Re:
On Mon, Mar 21, 2022 at 04:08:29PM +0100, BruderB wrote: > Yes, you do. > > Am 21.03.22 um 12:04 schrieb Justin Speagle via Gnupg-users: > > > > I need help > > Sent from my iPhone > > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > https://lists.gnupg.org/mailman/listinfo/gnupg-users http://catb.org/~esr/faqs/smart-questions.html -- Mark H. Wood Lead Technology Analyst University Library Indiana University - Purdue University Indianapolis 755 W. Michigan Street Indianapolis, IN 46202 317-274-0749 www.ulib.iupui.edu signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Key Management - BSI had send private key instead of public key
On Thu, Nov 18, 2021 at 02:15:53PM +0100, Rainer Fiebig via Gnupg-users wrote: > Am 18.11.21 um 13:27 schrieb Ineiev: > > On Thu, Nov 18, 2021 at 10:48:55AM +0100, Rainer Fiebig via Gnupg-users > > wrote: > >> That's kind of a misconception: as English is a western germanic > >> language it's not that German made its way into English but English is > >> *based* on German. > > > > To be precise, not on German---it's based on the common ancestor. > > both English and German deviate considerably from it. > > > I guess that saves the day for some. I can almost hear the sigh of > relief. ;) :-) https://en.wikipedia.org/wiki/The_Story_of_English if anyone finds this interesting. -- Mark H. Wood Lead Technology Analyst University Library Indiana University - Purdue University Indianapolis 755 W. Michigan Street Indianapolis, IN 46202 317-274-0749 www.ulib.iupui.edu signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Off-topic: standards for embedded signing of digital images?
On Thu, Sep 09, 2021 at 10:43:05AM +, Oli Kon via Gnupg-users wrote: > On 2021-09-08 4:53 p.m., Mark H. Wood via Gnupg-users - > gnupg-users@gnupg.org wrote: > > I didn't know where else to turn, for folks who might be able to point > > me at standards for or discussion of embedding crypto signatures in > > image formats, to detect tampering with the image. > > There are no standards that I have ever heard about that would > be specific to ~image~ files; so I would ask this: > > Which particular image file type are you interested in (.jpg, > .tiff, .png, .bmp, .psd...) are you interested in, and why is it > not appropriate to simply consider such file as another binary > file that someone needs to digitally sign? Formats: first of all .jpg, but really any image format that can bear signature data. Why are image files special? They aren't. For every type of structured file, one must consider the structure of the file type in order to insert a signature without disrupting the other content, to identify the content which should be covered by the signature, and to locate the signature data. -- Mark H. Wood Lead Technology Analyst University Library Indiana University - Purdue University Indianapolis 755 W. Michigan Street Indianapolis, IN 46202 317-274-0749 www.ulib.iupui.edu signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Off-topic: standards for embedded signing of digital images?
I didn't know where else to turn, for folks who might be able to point me at standards for or discussion of embedding crypto signatures in image formats, to detect tampering with the image. -- Mark H. Wood Lead Technology Analyst University Library Indiana University - Purdue University Indianapolis 755 W. Michigan Street Indianapolis, IN 46202 317-274-0749 www.ulib.iupui.edu signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg-agent and X
On Fri, Mar 05, 2021 at 10:16:41AM +0100, Klaus Ethgen wrote: > I have a my setup depending strongly on gpg-agent. For this, I preseed > some passphrases via pam_gnupg. > > While this setup work well on my Devuan machine, I have some troubles on > the Gentoo one, that I don't get solved. > > When the agent is started when I login via xdm (wdm), the agent does > never use X for displaying the pinentry. Even when `updatestartuptty` is > issued afterwards. As I use gpg-card even not everytime from the > console, I need that to display a X pinentry (currently the qt one, gtk > was preferred with gtk2 but the gtk3 one is horrible.) The only thing I can think of to check is: have you selected pinentry-qt5 using 'eselect'? -- Mark H. Wood Lead Technology Analyst University Library Indiana University - Purdue University Indianapolis 755 W. Michigan Street Indianapolis, IN 46202 317-274-0749 www.ulib.iupui.edu signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Thunderbird / Enigmail / Autocrypt
On Mon, Nov 23, 2020 at 07:08:12AM +0100, Matthias Apitz wrote: > El día lunes, noviembre 23, 2020 a las 03:03:54a. m. +0100, Johan Wevers > escribió: > > > On 22-11-2020 12:38, Juergen Bruckner via Gnupg-users wrote: > > > > > I don't understand why HTML in e-Mails is so important for some people. > > > > I agree on a personal level, but if you use your email also to > > communicate with business users (usually using Outlook) it would be nice > > to get their mails in a human readable format. Which requires, > > unfortunately, usually html. > > Since ages human read mails in ASCII or UTF-8 text. Why you think this > is not a "human readable format"? > > HTML as e-mail (read carefully: as email, not as attachment) should be > forbidden because most MUA automatically fetch additional remote content > which violates privacy and can fetch bad content into your system. > You're warned. I consider that Mutt gives me the best of both, when I configure it: auto_view text/html and in .mailcap: text/html; \ lynx -dump -force_html %s; \ copiousoutput The text is flattened. The result is sometimes ugly, but readable. Attachments (such as images, or things purporting to be images) are presented separately, and I can open them if I choose. (Or I can copy them out and inspect them in other ways, if I'm suspicious. Examining the un-rendered structure and content of some malicious messages can be briefly entertaining.) I would be mildly surprised to learn that my co-workers, outside of my immediate workgroup, are even aware that I don't see their emails rendered the way they do. And nobody has ever told me, "your message looks funny," except an occasional comment that someone couldn't open the "attachment" (meaning the PGP/MIME signature). Those stopped when I got a corporate X.509 certificate and configured Mutt to use S/MIME for internal mail. Other console MUAs probably can do similar things when configured to do so. -- Mark H. Wood Lead Technology Analyst University Library Indiana University - Purdue University Indianapolis 755 W. Michigan Street Indianapolis, IN 46202 317-274-0749 www.ulib.iupui.edu signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: keys require a user-id
On Wed, May 20, 2020 at 03:27:28PM -0700, Mark wrote: > Did a bit more experimenting with it. You can have something only in > the first name field but it has to be a minimum of 5 characters and the > first one must be a letter. .. *sigh* https://www.kalzumeus.com/2010/06/17/falsehoods-programmers-believe-about-names/ > On 5/20/2020 3:16 PM, Mark wrote: > > It must be... With all the talk of "anonymous" keys I wanted to see if I > > could create one with Kleopatra, especially since it says optional for > > name. > > > > On 5/20/2020 12:27 AM, Andrew Gallagher wrote: > >>> On 20 May 2020, at 06:32, Mark wrote: > >>> > >>> Just to test this out I tried creating a new key in Kleopatra with no > >>> name and then with just a single name and it would not let me do it. It > >>> had to have a first and at least a last initial. > >> This must be a Kleopatra limitation. I have successfully created IDs > >> consisting of a single word using the gpg command line. > >> > >> Such a limitation would be user-hostile, as there are people in some > >> cultures who have only one name, the Indonesian dictator Suharto being one > >> famous example. > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users -- Mark H. Wood Lead Technology Analyst University Library Indiana University - Purdue University Indianapolis 755 W. Michigan Street Indianapolis, IN 46202 317-274-0749 www.ulib.iupui.edu signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gmail smime, sends two messages one is not encrypted. Experience?
On Sun, Dec 08, 2019 at 10:38:43AM +0100, Uwe Brauer via Gnupg-users wrote: > Now to the question s/mime versus gnupg. > > There are the following points which make s/mime easier. > > 1. Key generation. In s/mime you apply for a certificate and don't >have to generate the key by yourself. Oh, I hope not. The point of asymmetric crypto is that you never, ever, give your private key to anyone, even, *especially*, the CA. The proper way to get an X.509 certificate is to generate a keypair, keep the private key private, and send a CSR containing the public key to the entity which will issue the certificate. -- Mark H. Wood Lead Technology Analyst University Library Indiana University - Purdue University Indianapolis 755 W. Michigan Street Indianapolis, IN 46202 317-274-0749 www.ulib.iupui.edu signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gmail smime, sends two messages one is not encrypted. Experience?
On Sat, Dec 07, 2019 at 09:51:34PM +0100, Stefan Claas via Gnupg-users wrote: > Juergen BRUCKNER wrote: > > > Hi Stefan > > > > Thats not the approach PGP pursues. > > PGP was, is and should continue to be decentralized in the future. It > > was never really intended to validate identities in a wide circle, but > > to secure communication, and - im parts - to ensure the integrity of > > software. > > Well, the integrity of software can also be shown with a simple hash > value posted, because I can not verify if the sig belongs to person > xyz, even when he / she has a lot of fan sigs from people unknown to > me. Yes, if you trust that the page with the hash on it has not been compromised. Once the bad guy is inside the site, changing the hash is just as easy as replacing the software. Signatures depend on material that is *not* in the same place with the signed object (if we're doing it right) and thus can be verified from independent sources. Simple hashes can only detect simple failures. They have no value against a careful adversary. PKC, used properly, can raise the cost of compromise, by increasing the number of places that the bad guy must break into and get out of undetected. This is the electronic analog of a principle in physical security: require the bad guy to spend time, make noise, and create a visible mess, to increase his fear of being discovered to the point that the expectation of winning is not worth the expectation of losing. -- Mark H. Wood Lead Technology Analyst University Library Indiana University - Purdue University Indianapolis 755 W. Michigan Street Indianapolis, IN 46202 317-274-0749 www.ulib.iupui.edu signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gmail smime, sends two messages one is not encrypted. Experience?
On Sat, Dec 07, 2019 at 08:59:16PM +0100, Stefan Claas via Gnupg-users wrote: > Juergen Bruckner via Gnupg-users wrote: > > Hi Juergen, > > > This question is very easy to answer. > > > > S/MIME has some advantages over (Open)PGP. > > One of them - the most important for the usual S/MIME users - is, that > > S/MIME allows the uniquely identification of a communication partner, > > which is only limitedly possible with PGP. > > > > In addition, educational institutions, such as universities, schools, > > research networks etc., have their own internal CA, which keeps the > > costs very manageable. > > Ah, o.k. with an own CA that make sense. However, I was also assuming > that students may use their certs also for 'outside' comms, which then > would require then that the other parties have always to import non- > trusted root certs, which is not the case with commercial ones, obtained > from globally trusted CAs. Here, the University has a deal with an academic consortium to provide cert.s chained back, ultimately, to a well-known commercial provider. I just submit a CSR to a website, a globally-valid cert. is issued to me in a few hours, and my department is not billed for anything. It's probably cheaper than all the paperwork required to process a requisition and chargeback. We use this, not only for email, but for websites and other network services, where there is no viable OpenPGP-based alternative. The ability to issue email certificates was actually added later, when the Powers That Be became increasingly concerned about phishing. > > Am 05.12.19 um 23:39 schrieb Stefan Claas via Gnupg-users: > > > Sorry, I can't help you but I do have a question, if you don't mind ... > > > > > > Why are the Students at the University don't use OpenPGP with Gmail > > > via the free Mailvelope add-on for Firefox, Chrome? Wouldn't that be > > > not cheaper instead of purchasing a whole lot of S/MIME certificates? -- Mark H. Wood Lead Technology Analyst University Library Indiana University - Purdue University Indianapolis 755 W. Michigan Street Indianapolis, IN 46202 317-274-0749 www.ulib.iupui.edu signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Future OpenPGP Support in Thunderbird
On Sat, Oct 12, 2019 at 10:13:59AM +0300, Teemu Likonen via Gnupg-users wrote: > Philipp Klaus Krause [2019-10-08T15:34:28+02] wrote: > > > It would be really nice, if Thunderbird could add an option to use the > > gpg key storage instead of its own, [...] > > I agree with that even though I have never really used Thunderbird. > > But using a custom key storage and implementation (or do they use > Sequoia PGP library?) is an interesting choice in the world of Unix-like > systems. It's pretty much the normal way elsewhere, though. > > PGP and GnuPG and the related communities have tried really hard to > build a system based on person's long-term identity keys. All that web > of trust thing relies on keys that are used relatively long time. But as > we know this doesn't work for most people. People are really bad at > maintaining long-term identity keys. I think this is the most important > reason why other software just auto-generate "device keys" or > "application keys" and exchange them. They just forget about the > identity part and keys' usage in the long term. Change your phone or > just reinstall the application and you'll have new keys. Keys come and > go and it's perfectly normal. That would be one of the reasons why I tend to avoid "other software". My primary use-case is identity, not secrecy. I am not alone: quite a few employers are at last discovering crypto signatures in their efforts to combat spear-phishing, and spending quite a bit of money and effort to deploy them. (I accept that most of them are using S/MIME rather than OpenPGP, but that's a detail; identity is important.) > Thunderbird seems to be going to that direction and it is probably a > good thing. From the mindset of crypto nerds (like us) or Unixy tool box > this can be a barrier, obviously. Humph, I was already grumpy about Mozilla products' insistence on having their own insular X.509 store, meaning that I have to install certificates twice (once for Firefox, again for *everything else*.) Maybe there will be an add-on, so that those who care can choose to integrate Thunderbird into their systems rather than having it still standing off to one side haughtily awaiting special treatment. -- Mark H. Wood Lead Technology Analyst University Library Indiana University - Purdue University Indianapolis 755 W. Michigan Street Indianapolis, IN 46202 317-274-0749 www.ulib.iupui.edu signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Essay on PGP as it is used today
On Mon, Jul 22, 2019 at 03:46:18PM +, Ryan McGinnis via Gnupg-users wrote: >[1]https://www.schneier.com/blog/archives/2018/05/details_on_a_ne.html > >� 3. Why is anyone using encrypted e-mail anymore, anyway? Reliably and >easily encrypting e-mail is an insurmountably hard problem for reasons >having nothing to do with today's announcement. If you need to >communicate securely, use Signal. If having Signal on your phone will >arouse suspicion, use WhatsApp.� Depends on your threat model. For mine, reliably and easily encrypting email is almost absurdly simple: 1) Use PGP 2) Don't send secrets to people I don't trust to keep them. Anyway, 99% of my PGP use is for the opposite of secrecy: I sign my emails so that (if you care enough to install PGP) you can be highly assured that they're from me. -- Mark H. Wood Lead Technology Analyst University Library Indiana University - Purdue University Indianapolis 755 W. Michigan Street Indianapolis, IN 46202 317-274-0749 www.ulib.iupui.edu signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: A Solution for Sending Messages Safely from EFAIL-safe Senders to EFAIL-unsafe Receivers
