SpoC 007 - Enigform: Firefox Addon for OpenPGP signing of HTTP requests
Buanzo - Enigform: Firefox Addon for OpenPGP signing of HTTP requests
AoC Candidate: Rogan
Project coordinator: Andrew van der Stock
Project Progress: 0% Complete, Progress Page
I am a 25 year old Independent security consultant from Buenos Aires, Argentina, that has contributed to the world of information systems security since 1994, when BBSes and Linux still lived together.
A quick search for buanzo on google  will provide all necessary details about my professional and community background. For comprobable experience, you could also check my Rent a Coder profile..
In my free time I like playing with my Punk-Pop band , Futurabanda. , and maintaining my Restaurants, Wines and Recipes site. . I have to admit that my first priorities are my beloved son  and my wonderful wife .
I've contributed scripts, fixes and translations to the Nmap project. I've also acted as Expert Contributor for SANS TOP-20 2004, 2005 and 2006. I've developed tools that can be found in Freshmeat, like mprl (a getty enhancement to allow remote logins from the login: prompt of the console). I've also written the Unix chapter of the OISSG's Information Systems Security Assessment Framework, v0.1 . I'm currently writing an Internet Draft to be proposed for RFC regarding Enigform.
I run the official 2600 meetings site for Argentina , I've been proposed, but I refused, for President of the Argentinian Free Software group called SOLAR [www.solar.org.ar]. I'm an active member of the FLOSS community since 1996, having written articles in magazines http://www.net-security.org/dl/articles/Detecting_and_Understanding_rootkits.txt, made TV, radio and newspaper appearances  and led different security research groups of Spain, Mexico and Argentina. Currently I contribute time thorugh my sites, forums and blogs, answering questions in mailing lists and helping coordinate some local LUGs. I do also manager the Linux Counter for Argentina .
Enigform  is a Firefox extension that enhances HTTP with OpenPGP functionality. It digitally signs outgoing HTTP requests so that a web server can authenticate the identity and data of the incoming request. It is a Web Security tool because it can, if correctly implemented as any OpenPGP based technology, render man in the middle attacks useless. I think OpenPGP already speaks for itself regarding eMail. Imagine the same benefits for http and web applications. I think Enigform can fit into the OWASP Validation Project .
Enigform is the reference implementation of the Internet Draft I'm working on, in discussion with members of the IETF's OpenPGP Working Group.
Have the Draft be proposed as a Standards Track RFC document, have Enigform support directly in Apache and IIS, and port Enigform to other browsers and/or programming languages, and also provide OpenPGP De/Encryption support.
Why should I be selected
I have the experience, security awareness and means to make this project THE web security project of the decade. I am a respected member of the international security community, and I firmly believe Enigform is my greatest idea so far.