How did U.S. airport authorities allow the Sunny Leone family to reach the U.S. during the COVID-19 lockdown?

How did U.S. airport authorities allow the Sunny Leone family to reach the U.S. during the COVID-19 lockdown?

Source

The biggest competition of Forum Authorities! | Forum promotion

Salutations to all,

I am incredibly proud to say that in the past few weeks, the Forum Authority has peaked with over 200 posts per day and a steady flow of members joining.

With all of this great activity going on, the site has also undergone several changes, including a fully functional custom mobile theme, revamped features and other great resources.

However, as a way to give back to the wonderful community on the site myself and to the site moderators, "Tagobs" & "Digital" have designed a contest to hopefully thwart more activities within the community and hopefully bring the forum back to what it was before. be.

Just to give you a rough idea of ​​the composition of this competition. It is essentially referral based, which means that the person who can attract the most members within 30 days will receive £ 40 in prizes, including subjects and awards!

If you would like to participate in this contest, please see this thread here and find more information on how to participate and what applies: https://forumauthority.com/Thread-OFFICIAL-Community-Referral -Contest? Pid = 35935 # pid35935

Thank you.

tls – How does the client verify the certificate provided by the server which is signed by different intermediate certification authorities

I am creating a secure c ++ client-server application using the openssl library. I'm still not clear on some aspects of the SSLHandshake procedure

I have activated Mutual TLS to verify that both peers are approved. I have 2 sets of certificates and private keys. Both sets have the same root certificate but different intermediate signers.

root CA —> intermediate CA1 —-> domain certificate1 (set 1)

CA root —> intermediate CA2 —-> domain2 certificate (set 2)

I have defined SSL_set_verify with VERIFY_PEER_CERT in both applications. I have not defined the depth of verification.

ServerSide runtime stack

  1. The server obtains the root CA and adds it to the trusted certificate store
  2. The server then obtains the PEM encoded certificate chain in the following format
  -----BEGIN CERTIFICATE-----
  Domain certificate 1
  -----END CERTIFICATE -----
  -----BEGIN CERTIFICATE-----
  Intermediate certificate by CA1
  -----END CERTIFICATE -----
 Server reads the Domain certificate 1 from the PEM string and call the SSL_CTX_use_certificate
 Server reads the Intermediate certificate from the string and add it to the extra_chain_certs using SSL_CTX_add_extra_chain_cert

3.The server loads the private key

Client execution step

  1. Client obtains the root CA and adds it to the trusted certificate store
  2. The client then obtains the PEM coded certificate chain in the following format
  -----BEGIN CERTIFICATE-----
  Domain certificate 2
  -----END CERTIFICATE -----
  -----BEGIN CERTIFICATE-----
  Intermediate certificate by CA2
  -----END CERTIFICATE -----
 Client reads the Domain certificate 2 from the PEM string and call the SSL_CTX_use_certificate
 Client reads the Intermediate certificate 2 from the string and add it to the extra_chain_certs using SSL_CTX_add_extra_chain_cert

3.The client loads the private key

Both parties will follow SSLHandshake
I need clarification on the following points.

  1. Does the client / server complete the certificate chain using trusted certificates and additional certificates?

  2. During SSLHandshake, what should the peer present? Only the domain certificate or the whole chain?

  3. Will SSLHandshake succeed because the peer peer's intermediate certification authority is not present in the local certificate store?

  4. Is the single root CA in store sufficient to verify the certificate chain presented by the peer?

  5. If I have to create several clients from the same application, can I use the same context initialized with set 2 to connect several servers signed by the same root certification authority?

public key infrastructure – How to create a new root certification authority and sign existing intermediate certification authorities without their keys?

Battery exchange network

The Stack Exchange network includes 176 question and answer communities, including Stack Overflow, the largest and most reliable online community for developers who want to learn, share knowledge and develop their careers.

Visit Stack Exchange

Air travel – How do the Thai air transport authorities determine if someone should be allocated a special seat reserved for at-risk passengers on the plane?

