Remove documentation about the CA

content/index.md

@@ -1,63 +1,16 @@
 Home
 ====
 
-Xinutec isn't a topical network, but most of us are huge geeks and technology
-fans. We don't bite and fresh meat is always welcome. Happy chatting!
-
-Connecting to Xinutec
----------------------
-
-You are welcome to connect to our network using the round robin DNS name
-[irc.xinutec.net](ircs://irc.xinutec.net/linux). IPv6 is supported on most
-servers, and the DNS will resolve to the right address record. We currently
-still allow [plain text](irc://irc.xinutec.net/linux) connections via port
-6667, but will soon only allow SSL secured connections via port 6697.
-
-*Important*: If you're connecting for the first time, please make sure to read
-the article about [connecting to xinutec](irc/connect) because we offer a
-network-wide SSL certification authority which you should enable in your
-client. (Boo to you if you don't, you might be compromising the safety of the
-entire network and make yourself vulnerable to man-in-the-middle attacks). It's
-a flaw of the SSL protocol that we can't actually force you to do this.
-
-Please note that SSL isn't sufficient for true privacy and you should always
-use end-to-end encryption like OTR to encrypt private messages.
-
-In addition to IRC connections we also provide web-based access to the network
-is with our self-hosted [qwebirc](https://qwebirc.xinutec.net/) (already SSL
-only) via IPv4. It is also possible to connect using other IRC web-clients, but
-we recommend against using them, since we don't control their privacy policy.
-
-See the page on [IRC](irc) for more information on connecting to the network.
-
-Channels
---------
-
-`#linux` is the main channel. It is called like that for historical reasons (it
-was started as a fork of another channel) and most of the time discussion isn't
-about linux.
-
-If you run a channel, you are free to host a channel homepage (static HTML
-only) on this server. To do this, simply fork our 
-[github repository](https://github.com/xinutec/xinutec.github.io/)
-and create a pull request once your changes are is in place. A staff member
-will then review and approve it.
-
-People
-------
-
-These are the network operators/staff (effective or retired) with links to
-their homepages:
-
-- [ente](http://barfooze.de/)
-- [maito](http://maito.name/)
-- [Palo](http://des-grauens.de/)
-- [phryk](http://phryk.net/)
-- [pippijn](http://xinutec.org/~pippijn)
-
-Additionally, we like to link to the homepages of some permanent members here:
-
-- [McManiaC](https://nils.cc/)
-
-People with an affiliation (i.e. regulars) to the network can also host a user
-page on this server, similar to a channel page.
+Xinutec is a chat network and associated group of people who sometimes do
+projects together, and which exists in the current form since approximately
+2006.
+
+We're a group of people who are enthusiastic for computers and software related
+projects, but we also generally like creative ideas, science, social
+innovation, free software, talking to each other about our life and a lot more.
+If you're interested, even if you think you're none of these things I've just
+use to describe us, please check out our IRC network.
+
+If you're new to this whole IRC business, we recommend that you join using the
+[Webchat](https://qwebirc.xinutec.net/?channels=%23linux) and we'll just
+explain everything to you once you're there. Otherwise, [read on](irc/connect).

content/irc/connect/index.md

@@ -8,19 +8,3 @@ to contact our staff.
 
 Please see the menu on the left side for a list of clients for which
 documentation currently exists.
-
-The first step for all clients is to download and verify the CA certificate.
-You can download the certificate with wget or you can just save it by some
-other means as `xinutec-ca.crt` in the current directory.
-
-	$ wget http://xinutec.net/home/irc/ca.crt -O xinutec-ca.crt
-	[wget downloading output omitted]
-
-Now please check it against the output of the following command:
-
-	$ openssl x509 -noout -in xinutec-ca.crt -fingerprint -sha1 
-	SHA1 Fingerprint=65:79:0D:72:C7:5B:81:11:9F:71:2B:AD:93:79:58:EA:2A:18:93:11
-
-If the fingerprint value doesn't match the one mentioned here, someone has
-tampered with the CA certificate. In this case, please inform the network
-staff.

content/irc/connect/irssi.md

@@ -1,9 +1,8 @@
 Irssi
 =====
 
-First, download the [CA certificate](../ca.crt). Save this under
-`~/.irssi/xinutec.pem`. Then, add the Xinutec network to your configuration
-with the following command:
+First, add the Xinutec network to your configuration with the following
+command:
 
         /network add xinutec
 
@@ -15,8 +14,7 @@ continue with the instructions on connecting without a client certificate.
 