On Tue, May 29, 2018 at 08:22:33AM -1100, Mirimir wrote: > On 05/28/2018 12:15 AM, Werner Koch wrote: > > On Thu, 24 May 2018 00:05, gnupg-us...@spodhuis.org said: > > > >> up at <https://github.com/autocrypt/memoryhole>. > > > > Given that I see more and more mails with "Encrypted mail" as subject, > > this feature is getting more and more annoying. It will eventually not > > anymore possible to pre-sort mails as it is commonly done either mental > > of by tools. Well, some MUAs might be able to auto-decrypt whole > > folders but that opens a more severe security problem (e.g. Tempest > > oracle) than having a plaintext subject. > > That is problematic for me, because I choose to store messages > encrypted. My correspondents and I do use generic subject, but it's not > uncommon to have long, branching threads. So it's very difficult to find > old stuff. No search, without mass decryption. Maybe Enigmail needs a > search extension ;) I think that this points out something: while integrity and authenticity may be bolted on using third-party packages, secrecy must be organic to an email agent. If there is to be a "Real-Subject:" header within the encrypted payload, then user agents must look for it and handle it appropriately. This probably includes extracting and indexing suitable encrypted labels upon decryption. But that then means that the index records must be encrypted. As is often the case with devising secure facilities, much of the difficulty lies not in how to do things but in knowing where to look for things to be done. Each subset of the consumers of security practice (email is only one) needs a few trusted sources of up-to-date best practice which focus on the ways in which that subset may be usefully attacked. To do good, not only must such sources exist; they must be widely known and valued, so that people who build software will consult them regularly when planning new projects or overhauling existing ones. > > We can't enforce technical security without proper OPSEC. Regarding the > > Subject, Reference, etc, it is way easy and more secure to educate the > > user about the fact that only the content is _end-to-end_ encrypted and > > other parts, like the Subject, are required to be plaintext for proper > > routing and mail handling. Hear, hear. -- Mark H. Wood Lead Technology Analyst University Library Indiana University - Purdue University Indianapolis 755 W. Michigan Street Indianapolis, IN 46202 317-274-0749 www.ulib.iupui.edu signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: A postmortem on Efail
On Tue, May 22, 2018 at 01:42:07AM +0100, Mark Rousell wrote: > On 21/05/2018 15:17, Mark H. Wood wrote: > >> Break backwards compatibility already: it’s time. Ignore the haters. I > >> trust you. > > (I understand that that's a quote of a discussion-opener from the write-up.) > > > > I'd like to first see how many haters can be won over by selling the > > necessary changes. > > > > By "selling" I mean addressing the concerns of those who aren't > > convinced that they want something: > > > > o Why this is important *to you*, even though its importance was not > >immediately obvious. > > To my mind it is at the outset counter-productive to refer to "haters". > To use the term "haters" implies that anyone who does not share one's > own view is somehow wrong and/or that their arguments can potentially be > dismissed on the grounds or emotionalism rather than rationality. *sigh* Imagine that I wore a wry expression as I wrote that. I think we are mostly in violent agreement. I tend to play off of the wording of a previous statement when replying, especially when I want to bend the discussion in a different direction. > In practice, those like myself who recognise that the ability to decrypt > legacy-encrypted data is a basic requirement for many users with > archival needs do not "hate" anything. We just recognise that decryption > of legacy-encrypted data is a real world requirement right now and will > continue to be for many years, and so I think it is right and proper for > this project to continue to support this activity with maintained > software (albeit with a requirement for users to make some changes to > support such activity). Yes. I, too, have encrypted stuff from way back that I would like to be able to read. Addressing such needs is part of selling the selected way forward. Another part of selling is dialogue. I see lots of confident assertions about what we should do. Is anyone taking this back to the affected users to see if any of it makes sense to them? > > o What we have done, and are doing, to keep *your* cost down. > > If the aim is to keep end-users' costs down then do not completely > remove legacy features that are still needed in the real world. > Decryption of legacy-encrypted data is one of those features, like it or > not. Yes, but don't just do it silently; tell people who need this that it is being done, because of their concerns, and how it is being done. Sell it. > > o What else would we need to do, to make this something *you* want? > > Go back in time and change history! [snip] I was hoping for practical ideas which show that the community understands the needs of all its members and is working to minimize the cost of necessary evolution. I'd like to be one community, but apparently at the moment we are two. -- Mark H. Wood Lead Technology Analyst University Library Indiana University - Purdue University Indianapolis 755 W. Michigan Street Indianapolis, IN 46202 317-274-0749 www.ulib.iupui.edu signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: A postmortem on Efail
On Sun, May 20, 2018 at 07:23:17AM +, Dmitry Gudkov wrote: > I want to get involved and give a damn! [applause] > Break backwards compatibility already: it’s time. Ignore the haters. I > trust you. (I understand that that's a quote of a discussion-opener from the write-up.) I'd like to first see how many haters can be won over by selling the necessary changes. By "selling" I mean addressing the concerns of those who aren't convinced that they want something: o Why this is important *to you*, even though its importance was not immediately obvious. o What we have done, and are doing, to keep *your* cost down. o What else would we need to do, to make this something *you* want? -- Mark H. Wood Lead Technology Analyst University Library Indiana University - Purdue University Indianapolis 755 W. Michigan Street Indianapolis, IN 46202 317-274-0749 www.ulib.iupui.edu signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Don't Panic.
On Mon, May 14, 2018 at 04:48:31PM +0100, Mark Rousell wrote: > Amongst other things this includes the following paragraph which, as I > understand it, is essentially untrue: > > "There are currently no reliable fixes for the vulnerability. If you > use PGP/GPG or S/MIME for very sensitive communication, you should > disable it in your email client for now," said Sebastian Schinzel > <https://twitter.com/seecurity/status/995906576170053633>, a > professor of computer security at the University. Heh. "We've discovered that locks can be picked, so you should remove all the locks from your doors right now." -- Mark H. Wood Lead Technology Analyst University Library Indiana University - Purdue University Indianapolis 755 W. Michigan Street Indianapolis, IN 46202 317-274-0749 www.ulib.iupui.edu signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Why would I want S/MIME?
On Mon, Sep 12, 2016 at 03:10:24PM -0400, Robert J. Hansen wrote: > > I understand what S/MIME is and that it's probably the easiest crypto > > solution for most email users. But why would someone comfortable with > > GnuPG use it? > > There's a subtle point here. The question isn't whether you're comfortable > with GnuPG; the question is whether the people you want to send email to are > comfortable with GnuPG. Indeed, it's like telephones: for communication to happen, both parties must have them. > I use S/MIME literally daily at work. My co-workers like S/MIME because it's > close to an "it just works" solution. Few of my co-workers have been willing > to learn GnuPG. That echoes my experience. At work we have a bulk-purchase arrangement for certificates, so if I need one I just request one and it magically appears. OTOH most external correspondents have been unwilling to pay the price of a certificate, so with those few who *are* willing to pay the time to learn OpenPGP I use that. At work, Mutt (my MUA) is set up with keys for both and some rules to automatically select the right one for each To: address. In some workplaces, S/MIME is mandated. That's another reason. :-) With all the phishing going on these days, I foresee a wave of companies issuing policies that unsigned mail seeming to come from a fellow employee must be reported and then ignored. Since it's already easy to just buy certificates, they'll probably mostly go S/MIME. -- Mark H. Wood Lead Technology Analyst University Library Indiana University - Purdue University Indianapolis 755 W. Michigan Street Indianapolis, IN 46202 317-274-0749 www.ulib.iupui.edu signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: 2 Q's
On Wed, Aug 17, 2016 at 09:52:59AM -0400, Robert J. Hansen wrote: > > That sounds like an argument for marking downloaded local copies of > > public keys stale after a certain period, similarly to DNS TTL... > > That suggestion fills me with horror. Key management is *already* a > nightmare without adding this to it. > > Better by far to provide a cronjob that can do the refreshing > automatically -- or, on Windows, to write a service to do it. No need for yet another service; use Task Scheduler to run the refresh command periodically. -- Mark H. Wood Lead Technology Analyst University Library Indiana University - Purdue University Indianapolis 755 W. Michigan Street Indianapolis, IN 46202 317-274-0749 www.ulib.iupui.edu signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How can it be made even easier!?
On Sun, Oct 11, 2015 at 05:34:41PM -0400, Jean-David Beyer wrote: > On 10/04/2015 10:30 AM, Don Saklad wrote: > > How can it be made even easier!? > > > > Trying to encourage M.D.'s to use it is met with complaints about not > > having time to learn about it. Set up is a too complicated sequence of > > steps that aren't entirely clear. The steps can get hampered where there > > aren't instructions that cover what to do when one of the steps goes > > awry! > > > > Not just doctors. My lawyer has the same problem. She really needs > signed e-mails and encrypted e-mails, but has not the time to learn all > about how to install and use it. Dare I suggest that people who need private and/or integrity-protected email for professional use should hire a professional to interview them, set up the software according to the client's standards for professional practice, and explain its use? (That would suppose that one *can* find such people for hire.) Doctors and lawyers shouldn't be doing such things for themselves -- they aren't trained for it, they don't have time for it, and much rides on getting it right. (I had added "and bankers", but banks have whole departments devoted to securing records and communication, or should.) Doctors and lawyers hire accountants to set up their financial subsystems, so why not hire experts to set up their communication subsystems? It probably comes down to getting the professions to squarely address the problem of just what *are* their standards of professional practice for secure electronic communication with their business associates. I get the sense that this is a problem which is being studiously ignored because it is (a) hard and (b) deep in somebody else's problem domain. We should always be looking for ways to make things easier to use. But there are limits to just how simple some processes can be made before violence is done to the nature of the process and the utility of its outcomes. There *are* doctors and lawyers because medicine and law are inherently hard problems requiring considerable expertise to do well. What is the limit of simplification of secure electronic messaging imposed by its intrinsic difficulties? We should be wary of transgressing that limit in the name of further ease of use. There are already enough examples of systems which have been made so easy to use that they should not be used at all. -- Mark H. Wood Lead Technology Analyst University Library Indiana University - Purdue University Indianapolis 755 W. Michigan Street Indianapolis, IN 46202 317-274-0749 www.ulib.iupui.edu signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How to get your first key signed
On Thu, Oct 01, 2015 at 09:33:59AM +0100, Bob Henson wrote: > On 30/09/2015 8:58 pm, Robert J. Hansen wrote: > >> I create for myself a gpg key and want to get it signed > > > > More important than whether your certificate gets signed is who signs > > the certificate, who they are connected to, and so on. > > > > Some people will sign almost anything. People who get a reputation for > > signing anything develop a reputation for their signatures being > > meaningless. Some people have very strong requirements before they'll > > sign. Their signatures are often worth quite a lot of credibility, but > > good luck getting them. > > > > The good news is this *can be done*. I promise. > > > > The best thing you can do right now is to get involved in the community. > > Get engaged in the mailing lists (here, PGP-Basics, Enigmail-Users are > > three good ones). And when you post, sign your messages. Over time > > people will come to trust that your signature connects to the real you, > > even if they can't promise that your name really is David Niklas, or > > can't say what you look like. > > > > Whilst that is partially useful, surely it only vouches for the fact > that the postings came from the same person and not who that person is - > and as such is of very limited use. I have a "newsgroup" key for that > purpose - but it is a tad pointless. I think I know the person who calls > himself Robert J. Hansen and you have certainly corresponded with > someone called Robert H. Henson, but we have no idea who those people > are unless we meet. Keys should only ever be signed in person and if the > person is not well known to you by sight, with some form of irrefutable > photo evidence being presented along with the key signature - a > passport, or something carrying equal weight. There are two issues here. One is what the O.P. asked: how to get useful signatures which bind a key to a specific physical-world person. Face-to-face meetings, photo ID, etc. are all part of that. But the other is binding a key to a reputation. And that can be done at arms' length, simply by doing stuff in public and signing the stuff with your perhaps-unsigned key. If I've examined, tested, and used stuff bound to key X, and learned to trust it, then when I meet some other stuff bound to key X it is not unreasonable to trust it more readily since, by means of key X, it is bound to stuff that I already trust. > There might be a possible exception where there is no individual person > to meet - the verification signature with software, say. When you have > downloaded the software from the same, known website for some time it > might be reasonable to sign the verification key - if a tad pointless if > it is only really a checksum. Perhaps the same applies to a Certificate > Authority key, say. But a signature of any person's key that you have > not met and positively verified is worse than useless as it degrades the > whole trust process. Someone who I had never previously even heard of > once signed my old, now revoked key - were that person someone "known" > to be nasty, it would have degraded my key's value. The best it could > have been is totally meaningless. To put my point more plainly: signatures on products and signatures on keys mean different things, and to gain trust for them works in different ways. -- Mark H. Wood Lead Technology Analyst University Library Indiana University - Purdue University Indianapolis 755 W. Michigan Street Indianapolis, IN 46202 317-274-0749 www.ulib.iupui.edu signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: bugs.gnupg.org TLS certificate
