diff options
feat: initial commit
Diffstat (limited to 'canary-templates')
| -rw-r--r-- | canary-templates/memdmp:estrogen.zone | 146 |
1 files changed, 146 insertions, 0 deletions
diff --git a/canary-templates/memdmp:estrogen.zone b/canary-templates/memdmp:estrogen.zone new file mode 100644 index 0000000..7a3a11b --- /dev/null +++ b/canary-templates/memdmp:estrogen.zone @@ -0,0 +1,146 @@ + ┏━ Date & Time Information ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┅┅┅┅┅┅┅┄┄┄┄┄ + ┃ + ┃ Canary was created at: + ┃ [PRESENT_DAY] [PRESENT_TIME] (UTC) + ┃ + ┣━ Proof of Date & Time ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┅┅┅┅┅┅┅┄┄┄┄┄ + ┃ + ┃ Latest Monero block hash: + ┃ [MONERO_HASH] + ┃ + ┃ Latest Linux kernel.org `master` commit: + ┃ [LINUX_KERNEL_COMMIT] + ┃ + ┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┅┅┅┅┅┅┅┄┄┄┄┄ + + ┏━ Law Enforcement Requests ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┅┅┅┅┅┅┅┄┄┄┄┄ + ┃ + ┃ Assuming this message is up-to-date, has a valid signature signed with the + ┃ correct key, this message certifies that, to the extent of memdmp's knowledge, + ┃ estrogen.zone and it's operators and administrators have, for... + ┃ + ┃ ...sh.estrogen.zone (and mem.estrogen.zone, mail.estrogen.zone): + ┃ - obtained 0 law enforcement request(s) for customer/user data, of which, + ┃ - obtained 0 were legally valid, sent in the correct channels, and resulted + ┃ in data being turned over + ┃ - never installed any law enforcement software or equipment anywhere on the + ┃ systems' networks + ┃ + ┃ ...yuridick.gay (including n.yuridick.gay): + ┃ - obtained 0 law enforcement request(s) for customer/user data, of which, + ┃ - obtained 0 were legally valid, sent in the correct channels, and resulted + ┃ in data being turned over + ┃ - never installed any law enforcement software or equipment anywhere on the + ┃ systems' networks + ┃ + ┃ Note that, however, if another operator of the aforementioned system(s) + ┃ has the ability to compromise the privacy of said infrastructure, and may + ┃ be prevented from communicating said information internally, you may need + ┃ to check their canaries. + ┃ + ┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┅┅┅┅┅┅┅┄┄┄┄┄ + + ┏━ Compromising Systems ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┅┅┅┅┅┅┅┄┄┄┄┄ + ┃ + ┃ estrogen.zone and its operators have never weakened, compromised, or + ┃ subverted any of its software or hardware at the request of law + ┃ enforcement or another third party. + ┃ + ┃ Note that, however, if another operator of the aforementioned system(s) + ┃ has the ability to compromise said infrastructure, and may be prevented + ┃ from communicating said information internally, you may need to check + ┃ their canaries. + ┃ + ┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┅┅┅┅┅┅┅┄┄┄┄┄ + + ┏━ External Providers ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┅┅┅┅┅┅┅┄┄┄┄┄ + ┃ + ┃ Certain services are provided via kyun, which's canary can be found at + ┃ https://files.kyun.host/canary.txt and must be signed by + ┃ 120F C25E 2A9A 3F47 84AC 6B0E A0B5 22B4 DA20 1019. + ┃ + ┃ These services are: + ┃ - sh.estrogen.zone, mem.estrogen.zone, mail.estrogen.zone + ┃ - yuridick.gay, n.yuridick.gay + ┃ + ┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┅┅┅┅┅┅┅┄┄┄┄┄ + + ┏━ Canary Deadline ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┅┅┅┅┅┅┅┄┄┄┄┄ + ┃ + ┃ This message should be updated within 7 days, and must be updated within 14. + ┃ This canary expires 14 days (336 hours; 20160 minutes) after publishing, + ┃ where the time of publishing is defined as the lowest one of: + ┃ - The date & time at the top of the canary + ┃ - The creation time of the monero hash at the top of this canary + ┃ (https://localmonero.co/blocks/block/ebbd7e0278800501b5092332ae2b0b38c1058e88a41155f21dcaf9147c8a86c1) + ┃ - The creation time of the linux kernel commit at the top of this canary + ┃ (https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=28eb75e178d389d325f1666e422bc13bbbb9804c) + ┃ + ┃ If the date & time are wildly out of line, or are outside of the key + ┃ signing this file's validity range, this canary is to be discarded. + ┃ + ┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┅┅┅┅┅┅┅┄┄┄┄┄ + + ┏━ Signing Keys ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┅┅┅┅┅┅┅┄┄┄┄┄ + ┃ + ┃ Assuming you know this message is valid and has not been tampered with, + ┃ you can ensure future canaries are trustworthy by validating them against + ┃ the key with the fingerprint: + ┃ > B546 778F 06BB CC8E C167 DB3C D919 7064 87B8 B6DE + ┃ + ┃ The public key to verify this message's signature is available at: + ┃ https://mem.estrogen.zone/keys/memdmp/primary.pgp + ┃ https://meta.sh.estrogen.zone/~memdmp.pgp (one of them should be the right one) + ┃ https://pgp.surf.nl/pks/lookup?op=get&search=0xB546778F06BBCC8EC167DB3CD919706487B8B6DE + ┃ https://keys.openpgp.org/vks/v1/by-fingerprint/B546778F06BBCC8EC167DB3CD919706487B8B6DE + ┃ https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xB546778F06BBCC8EC167DB3CD919706487B8B6DE + ┃ + ┃ You should ensure that the fingerprint above matches the well-known one + ┃ for the signer, via external sources, such as recordings of talks, at + ┃ events, or other people signing their key. + ┃ + ┃ Any new keys, both temporary and permanent, for signing this document, + ┃ must be mentioned atleast ten days before said new keys are valid, and + ┃ must be signed by a known-good key. + ┃ Both keys must not be expired or revoked as of this new key being added, + ┃ and as of it being used to sign new canaries. + ┃ + ┃ Any canaries not signed by known good keys must be treated as invalid. + ┃ + ┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┅┅┅┅┅┅┅┄┄┄┄┄ + + ┏━ Licensing ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┅┅┅┅┅┅┅┄┄┄┄┄ + ┃ + ┃ If you wish to use this canary, or one derived thereof, for your own + ┃ services, you must comply with the licencse below (SPDX: BSD-3-Clause): + ┃ + ┃ Copyright 2024 memdmp + ┃ + ┃ Redistribution and use in source and binary forms, with or without + ┃ modification, are permitted provided that the following conditions + ┃ are met: + ┃ + ┃ 1. Redistributions of source material must retain the above copyright + ┃ notice, this list of conditions and the following disclaimer. + ┃ 2. Redistributions in preprocessed/binary form must reproduce the + ┃ above copyright notice, this list of conditions and the following + ┃ disclaimer in the documentation and/or other materials provided + ┃ with the distribution. + ┃ 3. Neither the name of the copyright holder nor the names of its + ┃ contributors may be used to endorse or promote products derived + ┃ from this material without specific prior written permission. + ┃ + ┃ THIS MATERIAL IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + ┃ “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + ┃ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + ┃ FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + ┃ COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + ┃ INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + ┃ BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + ┃ LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + ┃ CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + ┃ LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + ┃ ANY WAY OUT OF THE USE OF THIS MATERIAL, EVEN IF ADVISED OF THE + ┃ POSSIBILITY OF SUCH DAMAGE. + ┃ + ┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┅┅┅┅┅┅┅┄┄┄┄┄ |