= GSOC 2015 Ideas =
This is the CAcert Google Summer of Code page for 2015. 

CAcert was not chosen for this years event.

To learn more about this year's event, see the [[https://www.google-melange.com/gsoc/homepage/google/gsoc2015|Google Summer of Code 2015 page]]. 

If you are interested in participating in the 2015 GSOC as a student and want to do something related to CAcert, please feel free to contact our GSoC administrator Benny Baumann (benbe at cacert dot org).

Table of Contents  <<TableOfContents(4)>> 

== Timeline ==
The timeline for GSoC for 2015 has now been posted [[https://www.google-melange.com/gsoc/events/google/gsoc2015|here]].

== Ideas ==
After over 10 years of running and maintaining CAcert's existing software the software team decided to rewrite the software as maintaining the grown source code became a tough challenge.

In the course of the [[Software/Gigi|rewriting of the software]] the following two projects have been proposed for the Google Summer of Code 2015.

=== Rewrite OpenPGP functionality ===
==== Project Desription ====
Integrate functionality to accept, verify and store members' OpenPGP key for signing with CAcert's PGP key into our new software (Gigi).

Then enable the signing system (Cassiopeia) to verify and sign the members key.

==== Expected results ====
proof of concept to final version

==== It's Good To Know ====
 * Coding in Java and/or C++.
 * What is Public Key Cryptography, why do we need to sign keys.
 * How to read Standards e.g. RFCs

==== Difficulty level ====
medium to advanced

==== Proposed Project Mentor: Benny Baumann ====

----

=== Multi Factor Authenticaction and Authorisation for the new software (Gigi) ===
==== Project Desription ====
Allow members to configure different Authentication mechanisms for their account in our new software (Gigi).

A member should be free to choose to enable/disable password authentication, token based authentication, authentication with client certificate and other means at will.

Therefore the current permission model needs to be extended to enable different permissions based on the authentication mechanism used for a session. This may include having a client certificate for administrative tasks, having an OTP token to issue new personal certificates, usage of mail tokens when managing the own account without a client certificate, or other options the user may wish for.

==== Expected results ====
Proof of Concept (PoC) to prototype

==== It's Good To Know ====
 * Coding in Java
 * Java HTTP Servlets, especially with Jetty
 * Session Management, Authentication and Authorisation Models
 * Pentesting

==== Difficulty level ====
medium to expert

==== Proposed Project Mentor: Felix Dörre ====

----

=== UI Improvements ===
==== Project Description ====
Implementation of various visual improvements to assist the user with validation of inputs, lead through various processes (input pre-validation, step-by-step instructions)

==== Expected results ====
Prototype to final version

==== It's Good To Know ====
 * Accessibility
 * !JavaScript, jQuery, jQueryUI
 * HTML 5
 * CSS 3, LESS

==== Difficulty level ====
Beginner to Medium

==== Proposed Project Mentor: Benny Baumann, Felix Dörre ====

----

=== Add additional checks to weak key check for ECDSA keys ===
==== Project Description ====

This project aims to implement additional checks to our weak key check in order to allow auditing of ECDSA keys when signing certificates.

 * Required tests
  * Well-known curve
  * Proper curve parameters
  * Proper parameter encoding (no explicit curve allowed)
  * Proper public key parameters (specified point is on curve)

 * Optional tests
  * Blacklist for known compromised keys (optional at first)

 * Files affected:
  * include/notary???

 * Additional specs:
  * Known parameters for curves in separate directory for easy extension


==== Expected results ====
Final version that can be deployed on production system

==== It's Good To Know ====
 * Coding in PHP 5.4
 * Cryptographic background in Public Key Crypto
 * Special knowledge in ECC advantageous
 * How to read Standards e.g. RFCs

==== Difficulty level ====
medium

==== Proposed Project Mentor: Benny Baumann ====
Contact: [[Community/HomePagesMembers/BenBE|Benny Baumann]]





== Tips for students ==

Our mentors:

Benny Baumann works as software developer in the field of software hardening. He is one of the [[Software/Assessment/Team|Software Assessors]] for CAcert and leading the software development and maintainance.

Felix Dörre is student in the Computer Science department at KIT in Karlsruhe, Germany. He is one of the core developers of CAcert's new software while helping to maintain the current source code.

----
 * CategorySoftware