On Fri, Mar 13, 2015 at 05:55:53AM -0300, Hugo Osvaldo Barrera wrote: On 2015-03-13 08:21, Werner Koch wrote: On Fri, 13 Mar 2015 00:21, h...@barrera.io said: No need for a wildcard one. Just get one free certificate for each subdomain from StartSSL. Definitely not. It far easier to pay 10 Euro a year for one from Gandi. But that is all not an issue, migrating Roundup to a newer version is more work. I don't see what's easier (maybe it takes a few minutes less?), nor the point in paying for something you can have for free with the same quality. That is precisely the issue with free or even cheap certificates: they are likely *not* of the same quality. A few years ago, I ordered my first certificate from a well-known CA. They charged us $159.00. I *know* that they check up on new applicants: our security officer got a phone call from them, asking if I was legitimately representing the organization. That certificate certified more than just probably the same host that presented this certificate to you last time. A CA that charges nothing cannot afford to do much (any?) checking of the assertions in my CSR. The resulting signature thus cannot have some of the meaning that a more thoroughly investigated CSR can support. A free cert. may have all of the qualities that you need, but I recommend that you think as carefully about your choice of CA as you do about who you would have sign a PGP key. The more you depend on a certificate for *establishing* trust, the more it's going to cost you, because it's going to cost the issuer more to provide that assurance while protecting his own reputation. -- Mark H. Wood Lead Technology Analyst University Library Indiana University - Purdue University Indianapolis 755 W. Michigan Street Indianapolis, IN 46202 317-274-0749 www.ulib.iupui.edu signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: German ct magazine postulates death of pgp encryption
On Fri, Feb 27, 2015 at 09:45:36AM +0100, gnupgpacker wrote: German ct magazine has postulated in their last edition that our pgp handling seems to be too difficult for mass usage, keyserver infrastructure seems to be vulnerable for faked keys, published mail addresses are collected from keyservers and so on... Whenever someone says that X is too complex for people to use, I always remember something attributed to Albert Einstein: In physics, everything should be made as simple as possible. But not simpler. I think it may be more widely applied. Some problems are inherently difficult. Any successful attempt to remove *inherent* complexity means that you are now solving a different problem which, while it may be interesting, might not model reality in a particularly useful way. It's always good to look for patterns that lead to useful simplification. But there comes a point at which no further simplfication can be done without making the system less useful. So: how well does PGP model the problems that people face in communicating securely? Does that model decompose neatly into smaller, simpler models that fit well to distinct communities of communicators? *Are* there useful clusterings of communication needs, w.r.t. security, within the community of communicators? -- Mark H. Wood Lead Technology Analyst University Library Indiana University - Purdue University Indianapolis 755 W. Michigan Street Indianapolis, IN 46202 317-274-0749 www.ulib.iupui.edu signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Thoughts on Keybase
On Mon, Jan 05, 2015 at 08:22:47PM -0500, Robert J. Hansen wrote: We only *suspect* that: we saw him holding a smoking gun but did not actually see him fire it. True. But we have established an identity between him and a person of interest in the case. Investigation of that interest is going to require some more identities (where were you on the night of the 13th?) Yes, which is plenty sufficient to soothe my conscience about invasive measures. If there's a homicide, ought it go uninvestigated and the shooter undiscovered just because we're concerned we might be invading the privacy of a possibly-innocent person? I would suspect I was grossly misunderstanding you were it not for what you said below: I'm not fine with invasive anything whilst they are *only* a suspect. And once you have proven guilt or innocence it matters not a jot who they are. I suspect that imprecise language such as who they are lies at the root of the disagreement here. I think there may be some disagreement about the meaning of invasive as well. Until you prove guilt I won't approve of any serious investigation into who did it or how. And if somehow you prove guilt anyway then you don't need to ask these questions any more, so I still won't approve. Okay. Thanks. I'm really glad you're in the minority: if I were to wind up murdered on a city street, I'd really hope the police would care enough to find out who did it and how it was done and why -- even if those questions might offend people's sensibilities. Well, if a person is suspected of a crime, many of his various identities are irrelevant. Others may be critical to establishing guilt or innocence. (But this photo of me in the Boston Globe shows that I was nowhere near the scene at the time you say the crime was committed. Look at that clock behind me.) Now, if guilt is established, that new identity matters a great deal, since it tells us who to discipline. If guilt is disproven then that should be made clear to anyone who might reasonably have learned of the suspicion. So: o if guilt is proven, that is the only identity we care about w.r.t. the crime; o if guilt is disproven, then the suspect's public identities are relevant to publishing his innocence. Things get murky when you consider established procedures. If the suspect is released, but ordered to remain available (don't leave town) then the police need to record and distribute established identities sufficient to detect whether the suspect is disobeying the order. Later there may be a need to identify a person who is no longer to be especially watched. (This is why I tend to think of identification as the establishment and maintenance of sets of mappings or labels. I have a lot of labels (identities) stuck on me by family, friends, enemies, employers, trading partners, etc., each of which is more or less independent. Various sets of these labels make up how my associates retrieve their concepts of me.) -- Mark H. Wood Lead Technology Analyst University Library Indiana University - Purdue University Indianapolis 755 W. Michigan Street Indianapolis, IN 46202 317-274-0749 www.ulib.iupui.edu signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encryption on Mailing lists sensless?
It's time to expose my ignorance again, hopefully to cure some of it. On Mon, Nov 17, 2014 at 12:02:07PM -0500, Robert J. Hansen wrote: But sorry, I disagree a little bit. If we want literally to jam the secret service's attempts to decrypt mails, then it makes sense to use encryption for every single mail, private, business, nonsense and spam This would have the ultimate effect of destroying email as a platform. Email works as well as it does -- as well as fails so miserably in other ways -- largely *because* it's open to inspection. As an example, pervasive end-to-end encryption would require antispam defenses to move to the client rather than being deployed at the mailserver or relay. This would essentially be tantamount to giving up, since there are no really effective client-side antispam measures. Would this not at the same time make it simple for MUAs to discover that this message is not from anyone you say you know. Delete without reading? Because to decrypt the SPAM, you need the public key, which is identifiable. Even if the spammers lie, well, it's from no one you know, or it's verifiably *not* from who the sender claims to be. Similarly, it would assist in the spread of malware and viruses and for the same reasons. If a mailserver can't inspect the email, it can't recognize malware and quarantine it for the health of the internet. Again, if it's provably from no one you say that you trust, the MUA could refuse to execute runnable content without explicit permission. (Which I say should be the normal and only setting for all content, but I know I'm a crank.) I can also say that, so far as I know, the principal effect of MTA-based antivirus in my life is to prevent me consciously emailing known innocuous code that I wrote to people who ask for it. So I for one wouldn't miss it. That's selfish of me, of course. -- Mark H. Wood Lead Technology Analyst University Library Indiana University - Purdue University Indianapolis 755 W. Michigan Street Indianapolis, IN 46202 317-274-0749 www.ulib.iupui.edu signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encryption on Mailing lists sensless?
On Mon, Nov 17, 2014 at 01:49:01PM -0500, Robert J. Hansen wrote: [snip] The crypto dream is that the confidentiality of our messages will be preserved for centuries after our death, which sounds really great up until you consider what an archaeologist circa 4000 AD is going to be thinking. I have a stack of records here that could shed light on the way people lived in a long-dead civilization, but I can't read them. Why? What were these people doing that they thought their email to their Aunt Edna needed to remain secret for all time? Why is it that, millennia after they're gone, Aunt Edna's recipe for potato salad has to be gone with them? Or think about your own kids, circa 2040 AD. I'd love to read these emails between Mom and Dad when they were courting, but ... they were afraid of Somebody-with-an-S reading their emails. I wonder if they ever thought that the Somebody might be their son, who wanted to understand after their deaths how it was these two people came to meet and fall in love. This raises an interesting point. If I bequeath my collected letters to someone, how do I arrange the transmission of the necessary passphrases as well? I wonder if the lawyer who draws up my will would even understand the question. -- Mark H. Wood Lead Technology Analyst University Library Indiana University - Purdue University Indianapolis 755 W. Michigan Street Indianapolis, IN 46202 317-274-0749 www.ulib.iupui.edu signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: NSA, PGP and RSA
On Wed, Oct 01, 2014 at 06:09:54PM -0700, Robin Mathew Rajan wrote: Straight to my question! According to many speculations out in the public, NSA has weakened RSA algorithm. Is it still safe to use the RSA as the underlying algorithm for generating the keys? How could anyone honestly answer that question, if the suspected weakness has never been found? We don't know that it exists, and if it does exist we don't know its nature. -- Mark H. Wood Lead Technology Analyst University Library Indiana University - Purdue University Indianapolis 755 W. Michigan Street Indianapolis, IN 46202 317-274-0749 www.ulib.iupui.edu signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: GNU hackers discover HACIENDA government surveillance and give us a way to fight back
On Wed, Aug 27, 2014 at 06:46:13AM -0400, d...@geer.org wrote: | Is this not the core of the question? In a world of social media | and sensor-driven everything, does not the very concept of private | information fade, per se? I believe it does. | | No. Taking part in social networks and other media is a choice. One can | a) choose not to take part at all, or b) choose how one takes part and | what information one shares. | | In short, privacy of information is still real, still relevant, and | still (largely) within the control of the individual. Tools such as | encryption help retain the reality of privacy of information. | | The question of privacy of information is of critical importance to | liberty. By choosing to believe that privacy (or specifically privacy of | information) is a concept that has fadeed you are playing into the | hands of those who would wish to forcefully strip us all of privacy, | whether we like or or not. That would be a mistake, I think. I fully agree with you, which means that I see few ways to preserve the liberty that privacy represents than to withdraw from much of civil society while it shares ever more -- sharing ever more on the I've got nothing to hide premise. Technology makes what is observable by others daily grow wider; lip reading robots, electric grids that know the noise signature of every device you own, smart cameras on every street corner, MIT's visual microphone, electronic health records that are and must be shared amongst providers plus the providers' paymasters, and on and on. That these are possible is worrisome; that they are widely built into services which promise convenience is the Pied Piper institutionalized. As I wrote elsewhere(*), we are becoming a society of informants -- I have nowhere to hide from you. It was never possible to live in perfect anonymity. You can't participate in society and be invisible to it at the same time. One has to accept being known, to some extent. So, secrecy is only one part of privacy. Another part is effectively asserting what you believe is right. Just because someone knows something about you, doesn't mean he understands it or can argue properly. Challenge the idiots, the misinformed, the insufficiently educated, the malicious, and make their misuse of your personal information costly. Without that, you will indeed live in a bubble of privacy which steadily shrinks until it evaporates entirely. Lies, rumors, and faulty logic readily die of exposure. Expose them! If someone attacks your secrets...attack his! The falsity of a false argument is one of your opponent's centers of gravity, so strike it to keep him busy protecting it. Secrecy alone is defensive. The term for a purely defensive figher is loser. -- Mark H. Wood Lead Technology Analyst University Library Indiana University - Purdue University Indianapolis 755 W. Michigan Street Indianapolis, IN 46202 317-274-0749 www.ulib.iupui.edu signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: It's time for PGP to die.
On Sun, Aug 17, 2014 at 12:41:52AM +0100, Nicholas Cole wrote: On Sun, Aug 17, 2014 at 12:08 AM, Robert J. Hansen r...@sixdemonbag.org wrote: [snip] OpenPGP's biggest problem, BTW, which goes *completely unmentioned* in this blogpost: OpenPGP can't protect your metadata, and that turns out to often be higher-value content than your emails themselves are. Further, exposed metadata is inherent to SMTP, which means this problem is going to be absolutely devilish to fix. That is true. But perhaps it would be a start if email clients actually put the actual email (with subject and references headers etc.) as an attachment to a bare email that contained only the minimal headers for delivery. It wouldn't be a perfect solution, but it would at least fix a certain amount of metadata analysis. Perhaps it would be a start if sites providing SMTP would turn on STARTTLS. -- Mark H. Wood Lead Technology Analyst University Library Indiana University - Purdue University Indianapolis 755 W. Michigan Street Indianapolis, IN 46202 317-274-0749 www.ulib.iupui.edu signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: It's time for PGP to die.
On Mon, Aug 18, 2014 at 08:15:49AM -0600, Aaron Toponce wrote: On Mon, Aug 18, 2014 at 09:59:33AM -0400, Mark H. Wood wrote: Perhaps it would be a start if sites providing SMTP would turn on STARTTLS. STARTTLS does not encrypt mail. It only provides safe passage over the network. Sure, it does encrypt mail. My SMTP has mail from me to deliver. It contacts an SMTP that it thinks can get the mail closer to its addressee. My SMTP sends STARTTLS, the receiving SMTP agrees, they handshake, and the rest of the session, including MAIL FROM, RCPT TO, and my mailgram following the DATA, is encrypted over the wire. It is also client/server encrypted and decrypted. Thus, an administrator with root at an SMTP server can view the mail once the mail transfer is decrypted. As is often said here, what's your threat model? Keeping nonprivileged people out of the transaction is worthwhile, if I am worried about mail being spied on in transit. STARTTLS greatly reduces the number of parties who could just read email metadata if they have access to the wire. Sysadmin.s take a risk if they are prying into the mail spool -- they could be discovered. Governments, too, may judge that the cost of exposure of such activity is worth more than the advantage of doing it. But I wouldn't depend solely on STARTTLS for securing email any more than I am satisfied to depend solely on encrypting the message body with OpenPGP or similar means. I believe in making the bad guys take as much time, create as much mess, and make as much noise as I can compel. It costs almost nothing to make as much trouble as possible for snoopers, and it's interesting work, so why not do it? Also, many big mail vendors have already enabled SSL/TLS/STARTTLS, such as Google, Yahoo, and Microsoft. You mean those webmail thingies that I never use? There's so much we don't know about their security practices that I wasn't even thinking about such services. My remark was focused on the scenario above: there is a local MUA, a local MTA and a remote MTA. -- Mark H. Wood Lead Technology Analyst University Library Indiana University - Purdue University Indianapolis 755 W. Michigan Street Indianapolis, IN 46202 317-274-0749 www.ulib.iupui.edu signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: It's time for PGP to die.
