<div>Might be just me but this could be a good opportunity for LA to supply a service to LUGs</div><div><br></div><div>LA could centrally run a central authentication server for the LUGs to use so that the ability for LUGs to run them individually would be irrelevant.</div>
<div><br></div><div>With the price difference, and the other uses LA could find for yubi keys it would seem to be a good idea.</div><br clear="all">-Matthew Lye<br><br>You can do anything you set your mind to when you have vision, determination, and and endless supply of expendable labor.<br>
<No trees were harmed during this transmission. However, a great number of electrons were terribly inconvenienced><br>
<br><br><div class="gmail_quote">On Thu, May 6, 2010 at 3:29 PM, Russell Coker <span dir="ltr"><<a href="mailto:russell@coker.com.au">russell@coker.com.au</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<a href="http://etbe.coker.com.au/2010/03/15/yubikey/" target="_blank">http://etbe.coker.com.au/2010/03/15/yubikey/</a><br>
<br>
Yubico have offered a 20% educational discount rate for the purchase of<br>
Yubikeys (as described in my above blog post) to "your club", I think it would<br>
be best to arrange a purchase for all LUGs in Australia (I guess that LA can<br>
be my "club"). This would involve one person from each state taking orders,<br>
collecting money, and having a single address where the keys can be posted.<br>
Delivering the keys to the owners at a LUG meeting would be best for keeping<br>
the cost down - posting a single-key interstate would probably increase the<br>
price by 10% or more.<br>
<br>
In a brief summary of what the Yubikey does, it is an authentication token<br>
that looks like a USB keyboard and provides a one-time password when a button<br>
is pressed. Among other things using such a device makes it significantly<br>
more difficult for a trojan to crack your account when you use an Internet<br>
Cafe.<br>
<br>
Yubikeys ship with a secret that supports authentication via the Yubico<br>
server, which incidentally is what I'm using for admin access to my blog - I<br>
feel that a password in addition to a key authenticated by Yubico is secure<br>
enough. I plan to run my own authentication server in the future and not<br>
trust Yubico.<br>
<br>
It would be quite possible for a LUG to run their own Yubi authentication<br>
server for members to access their site services (as has already been<br>
requested for LUV). But I think that it would probably be more convenient for<br>
everyone for a LUG to use OpenID and allow members to use their own OpenID<br>
server that supports Yubikey authentication (such as a Wordpress blog with the<br>
Yubikey and OpenID plugins).<br>
<br>
<a href="https://store.yubico.com/" target="_blank">https://store.yubico.com/</a><br>
<br>
The regular prices (in $US) are advertised on the above URL. It's $1,500 for<br>
a pack of 100 keys that are pre-programmed with secret keys for authentication<br>
with Yubico (the easy way of using them) and the pouches etc. Yubico have<br>
offered me a price of $12 per key for 100+ keys, that probably will be about<br>
$14 Australian including postage.<br>
<br>
A new option has just appeared on the Yubico store page, packs of 50 keys that<br>
are unprogrammed and which don't have the packaging for $12 each - I haven't<br>
yet asked but I expect that some sort of discount would be available on them<br>
too, if it's a 20% discount then that would make it $9.60 per key. Would<br>
anyone be prepared to pay $US2.40 extra for the nice packaging and the ability<br>
to use the Yubico authentication server? Or should we go with the assumption<br>
that every LUG member either has the technical skills to program their own key<br>
and run an authentication server or can get someone else to do so? We could<br>
buy both types of key if we have orders for 100+ regular keys and some number<br>
of 50 packs of raw keys that's not a float.<br>
<br>
The cost of a single key is $25 + $5 shipping. So we are talking about a<br>
discount price being less than half the RRP of a single key, and as little as<br>
1/3 if they are bought raw!<br>
<br>
<br>
This issue has been discussed by the LA committee and they have agreed in<br>
concept. The details of how the finances work out are yet to be resolved. I<br>
think that if we get over a few hundred keys then it might be best to have LA<br>
manage the ordering and payment as having many thousands of dollars from LUGs<br>
go through my bank account could get inconvenient. But I am prepared to do it<br>
all myself if necessary.<br>
<br>
--<br>
<a href="mailto:russell@coker.com.au">russell@coker.com.au</a><br>
<a href="http://etbe.coker.com.au/" target="_blank">http://etbe.coker.com.au/</a> My Main Blog<br>
<a href="http://doc.coker.com.au/" target="_blank">http://doc.coker.com.au/</a> My Documents Blog<br>
<br>
_______________________________________________<br>
linux-aus mailing list<br>
<a href="mailto:linux-aus@lists.linux.org.au">linux-aus@lists.linux.org.au</a><br>
<a href="http://lists.linux.org.au/listinfo/linux-aus" target="_blank">http://lists.linux.org.au/listinfo/linux-aus</a><br>
</blockquote></div><br>