
commit 6597b01979
Signed by: ki9
GPG Key ID: DF773B3F4A88DA86
2 changed files with 23 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
_src/nebuchadnezzar/ca.md
View File

@ -5,6 +5,10 @@ layout: base.njk
# {{title}}
Importing GF4's CA certificate is required to use matrix and recommended for https, imap, etc.
## What is this?
When you visit `mybank.com` over HTTPS, your connection is encrypted *and* reliable. **Encryption** means the data is scrambled so it can't be "wiretapped". **Reliability** means you can trust that the data was sent from the real `mybank.com`.
- `.com` is the **Top Level Domain (TLD)**. The TLD could be `.org` or whatever.
@ -21,10 +25,14 @@ This reliability is part of **Transport Layer Security (TLS)**. This example us
GF4 uses the unofficial `.gf4` TLD. Neither your OS nor browser have a CA certificate for this TLD: you have to import it. If possible, import it into both OS and browser. On mobile devices it's only availale at the OS level, at least that's how it is on android.
For all of these instructions, you'll need to download the certificate from [https://www.gf4.pw/ca.crt](https://www.gf4.pw/ca.crt).
When you import a CA certificate, your platform may display very serious warnings about the security implications of importing untrusted CA certs. If you read the previous section, this should make some sense. When you import GF4's certificate, it gives GF4 the power to sign server certs that your browser will trust. So for example, GF4 *could* impersonate `mybank.com` and your browser would show the lock symbol for a reliable connection. GF4 would never do such a thing, but your browser and OS don't know that.
---
**TODO**: Split these into seperate pages
For all of these instructions, you'll need to download the certificate from [https://www.gf4.pw/ca.crt](https://www.gf4.pw/ca.crt).
### Linux
### Debian/Ubuntu

15
_src/nebuchadnezzar/wg.md
View File

@ -5,7 +5,20 @@ layout: base.njk
# {{title}}
**TODO**: Explanation of VPNs
To access GF4's private services, you'll need to connect your device to our VPN. You can connect as many devices as you want (using the wireguard dashboard), but if you're reading this page, you are probably connecting your first device.
## But what is it
**TODO**: Explanation of VPNs, assuming the reader has been bombarded by ads for NordVPN and thinks they know what a VPN is.
### Is this safe?
**TODO**: Explain why this is safe:
- Modern OSs pack sane default firewalls
- Invite-only means network participants are generally trustworthy
## Joining the network
Follow the directions for your respective platform. Report any issues to [ki9@gf4.pw](mailto:ki9@gf4.pw).