On Sun, Aug 17, 2014 at 10:41:27AM +0100, da...@gbenet.com wrote: Time to die? Well after 20 years I think it is all very academic - professors sit in class rooms the world over - not much common sense comes out of their mouths. The real issues are: (a) do we want to implement our own security on our own devices as a geek or Yes. I know what tools I used and how I used them. (b) have some automated pre-installed software that will create all that's necessary at first boot or No. I have no idea what it actually did. (c) rely on some large corporation to handle the encryption and decryption for us Same answer as (b). -- Mark H. Wood Lead Technology Analyst University Library Indiana University - Purdue University Indianapolis 755 W. Michigan Street Indianapolis, IN 46202 317-274-0749 www.ulib.iupui.edu signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: symmetric email encryption
On Sat, Jul 19, 2014 at 05:46:02PM -0700, Bob Holtzman wrote: On Sat, Jul 19, 2014 at 01:55:45PM -0400, Robert J. Hansen wrote: A factor of two is immense to you...? Yes. A secret that only I know I can keep; a secret known to two people can only be kept for a while. Yes, that's an immense difference. Old Hell's Angels saying, 3 people can keep a secret if two of them are dead. Not a very sophisticated bunch but.. Often attributed to Benjamin Franklin. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Machines should not be friendly. Machines should be obedient. signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Automatic e-mail encryption
On Sat, Jul 19, 2014 at 02:26:44PM +0200, Peter Lebbing wrote: By the way: if we had a working alternative to SSL/TLS, all the mail servers could talk to eachother securely without eavesdropping. That way Please remind me why we need an alternative to TLS. the contents of e-mails is only exposed on the sending SMTP server and the receiving SMTP and mailbox servers (f.e., IMAP). The mailbox server I treat hop-by-hop encryption, not as an alternative to end-to-end, but as defense in depth. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Machines should not be friendly. Machines should be obedient. signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Key distribution via NFC
First thought: wow, someone came up with an NFC application that I would actually accept as not obviously horrible security. Second thought: you could just keep your public key in a saved TXT and just send it to the other's phone that way. Even my unsmart phone with the 4.5cm screen can do that. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Machines should not be friendly. Machines should be obedient. signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: mascot_p
On Wed, Jun 18, 2014 at 01:56:45PM +0100, Brad Rogers wrote: On Wed, 18 Jun 2014 08:45:26 -0400 Mark H. Wood mw...@iupui.edu wrote: What sort of mascot would combine the two aspects? Racoon? Easily recognised so an allusion to identity there. Their face has a 'mask', alluding to privacy. Yes, but that's the opposite of what I meant. A digital signature does not hide one's identity, but asserts it rather loudly and (we hope) provably. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Machines should not be friendly. Machines should be obedient. signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: mascot_p
Assuming that there *should * be a mascot, the discussion seems to concentrate on the secrecy aspect of GnuPG. But what about the other aspect -- assertion of identity? Does that spark any ideas? What sort of mascot would combine the two aspects? -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Machines should not be friendly. Machines should be obedient. signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: mascot_p
On Tue, Jun 17, 2014 at 12:04:20PM +0200, Neal H. Walfield wrote: At Tue, 17 Jun 2014 11:36:11 +0200, Werner Koch wrote: the guy I am working with on a new website, recently asked why we do not have a mascot like many other projects. What's your opinion on that? We have one, but it's a secret. :-) How about an Octopus? As I understand it, they like to try and open locks. Alas, the octopus is already associated with GitHub: https://octodex.github.com/original/ -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Machines should not be friendly. Machines should be obedient. signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Docs central, with 'Email Self-Defence'
On Tue, Jun 10, 2014 at 01:56:34AM +0200, Hauke Laging wrote: Am So 08.06.2014, 20:59:41 schrieb Peter Lebbing: [snip] I recommend that all qualified people do the same when encountering bad articles. The problem lies in qualified. I think the authors of the bad advice consider themselves qualified, for instance. Otherwise why are they giving advice. I understand the guess but that is at least not my experience. If I tell authors about their mistakes they are usually happy that I help them improve their article. Maybe the main reason for writing is not feeling qualified but the wish to help. Or they feel there are people even less qualified than they themselves and write for those but do not believe that they are close to the upper end of knowledge. Maybe the reaction depends on how they assess the knowledge of the one who tries to correct them. The from address of those of my emails may help there. ;-) From time to time I will try to explain something, convinced that I am *not* the best choice to explain it, in the hope that someone more knowledgable will correct my errors. I figure that, if I trot out my limited knowledge, I may help someone to understand just a bit, and I too may learn something in the process. I suggest: Just give it a try. That is my suggestion as well. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Machines should not be friendly. Machines should be obedient. signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Why create offline main key without encryption capabilities
On Mon, Jun 02, 2014 at 11:40:25AM -0700, Robert J. Hansen wrote: Am also not familiar with any legal tests or precedents, but the following could hypothetically just as easily be argued: The government wants you to do X; you're apparently not complying; you're now before the judge who has to decide whether the government has the power to make you do X. The judge doesn't care about the third way you're proposing: the judge is only concerned with whether the government has the legal power to make you do X. That's it. Nothing else. If you want to negotiate with the government then you can do that outside the courtroom. Within it, all you are allowed to do is argue your case (the government does not have the authority to make me do X). So, anyone who wants to offer to recover session keys rather than hand over more-general keys should work on that *now*, when you can perhaps get it into the law and common practice, rather than later, when you cannot get it into court. Right now might be a good time to be heard on questions of narrowing the scope of search w.r.t. electronic communication. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Machines should not be friendly. Machines should be obedient. signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG's vulnerability to brute force [WAS: Re: GPG's vulnerability to quantum cryptography]
On Wed, May 14, 2014 at 07:31:26PM -0400, Robert J. Hansen wrote: On 5/14/2014 6:11 PM, Leo Gaspard wrote: [snip] * You state it is a lower bound on the energy consumed/generated by bruteforcing. Having a closer look at the Wikipedia page, I just found this sentence: If no information is erased, computation may in principle be achieved which is thermodynamically reversible, and require no release of heat. Yeah, adiabatic computing. Give me a call as soon as we have an adiabatic computer: I'll be deeply fascinated. Right now that's even more theoretical than quantum computing -- we've actually observed quantum computation in the lab on a small scale, while adiabatic computing is so far a complete no-go, AFAIK. (Then again, it's been a few years since I've dived into the literature on it -- if you can find a paper demonstrating real-world adiabatic, energy- and entropy-free computing, I will be deeply fascinated. I wasn't kidding about that.) information on each flipped bit. Actually, IIUC, flipping a bit is a reversible operation, and so the landauer principle does not apply. Look! A bit of information: ___ That's what it was before. Of course, it's now carrying the value '1'. So, tell me: you say bit flips are reversible, so what was the value before it was 1? I promise, I generated these two bits with a fair coin (heads = 0, tails = 1). Reversible means we can recover previous state without guessing. Current computing systems are not reversible. I notice that the Wikipedia article refers here to thermodynamically reversible which is perhaps not the same thing as computationally reversible. So I looked up thermodynamically reversible and found http://www.brighthubengineering.com/thermodynamics/4616-what-are-reversible-and-irreversible-processes/ which gives the interesting summary: thermodynamically reversible processes are theoretical and don't occur in the real world. These seem to live in the same realm with 100% frictionless surfaces and insulation with infinite R-factor. That article seems confused as to whether a reversible process must be infinitely slow or infinitely fast, but Wikipedia says the former: http://en.wikipedia.org/wiki/Reversible_process_%28thermodynamics%29 But I'm way, way out of my depth here so I'll shut up. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Machines should not be friendly. Machines should be obedient. signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Access to www.gnupg.org only via TLS
So perhaps the problem is that the gratis certificate provision business model only works when life is good; when bad things happen, this imposes costs which require choosing between customer dissatisfaction and stockholder dissatisfaction. I think I would rather pay a reasonable amount up front for a certificate *and the services necessary to maintain it*. As someone pointed out, this is a predictable and avoidable cost. I do think that a CA should not charge for revocation, but that implies that I should have already paid for possible needs to which I'm committing myself. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Machines should not be friendly. Machines should be obedient. signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: hash email addresses / directory privacy enhancement
On Tue, Apr 29, 2014 at 06:46:30PM +0100, MFPA wrote: On Tuesday 29 April 2014 at 3:23:10 PM, in mid:20140429142310.ge14...@iupui.edu, Mark H. Wood wrote: Eh, I consider the possibility of address harvesting an opportunity for a bit of sport. I enjoy occasionally crafting a new regular expression to make maildrop automatically toss a new strain of UCE. Does toss in this context mean send, delete, or reject? Sorry, delete. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Machines should not be friendly. Machines should be obedient. signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: hash email addresses / directory privacy enhancement
Eh, I consider the possibility of address harvesting an opportunity for a bit of sport. I enjoy occasionally crafting a new regular expression to make maildrop automatically toss a new strain of UCE. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Machines should not be friendly. Machines should be obedient. signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: UI terminology for calculated validities
German and English have been closely related for many centuries. But I've been trying to make sense of the terms using the *other* half of English, since so many of these words seem to have Latin roots. Valid: having value; acceptable for certain transactions. A bank draft is valid if it identifies an actual bank, identifies an actual account at that bank, is signed in the appropriate place by an appropriate person, is not too old, and has other correct corroborating information. Verified: tested and found truthful. A bank draft is verified if you ask the purported issuer and he agrees that he issued it, or trusted records show that he did, for that account and in that amount and to that payee. Authentic: properly associated with the entity which it claims; genuine. A bank draft is authentic if it was issued by the person named in the signature and other marks. It is typically authenticated by comparing the signature sample on the draft to a trusted signature sample, either already on file or executed by the named person in the presence of the authenticator. (Apparently Latin borrowed this one from Greek.) Is that of any help at all? -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Machines should not be friendly. Machines should be obedient. signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: UI terminology for calculated validities
What about abandoning terms of art and just saying things more simply: This message was signed by key . You have indicated that you trust that key. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Machines should not be friendly. Machines should be obedient. signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: signatures for other people's emails
I also thought it would be preferable just to pass the message through the person whose prestige would, if lent, get you a reading. The problem with having the message come from an unknown is that it is coming from an unknown. If the message is not opened, it doesn't matter whose signatures are on it, because they will not be seen. So, I don't think that multiple signatures addresses the original problem at all. However, there are uses for documents which must bear multiple signatures from *known* individuals or roles, and being able to present all of those signatures as a set, rather than having them scattered through layers of MIME frosting, would be valuable to some. OTOH some types of multiple signature may require signature over signature: a signed document contained in another signed document, so that the outer signature attests that at the time it was made, the inner document bore a specific signature. It may be possible to compress the structure if there were defined signature types for these uses, so that one knows (for example) to include all of the foregoing signatures in the text to be validated. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Machines should not be friendly. Machines should be obedient. signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: It's 2014. Are we there yet?
On Wed, Apr 09, 2014 at 12:39:44PM -0400, Kapil Aggarwal wrote: Let's list a few arguments: [snip] - WTF is a key pair/public key/private key/insert more arcane terminology. - J This IS a big problem. I may get it, you may get it, how does the average Joe user gain that understanding? The nomenclature needs to be, well, something that the average Joe user can understand as well. They understood SSL (well, for the most part). I think this one is easy. The key pair is a mathematical analog of the old spy trick (I'm sure it's in the movies somewhere) of tearing a playing card in two, giving one piece to each of two people who do not know each other but must be able to recognize one another. No two cards tear *exactly* the same way. And the math does this *much* better. I thought that the tradition of the mizpah coin would serve as well, but I haven't found a good explanation, just advertising and Biblical backgrounders. As I recall, someone thought to break a soft metal coin in two, so that the jagged edges would symbolize a unique relationship, and somehow related it back to the story of the cairn of stones that symbolized an agreement with God as witness. Nowadays they mint the things in two pieces, very stylized, and you buy them already separated. So maybe this is not so useful here. Anyway, the point is the same: a random process produces a unique boundary between two complementary pieces, which the holders can use to identify each other. A computer does it with mathematics that you don't have to fully understand, so long as you trust someone who does. If you need to see it in the physical world, just tear a piece of paper, or break a cookie in two, and contemplate the result. There are other things you can do with the jagged edges (so to speak) of these keys, to scramble and unscramble a message, because the two pieces are related, in a way too complex to easily guess if you don't have one of them. Go ahead: pick up a pencil and paper, and try to predict the EXACT shape of the torn edges of a card without seeing it. One thing you must understand is that the keys are related *mathematically*, not physically. *Unlike* the card, knowing one shape does not automatically give you the other. This is useful: it means that you have a secret which you don't have to share to prove that you know it. After that, it's all just multiplying impossibly huge numbers. That's dumbed down considerably, but I think it gets the basic idea across simply. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Machines should not be friendly. Machines should be obedient. signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: making the X.509 infrastructure available for OpenPGP
On Wed, Feb 05, 2014 at 09:06:25PM +0100, Werner Koch wrote: On Wed, 5 Feb 2014 19:04, pe...@digitalbrains.com said: An X.509 certification obviously certifies that a certain X.509 certificate belongs to the person or role identified by the Distinguished Name. But seen a Almost all X.509 certification in public use certify only one of two things: - Someone has pushed a few bucks over to the CA. - Someone has convinced the CA to directly or indirectly issue a certificate. It varies. I've dealt with CAs who wanted a DUNS number and would call the corporate security officer at a published number to find out whether I am authorized to request certificates. In other words, these CAs actually do some investigation of the claims in the CSR. That's likely one reason why their certificaties cost $200/yr. I'd trust these cert.s for everyday uses (only because my everyday risk is small). I'm aware that others require as little as responding to email at the proffered address, and clearance of a small payment. I repose very little trust in such cert.s. They're mainly useful for initializing a privacy mechanism, and don't say much that I'd believe about the identity of the other party. They're useful if that's all you want, and most small e-commerce sites don't need more, possibly because most people are unaware that there could be more and haven't thought deeply about why they might want more. So: what would one want from X.509 certificates used to initialize an OpenPGP session? What would it take to get that? -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Machines should not be friendly. Machines should be obedient. signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: making the X.509 infrastructure available for OpenPGP
On Wed, Feb 05, 2014 at 10:30:38PM +0100, Peter Lebbing wrote: By the way, I still think the CA certifies that the certificate belongs to the person or role identified by the DN. The problem is that when someone vouches for the truth of something, that doesn't make it an actual fact. It sometimes means the certifier is simply sloppy or a liar. Certification is a statement, not truth. I think that the CA certifies whatever its Certification Practice Statement says it certifies -- because that is a document you could present to a court as evidence. Commercial CAs typically are audited periodically to determine that their operations conform to their CPS. The problem is that a CPS can say *anything*. Without reading it, you have no way of knowing what you should expect that CA's certificates to mean. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Machines should not be friendly. Machines should be obedient. signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: making the X.509 infrastructure available for OpenPGP
On Tue, Feb 04, 2014 at 04:55:56AM +0100, Hauke Laging wrote: [snip] Now my point: Keys can be converted from one format to the other. The fingerprint changes but obviously the keygrip doesn't. I believe it would make a lot of sense to create a connection between gpg and gpgsm and point gpgsm to the OS's and / or browser's root certificate pool. Then a CA could offer its certificate in OpenPGP format (even conforming to some new standard which makes it easier to detect this special kind of certificate e.g. by using a comment or signature notation pointing to the related X.509 certificate), and GnuPG could easily realize that it is the same key. This would relieve the user from the hard decision whether a certificate is valid (the CAs OpenPGP certificate in this case). The user would just have to decide (like with any other OpenPGP certificate) whether he wants to trust this CA (and how much). By doing so the pre-installed CA pool would become valuable for OpenPGP, too, and it would make sense for the CAs to offer certifications for OpenPGP certificates, too. Assuming you trust those CAs. All of them. Having said that, you might look at how OpenSSH has included X.509 certificates in its operation. There is precedent for something like what you suggest. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Machines should not be friendly. Machines should be obedient. signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: cryptanalysis question: Does knowing some of the content of the message make the full message vulnerable to decryption?