I read this quote from a pamphlet on the Thai government PR Facebook page summarizing the new rules and measures from CAAT and airport authorities:

  1. Special seats should be reserved for at-risk passengers on routes longer than 90 minutes, to minimize contact between passengers.

enter description of image here

(source)

How do Thai air transport authorities determine if someone should be allocated a special seat reserved for at-risk passengers on the plane? In other words, when is a passenger considered to be at high risk?

Customs and Immigration – How to contact the border authorities of EU / Schengen countries?

For questions regarding entry into a country, people are usually referred to the embassy of that country. Unfortunately, except for the issue of visas, these are often not very informative.

So how to contact border authorities in different EU / Schengen states for help do not related to visa issuance, but e.g. use of visas, other document requirements, border control procedures and other practical / operational issues?

customs and immigration – Reporting of presence to authorities during a Schengen visa in Germany

I will take the liberty of writing a general answer from across the EU and for any length of stay, as I think it might be useful for other people with this question:

Some EU countries ask you to report your presence to the relevant authorities (often the town hall or local police station) within a reasonable time after arrival and may impose a penalty, such as a fine if you don't.

Source (accentuating mine): europa.eu

Now, in any case, I know that if you are going to a hotel or other official accommodation, this has to be managed by the accommodation. The exception is when you stay – often illegally – in couchsurfing or airbnb accommodation, as many of these functions work without the necessary documents. It should also be noted that in addition to the town hall or the local police station, in some countries you must register with the foreign police.

To find out the rules specific to your country, go to this page and click on the Choose a country button which gives a full list of all EU member states with the relevant rules. For Germany, it is:

If you move into an apartment or house, for a maximum of 3 months, there is no obligation to notify the registration authority.

After 3 months in your new country, you may need to register your residence with the competent authority (often the town hall or local police station) and issue you a registration certificate.

Source: europa.eu

Again, you can find the full list of countries on this page when you click on the Choose a country button. For Germany, it is:

EU citizens do not need to apply for a residence certificate (Freizügigkeitsbescheinigung). However, you must register with the competent resident registration office when you move into accommodation in Germany.

tls – Do certification authorities issue an intermediate certificate for each new certificate request?

The issuing certificate of the certification authority is, simply, a confirmation that the public key that you sent to the certification authority in the Cerfiticate request really belongs to you (otherwise everyone could pretend that he is the owner of the domain google.com or amazon.com). Since the certificate contains your public key, it cannot be prepared in advance. In addition, the response time depends on the type of certificate you requested. Simple certificates that confirm that the applicant (you) really own the domain take little time to generate. Usually CA sends you a link to an email from your domain, like admin@votredomaine.org. You click on the link and confirm that you are the owner. Then CA generates a certificate and sends it to you.

But other types of certificates include much more verification, for example The certification authority should verify that your business really exists and is really properly registered, that your business resides at the particular address, etc. . This check can take many more days or even weeks. It takes a lot of effort, so the price is that much higher. But the certificate also confirms much more than other certificates.

In addition to domain certificates, there are other types of certificates, like S / MIME: to sign your emails, so the recipient can count that the email really came from you; it can also be used for email encryption. Verification and generation of these certificates takes even less time than for domain certificates. There are certificates for code signing, etc.

More details you can find on CA websites (I prefer not to promote any here).

To sign certificates:

The certification authority has a root certificate. It is the most important element of the certificate hierarchy. This is why it is stored with great security. For often practical use, this is not practical. This is why CA uses a root certificate (which is generally valid for 10 years or more) to issue certain signing certificates which have a shorter validity, such as 3 to 5 years. Shorter validity means less exposure and therefore less risk of compromise.

To the question: Yes, these signing certificates are created in advance.

Which non-state authorities can issue car license plates?

In Uzhhorod, Ukraine, I saw cars with unusual license plates, not assigned to Ukraine or another country, but probably to the OBSE organization.

What other organizations can issue their own license plates?

enter description of image here

What authorities can provide car license plates outside of the state ones?

In Uzhhorod, Ukraine, I have seen cars with non-unusual license plates, not attributed to Ukraine or another country, but probably to the OBSE organization.

What other organizations have their own license plates?

enter description of image here