 Without client certificate, enter this command, all on one line:
 
-        /server add -ssl_cafile ~/.irssi/xinutec.pem -ssl_verify
-                    -auto -network xinutec irc.xinutec.net 6697
+        /server add -ssl_verify -auto -network xinutec irc.xinutec.net 6697
 
 In case you do have a client certificate with associated private key, save
 them both in `~/.irssi/client.pem` by concatenating them with the following
@@ -26,8 +24,7 @@ shell-command:
 
 and use the following irssi command, again all on one line:
 
-        /server add -ssl_cafile ~/.irssi/xinutec.pem
-                    -ssl_cert ~/.irssi/client.pem -ssl_verify
+        /server add -ssl_cert ~/.irssi/client.pem -ssl_verify
                     -auto -network xinutec irc.xinutec.net 6697
 
 If you aren't sure what these flags do, take a look at `/help server`
@@ -43,7 +40,6 @@ list:
           chatnet = "xinutec";
           port = "6697";
           ssl_cert = "~/.irssi/client.pem";
-          ssl_cafile = "~/.irssi/xinutec.pem";
           autoconnect = "yes";
         },
 

content/irc/connect/pidgin.md

@@ -4,17 +4,9 @@ Common to purple based clients
 Pidgin, Empathy and other libpurple based clients store the CA certificates in
 a common place.
 
-Our Xinutec [CA certificate](../ca.crt) should be saved in the global CA store.
-Save it as `Xinutec_CA.pem` under `/usr/share/purple/ca-certs` (or
-`/usr/local/share/purple/ca-certs` as appropriate). Under Windows, save it
-under `C:\Program Files\Pidgin\ca-certs` (or `C:\Program Files
-(x86)\Pidgin\ca-certs` as appropriate).
-
 Pidgin
 ======
 
-Refer to the above section about purple clients for the CA certificate.
-
 Next, add the IRC server to your client:
 
 ![Manage Accounts](screenshots/pidgin1.png)
@@ -29,8 +21,8 @@ sure you change the port number to 6697 and check the SSL checkbox.
 
 ![SSL Settings](screenshots/pidgin3.png)
 
-If you get the following message box, the installation of our CA certificate
-went wrong.
+If you get the following message box, the installation of your CA certificate
+store went wrong.
 
 ![Invalid Certificate](screenshots/pidgin4.png)
 

content/irc/connect/weechat.md

@@ -2,31 +2,12 @@ Weechat
 =======
 
 Weechat is a ncurses based IRC client. It currently does not support assigning
-a CA on a per per-network basis, so you will have to configure the Xinutec CA
-as the global CA, which means the Xinutec CA will be trusted to sign the
-certificates of any IRC network this instance of weechat will connect to via
-SSL. This is a small security bug the author intends to fix within the next few
-releases. See [this bug report](https://savannah.nongnu.org/task/?11357) for
-status updates.
+a CA on a per per-network basis, so you might need to add the [Let's
+Encrypt](https://letsencrypt.org/) root certificate to your certificate store.
+If you have a separate certificate store, you'll probably know how to do this.
+If you don't, no further steps are required.
 
-First, download the [CA certificate](../ca.crt). Save this under
-`~/.weechat/ssl-certificates.pem`. Then, set this as the default CA for all IRC
-networks as follows:
-
-	/set weechat.network.gnutls_ca_file ~/.weechat/ssl-certificates.pem
-
-Add all other CA certificates of networks you want to connect to securely, e.g.
-for freenode you might need a CA called `UTN_USERFirst_Hardware_Root_CA.pem`,
-so if you're running Debian, you need to do this:
-
-	cat /etc/ssl/certs/UTN_USERFirst_Hardware_Root_CA.pem >> ~/.weechat/ssl-certificates.pem 
-
-Repeat this for all CA certificates where establishing the connection fails.
-The name of the CA certificate you need to concatenate to the
-`~/.weechat/ssl-certificates.pem` file will appear somewhere in the as
-"issuer". Look in `/etc/ssl/certs` for a file with a corresponding name.
-
-Now you can add the server:
+Then, to connect:
 
 	/server add xinutec irc.xinutec.net/6697 -ssl
 

content/irc/index.md

@@ -11,14 +11,9 @@ obvious, but let's state it explicitly:
 SSL
 ---
 
-Each of our servers is equipped with a certificate issued by the Xinutec IRC
-Certificate Authority. We recommend downloading and installing the authority's
-[CA certificate](ca.crt) to verify the server's identity. If your client
-supports CRLs (certificate revocation lists), you may additionally link it to
-the [CRL](crl.pem). In general, you would not download the CRL, as it can
-change. The CA certificate, on the other hand, *should* be downloaded, as it
-may never change. If it does, that means it was compromised. If this happens
-to you, please contact one of our administrators as soon as possible.
+Each of our servers is equipped with a certificate issued by the [Letsencrypt
+Certificate Authority](https://letsencrypt.org/). You should verify the
+certificate. Please see the menu on the left for client specific instructions.
 
 Anonymity and authentication
 ----------------------------