On Thu, Jan 30, 2014 at 11:48:13PM -0800, Paul R. Ramer wrote: [snip] Just know that no one is going to attack to the cipher itself to get to your messages. There are much easier methods such as installing a key logger. Why beat the door down if you can open the window? Well...that depends on the value of the information, the assets of the adversary, and the cost of failure. Passively capturing and analyzing your traffic from 1000km away offers little hope but also little risk. Active measures like remotely installing a software keylogger can be detected and resisted or undone. Active measures like installing a hardware keylogger can get the adversary shot dead in the act, or result in exposure that would be far more costly to his employers than the failure of his individual mission. I would likely agree that nobody is going to attack the cipher to get *my* secrets. Most people haven't got anything worth that much time and effort. The greatest expectation of reward probably lies in waiting for me to make a misteak. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Machines should not be friendly. Machines should be obedient. signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG launches crowdfunding campaign
On Thu, Dec 19, 2013 at 06:38:30PM +0100, Julian H. Stacey wrote: Johannes Zarl wrote: Hi, Maybe my English is a little rusty, but what exactly is a spanking server? Presumably a contraction from brand spanking new a phrase normal common in England when I grew up there. This is also common in USA, and seems to refer to the tradition of giving a just-born infant a swat on the rump to encourage the beginning of breathing (because the baby needs air to yell at you). At any rate, it means as new as can be; freshly arrived, unpacked or installed. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Machines should not be friendly. Machines should be obedient. signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Any future for the Crypto Stick?
On Mon, Dec 02, 2013 at 07:33:22PM +0100, Peter Lebbing wrote: [snip] Since smartcards are primarily used for security purposes, I wouldn't be surprised if it responded specially to a message signed by the NSA (or encrypted with a symmetric cipher with a specific key known to the NSA). I wonder how feasible that really is. The system surrounding the card is not under control of the card's manufacturer or anyone who might have corrupted him. All it takes is one knowledgable person watching the data stream for interesting anomalies, and you have given the game away. The cost, as we've recently seen, could be considerable. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Machines should not be friendly. Machines should be obedient. signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpgsm and expired certificates
On Thu, Nov 07, 2013 at 12:16:36PM +0100, Uwe Brauer wrote: MFPA == MFPA expires2...@ymail.com writes: [snip] However thunderbird refuses to use yoru public key claiming it cannot be trusted. I just searched and found [1] about Thunderbird, which says you can import a copy of other people's self-signed S/MIME certificate from a .cer file into your Authorities tab. So much for being easier because keys are automatically embedded in the signatures. Well I was referring to the following 10 years old bug https://bugzilla.mozilla.org/show_bug.cgi?id=209182 I have the feeling this is a design decision by philosophy: thunderbird/semonkey don't encourage the use of self-signed certificates (BTW I just learn that there is a add-on, key-manager which generates self-signed certificates, similar as it seems to me to the BAT. This bug seems to cry out for an add-on. Then people who (think they) know what they are doing can have the additional convenience, and the rest can do whatever it is they do now. I would guess there is resistance to putting this into the base product on the theory that 99.9% of users will just hit yes, meaning get rid of this unintelligible dialog and let me read the message, which is arguably a Bad Thing. Since we're getting offtopic anyway, I'll continue and opine that this add-on would only be doing for self-signed cert.s and other unknown CAs the same thing that the user *should* have done with those commercial root cert.s: evaluate and install them individually. (Of course hardly any of us have done this.) -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Machines should not be friendly. Machines should be obedient. smime.p7s Description: S/MIME cryptographic signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: The symmetric ciphers
On Wed, Oct 30, 2013 at 06:19:27PM +0100, Philipp Klaus Krause wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am 10.09.2013 15:30, schrieb Robert J. Hansen: On 9/10/2013 6:35 AM, Philipp Klaus Krause wrote: I wonder if it would be a good idea to have an option to combine symmetric ciphers, e.g. users could state a preference list like this: No. This idea gets floated every few years and the answers never change. It's not a good idea. If you look in the list archives you can find some pretty long, detailed writeups on why. I just tried googling a bit, but the only posts I found are those that assume that the effort to break A+B would be a+b. I did not find the detailed writeups you mentoned, or even anything else about the assumption that breaking A+B takes at least effort max(a,b). I often worry about the assumption that there are no unfortunate interactions between the structures of A and B such that the effort to break A+B min(a,b). Consider a composition of *three* ciphers: A := ROT13 B := ROT10 C := ROT3 Each different from the others, though similar in operation. But (when the symbol set is the Roman alphabet) A(B(C(x))) = x. Composing these three ciphers produces a cipher worse than any of its components. Any order of composition will do the same. Compose any two of them and the result is no stronger than any single one. Obviously this should not be assumed to hold true for all possible functions, but it provides a counterexample: composing ciphers does not necessarily produce a stronger cipher. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Machines should not be friendly. Machines should be obedient. signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: The symmetric ciphers
Having not read far enough down the thread, Mark H. Wood wishes to recall a completely redundant message: Consider a composition of *three* ciphers: A := ROT13 B := ROT10 C := ROT3 -- Mark H. Wood, hasty poster mw...@iupui.edu Machines should not be friendly. Machines should be obedient. signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: The symmetric ciphers
On Wed, Oct 30, 2013 at 11:33:18PM +0100, Philipp Klaus Krause wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Is there a known good way to combine multiple symmetric ciphers into something that is at least as strong as the weakest of them? I sincerely doubt that there is, in the general case. That's the point: you have to analyze each combination as if it were a new, untried cipher. It seems useless to ask whether one can benefit from composing multiple unspecified symmetric ciphers; much more useful to ask whether e.g. AES+BLOWFISH is at least as strong as, or stronger than, either AES or BLOWFISH alone. Then ask the same question for each composition you think promising. You will wind up doing quite a LOT of math. You could probably get a book out of it, if you do a thorough job. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Machines should not be friendly. Machines should be obedient. signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: trust your corporation for keyowner identification?
On Wed, Oct 16, 2013 at 08:04:39AM -0400, Brian J. Murrell wrote: If you worked in a corporate environment, would you trust the HR department there to have verified the identity of employees well enough to leverage that into signing a GPG key? Not without investigating their procedures. Let's say such an environment had an messaging system where employees had to authenticate with their corporate IT credentials in order to use the system. Would that, and the assertion by HR/IT that a message that I get from Bob really did come from the employee HR verified as Bob (i.e. when they hired him) be enough for you trust the key you get from Bob enough to sign it that it really is really Bob's? I guess what I am describing is a virtual key signing party where the verification of IDs is being done by the corporation instead of the individuals. Then let the corporation (i.e. HR) do the signing and you decide whether to trust HR's signatures. Really this should be designed into the corporation rather than pasted on. The chief security officer should somehow determine what would be satisfactory procedures for verifying identity for the purpose of issuing such signatures and get it accepted as a requirement for HR. Probably this will be designed in consultation with HR so that it will actually be implemented properly and not be a constant source of pushback. The meaning of such signatures should be documented and published internally, so that relying parties know what they are getting and can decide for what and how far they are willing to rely on them. Part of the determination should be the purpose and scope of such signatures. One factor in the steady drizzle of corporate security failures is the notion that one can buy a box of security off the shelf and thereafter be secure, without thinking about what one is doing. It seems to me that designing secure processes for your specific needs should work better and be cheaper in the end. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Machines should not be friendly. Machines should be obedient. signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Where is ECC in gpg2 (specifically gnupg-2.0.21
On Fri, Sep 13, 2013 at 08:17:11PM -0400, Robert J. Hansen wrote: On 9/13/2013 6:20 PM, Werner Koch wrote: No, I am not aware of any discussions. QC resistant algorithms are not yet something we need to rush for. Although it hasn't hit the IETF WG mailing list, I know that some list participants have had intermittent off-list conversations about lattice cryptography and other QC-resistant crypto. I wouldn't say that it's a subject of active discussion within the WG, but some individual WG members are definitely keeping an eye on it. And let me give a big d'accord! to Werner's we don't need to rush. On the one hand, we don't need to rush. On the other, it is good to see that people are thinking ahead, because I don't want to see matters come to a state in which we *do* need to rush. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Machines should not be friendly. Machines should be obedient. signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Can I create domain keys?
On Wed, Aug 14, 2013 at 12:17:36PM +0200, Jan Eden wrote: On Wed, Aug 14, 2013 at 10:06:59AM +, Henry Hertz Hobbit wrote: On 08/14/2013 08:33 AM, Johan Wevers wrote: On 14-08-2013 5:36, Foo Bar wrote: I would like to create a domain key, which can be used for all emails in a particular domain. For example, if the key is for *@example.com, then sending to both f...@example.com and b...@example.com would use this key. Is this possible with GPG? You can use each key for each mail, your sender address doesn't have to be the address in the key. I am not saying you are wrong because I don't know. But it does seem dangerous from a real world practical point of view. Should I really be able to send a message pretending to come from herrprofes...@monsters.edu when I am really just a visitor to the University being awarded an Honery degree? Part of that was being given a hhhob...@monsters.edu email account since all people granted a Ph.D. are also given an email account that they can use until they are dead unless they ask that it be closed down. I can always create a key for herrprofes...@monsters.edu and send messages from this address signed with the key. But if I do not control the domain (or at least a mailbox associated with the address), I will never receive replies to my forged messages. I see I am insufficiently devious. I was assuming that the message was signed with hhhobbit's key, not a forged key. Now there are two possibilities. If Herr Professor has no PGP key or has never used it, then the signature has no reputation and should be verified out-of-band. Otherwise, there are now two keys asserting that address and not linked by cross-signatures. Suspicious, verify out-of-band. It seems unduly risky. Traditional methods of forgery try to bury one identity under another, but forging PK certificates *asserts* a new identity. It feels to me like making too much noise -- it attracts attention just when and where the forger wants to *deflect* attention. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Machines should not be friendly. Machines should be obedient. signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Can I create domain keys?
On Wed, Aug 14, 2013 at 10:06:59AM +, Henry Hertz Hobbit wrote: On 08/14/2013 08:33 AM, Johan Wevers wrote: On 14-08-2013 5:36, Foo Bar wrote: I would like to create a domain key, which can be used for all emails in a particular domain. For example, if the key is for *@example.com, then sending to both f...@example.com and b...@example.com would use this key. Is this possible with GPG? You can use each key for each mail, your sender address doesn't have to be the address in the key. I am not saying you are wrong because I don't know. But it does seem dangerous from a real world practical point of view. Should I really be able to send a message pretending to come from herrprofes...@monsters.edu when I am really just a visitor to the University being awarded an Honery degree? Part of that was being given a hhhob...@monsters.edu email account since all people granted a Ph.D. are also given an email account that they can use until they are dead unless they ask that it be closed down. How could you successfully pretend to be herrprofessor when your signature (the only mechanically verifiable attribute of the message) says hhhobbit? The signature doesn't say anything about what the message means or from where it was sent, only that someone controlling a given key bound the text to himself. Like those political ad.s ending with I'm John Q. Candidate and I approved this message, we don't learn anything about the truth of the message, only that someone recognizable is willing to stake his reputation on getting us to believe it. I would interpret the signature as an explicit denial that the sender was someone other than the holder of that key. Now, if I knew that herrprofessor and hhhobbit are the same person, then I wouldn't think it very strange to see the two identities mingled. It would depend on how I have known him to use his identities. But if they are the same person, then what harm? I try to keep my personal and professional identities distinct, but some people don't. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Machines should not be friendly. Machines should be obedient. signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Why trust any software?
On Mon, Aug 05, 2013 at 12:31:13PM +0200, kardan wrote: [snip] Also many linux users look strange at me if I say I do compile parts of my debian system. Heh, but then Gentoo Linux users will look at you strangely if you say that you *don't* compile parts of your system. :-) Fri, 26 Jul 2013 09:22:32 -0400 Mark H. Wood mw...@iupui.edu wrote: Well, Windows users who aren't programmers, who switch to e.g. Linux, will then be Linux users who aren't programmers, so this alone changes little for the individual. He is still dependent on others in the community. That is quite alright -- an important part of PKC is for people to find out for themselves who is reliable and form open-eyed trust relationships. Can you please explain what you mean by PKC in this context? Sorry -- public key cryptography. Do you know of signing mechanisms for developers to A have special keys for signing code changes B sign each others keys to approve they are knowledged enough to understand and check the code reliably. C sign a piece of software/patch/commit with it I don't see how this is different from a community building trust relationships for email. ? Also it is interesting to differ between source and binaries - tracking source changes and builds separatedly or even confirm a trust chain with a combination of both. I suppose that you could rig a compiler to compute signatures over the sources it reads and incorporate these signatures into the binary. Likewise the linker. The whole toolchain would have to be carefully considered and modified to suit. I haven't heard of anyone doing that. (Someone will now point out that we would be reposing even more trust in the toolchain, making its verification more important. Yes.) -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Machines should not be friendly. Machines should be obedient. signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Why trust gpg4win?
On Fri, Jul 26, 2013 at 12:14:08AM +0200, Julian H. Stacey wrote: Hi, Reference: From: atair atai...@googlemail.com Date: Thu, 25 Jul 2013 21:17:43 + atair wrote: ... Therefore, changes that look like back doors are VERY unlikely to find their way in a release, because hundreds of people are looking how the software evolves and will reject such a patch. ... Yes, malign code would have to hide in plain view in source ( most likely evil patches wouldn't get past the view of the people commiting the `improvement' to the source repository ;-). However you missed the point that many MS users are not programmers, will not be compiling their own binaries, so any malign entity could regularly hack their nasty extras in, compile issue binaries that dont match published source (sure that would breach licence, but irrelevant to an evil doer), those without access to exactly the same set of compiler tools would not easily knowof embedded evil extra mods. But it takes only one person who can and does do this inspection, to reveal the evil deed. And that person could be anywhere. He very likely won't be identified until he announces his presence by announcing his discovery of the attack. The solution of course is as you urged takethe...@gmx.de , to get a free operating system such as Linux or BSD, complete with free build tools compile your own (even non programmers can do that, eg on an OS downloaded from http://www.freebsd.org just type cd /usr/ports/security/gnupg ; make install ) However for some thats too much effort, for them greater risk, their choice. Well, Windows users who aren't programmers, who switch to e.g. Linux, will then be Linux users who aren't programmers, so this alone changes little for the individual. He is still dependent on others in the community. That is quite alright -- an important part of PKC is for people to find out for themselves who is reliable and form open-eyed trust relationships. If one wishes to be more self-sufficient, one must learn a great deal about work formerly left to others. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Machines should not be friendly. Machines should be obedient. signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Multiple email addresses - any alternative to ask everyone to sign all my keys?
On Wed, Jul 24, 2013 at 12:04:40AM +0200, Philipp Klaus Krause wrote: Am 23.07.2013 23:22, schrieb Max Parmer: Sounds like you might want an offline master key with a couple UIDs and several subkeys. But can I have multiple encryption subkeys, with encryption subkeys associated with UIDs? I one subkey per UID only works for signing. Also if I didn't trust a system enough to use any secret key on it I probably also would not want to expose decrypted messages to that system, presuming the messages you receive have sensitive/important information in them. Something to consider if you really have cause to not trust that computer might be setting up a dedicated, air-gapped system for encryption/decryption. I do not trust the computer at university with the secret key used to decrypt my private mail. I did set up that computer myself, but we have burglars breaking into the offices every few years, many people have keys to the office, etc. Still, I want to be able to read any encrypted mail sent to my unversity addresses on the computer at university. And I want to use encryption, since the mails might contain sensitive information, such as exams, grades, etc (and the mail servers are maintained by students). It's called compartmental design. No one compromise destroys all your security. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Machines should not be friendly. Machines should be obedient. signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Multiple email addresses - any alternative to ask everyone to sign all my keys?
On Wed, Jul 24, 2013 at 08:35:25AM +0200, Heinz Diehl wrote: On 24.07.2013, Philipp Klaus Krause wrote: I do not trust the computer at university with the secret key used to decrypt my private mail. [] Still, I want to be able to read any encrypted mail sent to my unversity addresses on the computer at university. And I want to use encryption, since the mails might contain sensitive information, such as exams, grades, etc (and the mail servers are maintained by students). You can't have security on a machine which is out of your control. If others have physical access to your machine at university, what you want isn't possible. They could simply install a keylogger or other monitoring. Absolute security isn't possible. Any machine you are not shackled to is sometimes out of your control. The best one can do is make the expectation of loss significantly more than the expectation of gain. Smart attackers will go elsewhere and stupid ones can be caught. Installing a keylogger represents a significant risk of detection. If they can do surreptitious monitoring, how do they know that I am not doing surreptitious monitoring? Remote log servers, firewall logs, 'tripwire', cheap cameras the size of an aspirin tablet -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Machines should not be friendly. Machines should be obedient. signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Multiple email addresses - any alternative to ask everyone to sign all my keys?
On Wed, Jul 24, 2013 at 11:33:18AM +0200, Philipp Klaus Krause wrote: I just want multiple security levels: Decrypt mail addressed to the university address, but not mail addressed to my private address on the university computer. Decrypt both types of mail on my private computer. After all the security I want works when using two separate keypairs (but that has the disadvantage of other people having to sign multiple keys). Um, wait...what does other people signing your keys have to do with you decrypting mail? Authentication and privacy are two different dimensions of communication security. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Machines should not be friendly. Machines should be obedient. signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Why OpenPGP is not wanted - stupid is in vogue right now
On Mon, Jun 10, 2013 at 12:40:07PM +0200, Johan Wevers wrote: On 10-06-2013 10:46, Henry Hertz Hobbit wrote: Nobody but me uses my signatures on the stuff I deliver. It isn't because my keys aren't part of the WOT. It is because for what ever reason they want to complain like mad about Prism but then go to Facebook and broadcast their personal lives to the entire world. Privacy has much more to do with encryption than with signing. On the contrary, when I sign a message it is much easier to prove, or at the very least make it probable, that I wrote it, thus reducing my privacy. Hmmm. I begin to think that privacy is another one of those words we should avoid because it is so vague. Encryption is about secrecy, which is a bit easier to define. I could argue that someone pretending to be me on email is an attack on my privacy and that signing my emails thus increases my privacy (if my correspondents accept my assertion that I don't send unsigned emails; if not, I might argue that it at worst doesn't change anything). Yes, let's get rid of privacy (the word). We can have secrecy, we can have verification of authorship, we can have several other properties I've forgotten just now, and they are all aspects of this misty thing called privacy. Privacy itself is a set of social conventions: there are aspects of my life which it is right and proper for me to control, and it is wrong and improper for others to attempt to control them, because my society generally agrees that this is so and my government is (generally) willing to enforce laws codifying these norms. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Machines should not be friendly. Machines should be obedient. signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Recommendations for handling (multiple) user IDs - personal and company ones
On Sun, Jun 09, 2013 at 11:52:32PM -0400, Robert J. Hansen wrote: On 6/9/2013 11:14 PM, Hauke Laging wrote: [snip] The reason that most people do not use crypto is the most trivial one: They don't think they need it. This is not supported by the studies. Many people who do not use crypto openly acknowledge that maybe they should, in a vague I really should eat more salads and less meat sense. However, they see the risks to themselves as diffuse and distant, and the consequences mild. If you're a political campaign worker and you send an unencrypted email of your contact list, and it gets intercepted by the other side, your screw-up has done enormous damage to your candidate... but you, yourself, will likely never face any real punishment for it. So, think I need it is a continuous variable. Many people think they need it, sort of, in a small way, but think they don't need it enough to pay the cost of learning to use it. Provided that potential user X understands his position, the threats to it, and his values w.r.t. those, he may be drawing a reasonable conclusion against which I would not argue. People don't need to encrypt their grocery lists, except in the sense that it's easier to always do something potentially useful than to make a decision each time. The CIA does not care that I send myself a reminder to get a book on software testing; this is noise, for their purpose, and they'd rather not handle it. Identity thieves do not care to know that I fed the dog this morning, though my wife does. Occasions when I find myself thinking, I'd better guard this information are exceedingly rare. But that points at the real cost of crypto: you have to think about it. There is no escape; you have to think deeply about slippery things like identity and trust and threat models, and then you have to apply your resulting policies a hundred times a day. Software can relieve large parts of the latter burden; it can do nothing about the former, which is the hardest part. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Machines should not be friendly. Machines should be obedient. signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Relevance of e-mail (was [OT] Why are you using the GPG / PGP keys?)
Ha, that reminds me, when I submit artifacts to Maven Central (a public code repository) I'm required to OpenPGP sign them. Maven has a very nice plugin which handles this automatically. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Machines should not be friendly. Machines should be obedient. signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [OT] Why are you using the GPG / PGP keys?
On Tue, May 28, 2013 at 09:18:57PM +, Henry Hertz Hobbit wrote: On 05/28/2013 04:17 PM, Forlasanto wrote: The fact remains that email is the house that Jack built. The wall plugs are upside down, the wiring is sketchy at best, the plumbing is crazy and doesn't function correctly, the house is half wood and half brick, and/Jack forgot to put locks on the doors./ The fact that younger generations don't see email as a viable system is telling. It's an opportunity for something /better /to take email's place. Hopefully something with built-in encryption, rather than encryption tacked on as an afterthought. Just my two cents. It is a pretty good two cents but you don't understand where the encryption is needed most. What needs to happen is that the aging SMTP protocol needs to be replaced by a SSMTP (Secure Simple Mail Transfer Protocol): http://securemecca.blogspot.com/2012/09/vote-against-spam.html The code is there. The problem is that so few use it. I always enable STARTTLS but I see a lot of rejections. I think that the problem that nobody wants to face is key management. Vetting potential trusted introducers is *hard* and you have to keep doing it periodically. Maintaining trust stores is hard and tedious. Most end users just don't do it. To a certain extent the problem is fundamentally intractable. Trust is a complicated beast and depends on individual values and judgments. Automation can help but can't take it over. But not only young people today, but a lot of people that used to use email no longer use it. Unless a way to get rid of the spam can be devised only a few stalwarts that MUST use email will use it. But I dumped Gnome 3 entirely after looking at I can't wait to see a serious legal or engineering discussion taking place over Twitter. No, on second thought I can Imagine if this thread were being carried on by us scribbling on each other's Facebook walls. *shudder* OpenSuSE 12.3 with Gnome as the last straw because I could only use Firefox and LibreOffice. This smart-phone GUI on a desktop shows that thinking is in short supply. But they just approved the iPhone and iPad for military use now. The world is changing but most of the changes aren't good. Wow, *real* military use? I want to see an iPhone after Raytheon has had a go at it. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Machines should not be friendly. Machines should be obedient. signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [OT] Why are you using the GPG / PGP keys?
On Sun, May 26, 2013 at 12:37:42PM -0400, Robert J. Hansen wrote: On 5/26/2013 11:12 AM, Hauke Laging wrote: E-Mail will still be there in ten years. In related news, you can still buy buggy whips: http://www.amazon.com/Abetta-Buggy-Whip-Black-66/dp/B002HIX7P8 Nobody is saying email will go away. I've only said that email is seen by the upcoming generation as an ancient technology that their parents use, that the upcoming generation does not use email as a preferred method of communication, and that this does not make me bullish on the long-term prospects of email. Will it still be around in ten years? Sure. But so will buggy whips. Hmm. Each upcoming generation declares many things to be ancient practice that their parents use, no longer relevant. A few years later they have found out why their parents use it and are using a lot of it themselves. It might be useful to look at the just-got-here generation to see what *they* use, now that they have so much more official business than they had in school a few years ago. It also might be interesting to break down interpersonal communication by categories and see whether different material is migrating to new media at different rates. Are tired jokes we've all seen a million times moving off of email to Twitter faster than detailed business or technical discussion, for example? Were we doing stuff by email five years ago which really didn't fit the email model very well, which stuff is today escaping to media better designed for it? Are newer channels swelling with content because nobody thought seriously of sharing *that* when email (or a phone call, or a paper letter) was the best available channel? I'm not even sure who would study such things. Anthropologists, I suppose. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Machines should not be friendly. Machines should be obedient. signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Relevance of e-mail (was [OT] Why are you using the GPG / PGP keys?)
OK. 1. Establish a pattern: none genuine without this signature. I understand it's not possible to prove that an unsigned message didn't come from me, but this couldn't hurt. 2. OTOH I *can* show that a signed message must have been made with knowledge of a specific key, which I assert that I control. When I do write something, I want my authorship to be believed. 3. Habit. The same reason I always automatically relock doors when I've entered: if I have a policy then I don't have to make judgments in most cases. (Yes, I *always* carry a house key.) Considering all the gooey rubbish I *don't* send to my correspondents, I hold that the small cost of a signature is entirely negligible. 4. Privacy. While I prefer to hand-deliver things like new passwords, I'm willing to send them in encrypted emails if someone insists. Or I might want to write to a family member something that's not super-secret but is nobody else's business. 5. Cool factor. *blush* 6. My signing habit is my tiny contribution toward a future in which any unsigned email is automatically suspect. This would make it feasible, for example, to set up a rule sending all mail with no or unknown signature to a UCE folder (or the bitbucket). I won't hold my breath while I wait, though. I should distinguish signing and encryption. I can count on my fingers the number of encrypted emails I've sent, but I assert that I sign all emails addressed to humans. (Some mailing-list robots are fragile and have trouble with signatures when directly addressed. Boo.) -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Machines should not be friendly. Machines should be obedient. signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: US banks that can send PGP/MIME e-mail
On Mon, Feb 25, 2013 at 05:10:01PM -0500, Anonymous wrote: [snip] In the states, the trend of banks offering proprietary apps for smartphones is snowballing. Banks what users to take their software so bad they're offering free miles and contests to get customers to take the bait. Such an app could embed an email client that does everything the advanced users would do, and hide everything possible. Such an app could even hide the email address, and hide the fact that email is used at all, if they wanted. Heh, exactly why I won't take those app.s. [snip] Security doesn't directly generate revenue -- at best it indirectly facilitates it, but that's difficult to quantify and plug into a spreadsheet. That means security gets viewed as an overhead expense: something to be minimized at all costs. The cost of securing their webserver and all the flashy shit that they compulsively upgrade on a regular basis cannot be cheap. A bank forward-thinking enough to cater to nerds with ssh for transactions and openpgp for statements would spend the least amount on security, and simultaneously achieve a more secure infrastructure than the other banks who try to keep up with the latest web animation tricks, and all the holes that this emerging junkware continues to open. I imagine that there is another class of security at work here which, at some point, is still cheaper: buy insurance and just pay off the affected customers when something occasionally goes wrong. I can't point to any evidence, but it would seem to be the way that businesspeople think about security. Remember, from their viewpoint, they are securing *their business*, not ours. [snip] OpenPGP users account for probably less than a thousandth of all computer users. 99.9% of all banking users have no real desire to see OpenPGP used for their statement delivery. The average American has ~14 bank/credit card accounts. I shit you not. So it's not just one account they must go pickup their statement from. You could not make a convincing claim that only 0.01% of Americans would appreciate their statements *delivered* automatically. Careful: would like their statements delivered automatically vs. have a desire to see OpenPGP used for statement delivery. Many customers cannot cope with the manual effort of downloading all their statements, so they simply don't. They see their balance and send a payment, and let the statements rot online, and ultimately get archived and cleaned off the server. That sounds like human nature, but I would be interested to see measurements if there are any. Others resort to giving all their bank usernames and passwords to a 3rd party whome they must trust, which downloads the statements for them, and then offers yet another pickup service (yes, these users must still login to a website, but at least it's 1 site and not 14). As above. We also have to consider the question of what the banks' lawyers will let them do, once they pick their jaws up off the floor. This is probably the origin of the closed, private email system locked away inside each bank's site. That is, perhaps, where one should work on acceptance of suitable encryption and signing. (Suitable including what will actually be used more or less correctly by a sufficient percentage of customers.) -- Mark H. Wood, Lead System Programmer mw...@iupui.edu There's an app for that: your browser pgp46KI_sS9xN.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Questions about OpenPGP best practices
On Mon, Feb 25, 2013 at 05:54:34PM -0500, Peter Loshin wrote: 3. On using a keyserver with HKPS support: when I attempt to connect (via Chrome) to https://sks-keyservers.net/, I get an error headlined The site's security certificate is not trusted!, stating the server presented a certificate issued by an entity that is not trusted by your computer's operating system. That service presents a self-signed certificate (I checked), which means that if you do not already have a copy of that cert. installed in your browser and marked trusted, then it cannot be verified. You would need to satisfy yourself that the certificate is genuine and the service trustworthy, and then install the certificate in your browser, in order to make the message go away. (Well, at least one would have to install the cert., whether one does any investigation or not. :-/ ) 4. When I try to use hkps://sks-keyservers.net with GnuPG at the command line, I get these messages: gpgkeys: HTTP post error 1: unsupported protocol gpg: keyserver internal error gpg: keyserver send failed: Keyserver error I have no idea about this one and I'm too lazy to go read the protocol documents. And when I try the same with the domain name only (sks-keyservers.net) I get these messages: : can't connect to `sks-keyservers.net': No route to host gpgkeys: HTTP post error 7: couldn't connect: No route to host gpg: keyserver internal error gpg: keyserver send failed: Keyserver error The site doesn't want unencrypted connections, and they way they enforce this is by returning no route to requests for connection to port 80. I would have used administratively prohibited, to give real users a clue, but they may be trying to be less visible to 'bots. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu There's an app for that: your browser pgpXOmZ7FS9Cy.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: US banks that can send PGP/MIME e-mail
Well, there is a way to find out whether it works. Those who care deeply about this should get together, raise some capital, and open NerdBank(tm) where they can do business their way, and see how it goes. There's plenty of room right now for people who want to reimagine the retail banking business, so long as they still keep depositors' money safe and deal it out as ordered. I'm actually more interested in the local bank as portal to certificate services. Actually going physically to the issuer and presenting, face-to-face, identifying documents that might actually be slightly difficult to steal or forge, is not something that most people can realistically do with the current crop of CAs. Long-distance relationships in the security realm make trust difficult, in both directions. None of this has a great deal to do with OpenPGP or GnuPG as such. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu There's an app for that: your browser pgpwLUbtzQ2b8.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Paperkey 1.3
On Mon, Jan 07, 2013 at 05:54:15PM +0100, Peter Lebbing wrote: On 07/01/13 16:39, Mark H. Wood wrote: I'd suggest assuming some periodic read-only use, since we *should* be testing our backups regularly to discover decay *before* it makes something irretrievable. I would assume the decay to make it irretrievable the moment you discover it. Hoping the bit flips in a non-vital piece of (meta)data seems like a risky backup strategy. [Hmmm, we are diverging a bit from Paperkey.] This is why backup formats typically have internal redundancy. (Printing the data as characters on paper adds a *lot* of redundancy.) Depending on the medium, you might include error-correcting codes that can recover from single-bit errors. If you catch it at that stage, you can copy it out and discard the failing medium. Some codes will also detect errors that can't be corrected, so that you know *now* to throw this medium away and make a new copy of your other backup. (You *do* have another backup?) If you wait, they may both turn out to be corrupt. Every backup medium decays. Long-term backups should be: o armored against bit-level decay; o tested regularly to detect degradation in progress; o replicated (and the replicas housed separately); o periodically refreshed or copied to new media. I realize that most of us don't do any of that which didn't come with the software, but we should. :-/ Of course, if an active device (like a flash stick) just stops working and starts smoking, nothing can be recovered from it. That's one of the reasons you keep two of them. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu There's an app for that: your browser pgp6zjqM1VidT.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Paperkey 1.3
On Fri, Jan 04, 2013 at 02:30:43PM -0500, David Shaw wrote: On Jan 4, 2013, at 9:27 AM, Johan Wevers joh...@vulcan.xs4all.nl wrote: On 04-01-2013 5:42, David Shaw wrote: Paperkey 1.3 is released. You might want to update the website, it reads a bit outdated. CD/DVD-ROMs are going the way of the floppy disc; flash memory is much more reliable than either. Future support of USB ports or memory card readers seems the biggest concern for me. That's a very good point. Do you know of any studies on the projected life of flash when used as backup? I've read anecdotal numbers as low as 5 years, and marketing claims are always huge (100 years!), but most of what I see is about the lifespan is when the flash is actively used (so running out of read/write cycles), rather than the on-the-shelf lifespan of already written data. I'd suggest assuming some periodic read-only use, since we *should* be testing our backups regularly to discover decay *before* it makes something irretrievable. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu There's an app for that: your browser pgpYsgIGEe4e6.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Is a document signed with hellosign legally binding?
I don't know, but I must say that I'm wary of dealing with unknown people who are collecting signature samples from all over Europe, offering a service which seems to accomplish very little and making disputed claims about its legal effect. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu There's an app for that: your browser pgpsy88REgYEZ.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: OT: USB key with hardware encryption?
Not to discount the value of media with built-in encryption hardware, but...maybe you should also try the same methods as secure couriers in the movies: attach the USB drive to a cord or chain clamped to your wrist, so that it can't leave you without your knowledge. You can probably adapt a simple, cheap lanyard made for carrying thumb drives. Losing control of your information is bad, but so is losing your work and your valuable equipment. Combining high- and low-tech measures seems appropriate. Of course there's also the lowest tech of all: designate a secure place (a buttoned-flapped or zipped pocket, for example, or even a money belt or a traveller's concealed document shoulder pouch) in which you will carry the medium, and write out a checklist to make certain that you've followed your procedure. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu There's an app for that: your browser pgpuQvvc18kSy.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: what is killing PKI?
On Wed, Oct 03, 2012 at 09:19:13PM +0200, Stan Tobias wrote: [snip] Do we really have evidence people can't encrypt? For me the johnny articles were not quite clear about it (they seemed to investigate a different aspect). I don't believe people are stupid. They can learn to use cryptography, just as they have learned many other things in their lives. I have anecdotal evidence that people *think* they can't. Just this week, my wife asked me how to change the passphrase on her PGP private key. Now, I would have expected this to be an easy, very visible operation, and been thunderstruck if I should find it were not, but whatever. So I followed her to the computer and just sat there making encouraging murmurs while she easily navigated Enigmail to the dialog and did it. If she had expected the software to be usable, she wouldn't have needed me at all, because it is. This isn't confined to crypto software. A great many people have acquired considerable skill with computers but little confidence therein. There seems to be a lingering expectation that you need a team of experts to handle the unfamiliar. Lots of people don't realize that the experts have been and gone, that the result of good engineering is that the engineer can go home and let you use the machine without his oversight. [snip] Can you imagine a responsible person exchanging sensitive information, while not being certain what he does is safe? Oh, yes. We have no choice. See any number of articles about thieves copying out tens of thousands of *plaintext* passwords from some e-tailer's systems, or boxes of *unencrypted* backup tapes lost. Those businesses still have customers. I think that one hope of the encrypt-by-default camp is that, when enough people see encryption as normal, these execrable blunders won't happen anymore. Another anecdotal data point: I am still flabbergasted to hear that people design their systems that way -- to me, it's just *not normal*. Or look at the dozen messages I get every day purporting to be from some bank or ISP, telling me that I must send them my password right away or Bad Things will happen. Someone must actually respond to these, or the bad guys wouldn't keep at it. Probably responsible people, but they don't know *how* to behave responsibly in this context. I wish our trading partners would crypto-sign all of their emails, so that it could be simple for people to spot scams, and those scams at least would lose value and disappear. It's a matter of personal integrity, it's not enough to tell a user click here and there, and you're fine; we have to first convince ourselves what we do is right. The upshot is that you cannot make cryptography easier for users, they will have to study and understand it themselves anyway. This much I agree with. But I wonder why they don't. We don't have to understand how locks are made, but we do have to understand how to use them. And the vast majority of Joe Average Citizens do. Billions of people have learned to use banks and checkbooks at least somewhat securely. I think one difference here is that one is taught from an early age and *expected* to learn their proper use. Another is that financial institutions are in the business (when they can remember it) of keeping things safe, and won't interact with you unless you follow procedures designed to promote that safety. Few find this unreasonable. Heh, of course I want people to make good practical use of crypto. Not doing so is costing me time and money. It's costing them, too, because I will dump my cart and walk away from an e-store if I think their processes are too loose -- and I won't be back. Ceteris paribus, I would choose a medical practice which has good secure and convenient IRM over one that doesn't, and I'm learning how to find that out. I will write and mail a paper check if I don't trust the look of your online payment system. I'm not a security expert, but somehow I realized that I need security in the virtual world as in the physical world and I had better understand how to get it. If more people would cross that bridge, I wouldn't have to work so hard, because more of the burden would be shared. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Who also thinks locks are interesting. I'm weird -- so what? pgphka6nfZwyW.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: what is killing PKI?
On Thu, Aug 30, 2012 at 02:12:50PM +0200, Stan Tobias wrote: MFPA expires2...@rocketmail.com wrote: What I should have added here, is that it's a symmetric relation, and people normally don't like to exclude others, as well. Avoiding others is not a trait of _usual_ _social_ behaviour, There are innumerable clubs that require membership in order to participate. This indicates that avoiding/excluding others *is* a well-established usual social behaviour. We don't have All People Haters' clubs. :-) This is why jokes about anti-social networks are so much fun. Well, I cannot explain how the whole society works. But I would like to add just a few points. Clubs can be divided into common interest (inclusive), and elitist (exclusive), or mix thereof. I would argue that this division cannot be done. Associations always include some and exclude others. The former ones (like ours, gnupg-users) accept anybody, but may need to defend themselves against trouble makers; ^ inclusive ^ ^ exclusive^ some may require membership, but anyone can have it if he sticks to ^ inclusive ^ ^ exclusive the rules. If someone from outside, or a member, starts attacking other ^ members, only then he's punished by exclusion. The NSDAP or the Ku Klux Klan were quite inclusive of anyone who believed that certain racial and ethnic groups should be excluded from society. The difference (aside from methods of exclusion!) lies in the nature of the discriminator function. In the latter case - I can't say too much, I haven't belonged to any, but I can imagine such a conversation: - Hello Fred, I'm so glad I'm here with you, you're so elite! - Oh, Barney, you always exaggerate, our club would be nothing without you! The point is you cannot be an elite alone, you need a little society of other elite persons around you, and you need to care for them; IOW you need to be social within an otherwise unsocial group. Indeed: all purely exclusive clubs' memberships are identical to the null set. :-) Last, but not least, I wouldn't call elitism a usual behaviour (like people normally behave in my village, or in yours), and definitely not social. On YT there used to be an interview with R. Feynman in which he tells how much he hated one elite students' club he once fell into. Excluding others is considered so anti-social, that it is plainly illegal in some countries to set up an openly men-only club, or women-only cafe (they'll fall into anti-discrimination laws). Certain elitisms are usual, accepted, and beneficial. I would not be at all surprised to find that I am barred from membership in the American College of Physicians and Surgeons, since I am not and never have been either a physician or a surgeon. I couldn't just walk into the NSA, take a seat, and ask for some interesting crypto work to do; there are qualities they would expect me to possess before I would be accepted, and I would think they were doing a poor job if they did not enforce those requirements. No, it's only anti-social to exclude people for particular kinds of reasons. If someone joined your chess club, but never played chess and always wanted to talk about nothing but soccer at the meetings, sooner or later someone would ask him to leave. Excluding someone because he doesn't share the interest or aims of the group is accepted; excluding someone because he doesn't share the race, ethnicity, gender, etc. is (widely, but not universally) unaccepted. Often it comes down to whether or not *anyone* could make himself acceptable to the discriminator function if he wished. Yes: function is acceptable; no: function is not acceptable. Within that there are degrees of acceptability depending on the cost of the changes that might be required, so requiring certain body piercings or religious affiliations makes us more uneasy than requiring that someone show a genuine interest in the topic of the group. This is not a perfect fit; the issue is quite complex. But I think it's a usable first approximation. To draw this back toward security and privacy through crypto: I think it's natural and usual to want to exclude some from our communications. I want to exclude thieves from the set of people having access to my banking credentials, for obvious reasons. I want to exclude just about everyone from my more intimate conversations with my wife -- we feel comfortable being vulnerable in the presence of those who love us, but uncomfortable showing that same vulnerability to others. In every society there are questions it would be highly improper for a stranger to ask, often for good reasons, and it is legitimate for us to employ appropriate tools to protect our propriety. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Asking whether markets are efficient is like asking whether people are smart
Re: what is killing PKI?
On Wed, Aug 29, 2012 at 03:14:50PM -0400, Landon Hurley wrote: [snip] I do have a question about where you talk about backups though. How does PKI prevent back up loss? If I can prove that I possess my password without ever disclosing that password to my correspondent, he never has my password and can't have it lost or stolen. Three can keep a secret, if two of them are dead. It doesn't prevent backup loss; it eliminates the cost to me should some vendor's backups go astray. No one can learn my secrets from people who never had them. I only have to disclose my public key, which is not secret, to my correspondents; my private key never leaves my equipment unless someone penetrates *my* system or steals *my* backups. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Asking whether markets are efficient is like asking whether people are smart. pgpTR4FFzpmy7.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: what is killing PKI?
On Thu, Aug 30, 2012 at 10:33:32AM -0400, Mark H. Wood wrote: On Wed, Aug 29, 2012 at 03:14:50PM -0400, Landon Hurley wrote: [snip] I do have a question about where you talk about backups though. How does PKI prevent back up loss? If I can prove that I possess my password without ever disclosing that password to my correspondent, he never has my password and can't have it lost or stolen. Three can keep a secret, if two of them are dead. It doesn't prevent backup loss; it eliminates the cost to me should some vendor's backups go astray. No one can learn my secrets from people who never had them. I only have to disclose my public key, which is not secret, to my correspondents; my private key never leaves my equipment unless someone penetrates *my* system or steals *my* backups. More to the point: my passphrase never leaves my equipment and isn't recorded anywhere outside my brain. You can only get it by getting inside my computer. That's not perfect but I like it a lot better than the current setup. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Asking whether markets are efficient is like asking whether people are smart. pgpSYdkadv9Pv.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: what is killing PKI?
On Wed, Aug 29, 2012 at 12:00:22AM -0400, Landon Hurley wrote: [snip] The barrier is solely cultural, not technical. Enigmail, Thunderbird and gpg4win are trivial to set up. The first time I did it, it was on the phone, talking someone through it. So we either need to invent some sort of massive threat perception to unite everyone to adopt PKI, or just continue to push it as a grass roots movement. Or if some kind person would like to introduce a viable third option, I think a decent portion of humanity would owe him/her a debt. On the other hand, I'm advocating a rather heavy handed, Platonian, do it for people's own good even if they don't like it/decide they need it, so I'm sure at least some, or even most, will disagree as well. I will add my confession to the pile of selfish reasons to want to have PKI become widespread. I'm not sure that the average person's current mode of living really exposes him to a threat big enough to take seriously. Rather than a threat of actual loss, I feel that we face an opportunity cost: there are things we could do differently, arguably better, if we could do them securely via electronic media. We simply wouldn't think of discussing possibly embarassing personal matters with our doctors by email, even if the doctors would agree to, so we don't ask. We still carry around hand-scrawled prescriptions, or cross our fingers and hope that the doctor's FAX calls to the pharmacy are really secure, when we could (given the infrastructure) get a (long!) number that can be verified as coming from the doctor, verified to still say what he said, and unlocked only with our personal smart card and PIN. (Also it would have to be typewritten, so it wouldn't be so hard to interpret. :-) We could do e-commerce without worrying about our trading partners' losing a truckload of backup tapes or being massively compromised from afar, because we would never give them any secrets worth stealing. We could manage a handful of certificate passwords instead of a thousand website passwords. We could probably do a lot of other stuff that I haven't thought of because, in our present nearly-naked condition, it's unthinkable. Individuals wouldn't be the only beneficiaries. The first bank in town to offer free or discounted certificates *and* more-secure e-banking would have a competitive advantage. The first e-tailer to offer security the others can't touch should win the business of consumers who are worried by all the 'hackers' capture 200,000 passwords stories in the papers. The doctor or lawyer who adopts a pervasive records security plan (of which customer communications would be but a part) should be able to negotiate lower insurance premiums. It seems to me that people are leaving money on the table all over. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Asking whether markets are efficient is like asking whether people are smart. pgpCWucmGSdXw.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: what is killing PKI?
On Sun, Aug 26, 2012 at 11:37:01PM +0200, Stan Tobias wrote: [snip] What I mean to say above, is that weapons are anti-social, they don't build trust; and there are better means, other than guns, to maintain peace. Encryption is a weapon. I believe there are many valid reasons to use it, especially to protect other people. It might buy you some safety for a period of time, but it won't bring you Freedom. You don't get more Privacy by encrypting your messages. If you _have to_ encrypt, you're on the losing side. I was following along, nodding in general agreement, right up to there. I feel that a weapon, or encryption, is a tool. Tools per se have no social context; it is our actions, with or without tools, which attach social context. Using a weapon (whether it is a firearm, a pillow, or a hunk of software) in a way not generally accepted is antisocial. (Aside: if you believe that lots of the people outside your home are armed, and you go out anyway, that shows a lot of trust. Almost anyone could kill you, but they don't. There's an agreement that weapons be used only in certain contexts: see how riled up people get when someone violates such an agreement. The trust doesn't come from the weapons; it is generated by the behavior of those who bear them, and the penalties for violation of such trust are severe.) I use encryption to enforce the privacy I already (should) have. So, yes, it's a weapon. There are people who don't respect my privacy, and if I don't defend it they may take it away. Even if someone penetrates my encryption, if I can show that he did so I may be able to win a case against him in court, so it's (potentially) both a passive and an active defense, a shield for my privacy and an assertion that I will defend that privacy. That said, most of the time I don't encrypt because what I say is not something I consider private. When I do consider something private, I'd like to be able to communicate it electronically without fear that someone I don't trust may be eavesdropping. I could argue that it would be antisocial for someone to insist that people not enforce their privacy. We do not and should not trust all equally in all situations. Anyone may have lawful, moral business, the disclosure of which would be so harmful (in his eyes) that he might want assurance that only the intended recipient be party to the discussion. I doubt there ever was anyone who had *nothing* to hide. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Asking whether markets are efficient is like asking whether people are smart. pgpvDfYNdLX5F.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: getting an encrypted file to show what public key was used
On Tue, May 29, 2012 at 11:28:36AM -0400, Robert J. Hansen wrote: This goes to underline the importance of proper certificate validation. If I have the sequence of events correct, then it could have been avoided entirely if there had been a Step 4.5, validate the certificate he just received. Indeed. The problem is much like a hash index. And anyone who's used hash indexing* should know that he must search the indicated bucket for the record which actually matches the search key. Hashing only cuts the size of the search space; it doesn't guarantee reducing it to a single-element space. * And anyone who puts socks in one drawer and shirts in another has used hash indexing. :-) -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Asking whether markets are efficient is like asking whether people are smart. pgpe88WKS1xAI.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Testing GPG EMail encryption
On Thu, May 24, 2012 at 04:55:59PM +0100, da...@gbenet.com wrote: - From tests carried out - Mandrava Linux was ok. I suspect that other Linux distros have no real problems - just because your works - does not mean that every other Linux distro works. However: because it works on my system, even though there is no GPG v1 installed on it anywhere, does demonstrate that gpg v1 is not required and gpg v2 is not the problem. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Asking whether markets are efficient is like asking whether people are smart. pgpSQ8dBLL8In.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Testing GPG EMail encryption
On Thu, May 24, 2012 at 08:27:59PM +0100, michael crane wrote: mwood@mhw ~ $ dir /usr/bin/gpg* Sorry, that's lingering evidence of my VMS habits: mwood@mhw ~ $ alias dir alias dir='ls -l' -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Asking whether markets are efficient is like asking whether people are smart. pgpOwR8NfOKFC.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Draft of nine new FAQ questions
On Fri, May 25, 2012 at 10:44:40AM +0200, Werner Koch wrote: On Thu, 24 May 2012 02:22, r...@sixdemonbag.org said: The final version that gets submitted to Werner will by necessity be plain text, and that will probably get downshifted into dumb typewriter Keep those quotes. I like UTF-8 and it is always easier to replace them by ticks and backticks than the other way around. I would use them as well, but I don't yet know which keys to use. MOD3+(,) give me the single quotes, but the commonly used MOD3+' is bound to deaddiaeresis. For German I also need a lower quote. Finding 3 new keys with Emacs is hard ;-). And life is too short to go trawling the Internet for X Compose sequences. If I could find a comprehensive table I'd probably use them more. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Asking whether markets are efficient is like asking whether people are smart. pgpe9bFRQl6qr.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Testing GPG EMail encryption
On Wed, May 23, 2012 at 09:39:04PM +0100, da...@gbenet.com wrote: I ran the debugging programme with Openpgp debugging options to console and I got the message that with gpg2 installed one was not able to digitally sign an e-mail whilst encrypting to their public key which in all the named distros it encrypted to my private key - fact. I have no idea how a debugger would know that you couldn't sign an email. It is a fact that Openpgp will only work if BOTH gpg 1.4.11 and the widget gpg2 is then added. Fact. Most Linux users have BOTH by default. Fact. That's why no one's reporting aany problems. Fact. If you remove from your system gpg 1.4.11 then you have real problems with open Openpgp - even Kleopatra. Fact On my Gentoo system, there is no gpg v1 installed: mwood@mhw ~ $ dir /usr/bin/gpg* lrwxrwxrwx 1 root root 4 Sep 15 2011 /usr/bin/gpg - gpg2 -rwxr-xr-x 1 root root 699072 Jun 29 2011 /usr/bin/gpg2 -rwxr-xr-x 1 root root 268352 Jun 29 2011 /usr/bin/gpg-agent -rwxr-xr-x 1 root root 130720 Jun 29 2011 /usr/bin/gpgconf -rwxr-xr-x 1 root root 142736 Jun 29 2011 /usr/bin/gpg-connect-agent -rwxr-xr-x 1 root root 50627 Apr 2 15:28 /usr/bin/gpgdir -rwxr-xr-x 1 root root205 Jun 30 2011 /usr/bin/gpgen -rwxr-xr-x 1 root root 18448 Sep 21 2011 /usr/bin/gpg-error -rwxr-xr-x 1 root root 1804 Sep 21 2011 /usr/bin/gpg-error-config -rwxr-xr-x 1 root root 8990 Apr 2 15:28 /usr/bin/gpg-key2ps -rwxr-xr-x 1 root root 39320 Jun 29 2011 /usr/bin/gpgkey2ssh -rwxr-xr-x 1 root root 4005 Apr 2 15:28 /usr/bin/gpglist -rwxr-xr-x 1 root root 2750 Apr 2 15:28 /usr/bin/gpg-mailkeys -rwxr-xr-x 1 root root 3521 Jan 11 09:14 /usr/bin/gpgme-config -rwxr-xr-x 1 root root 26864 Jun 29 2011 /usr/bin/gpgparsemail -rwxr-xr-x 1 root root 1708 Apr 2 15:28 /usr/bin/gpgparticipants -rwxr-xr-x 1 root root 13830 Apr 2 15:28 /usr/bin/gpgsigs -rwxr-xr-x 1 root root 382016 Jun 29 2011 /usr/bin/gpgsm -rwxr-xr-x 1 root root 4635 Jun 29 2011 /usr/bin/gpgsm-gencert.sh lrwxrwxrwx 1 root root 5 Sep 15 2011 /usr/bin/gpgv - gpgv2 -rwxr-xr-x 1 root root 327504 Jun 29 2011 /usr/bin/gpgv2 -rwxr-xr-x 1 root root 22760 Apr 2 15:28 /usr/bin/gpgwrap mwood@mhw ~ $ gpg --version gpg (GnuPG) 2.0.17 libgcrypt 1.4.6 Copyright (C) 2011 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. As you can see, 'gpg' and 'gpgv' are symlinks to the v2 programs. Nevertheless, I just sent a signed message to myself at another address, from Thunderbird, using Enigmail. It arrived signed, with a valid signature. Thunderbird + Enigmail + gpg2 works. You should consider the possibility that you have a different problem. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Asking whether markets are efficient is like asking whether people are smart. pgp9YQcf4Q3KA.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: SSH Agent keys 4096 bit?
Let me turn things around. Other than providing opportunities to discuss the practicalities of large RSA keys, is there any reason why the agent should care what size key it is storing? -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Asking whether markets are efficient is like asking whether people are smart. pgpeQqGlIhVO2.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: On message signing and Enigmail...
On Wed, Feb 01, 2012 at 09:26:18PM +, gn...@lists.grepular.com wrote: On 01/02/12 21:12, Doug Barton wrote: I've posted using the same key on probably a dozen mailing lists, I use it for all of my personal and work email. I use it to sign all of the comments on my blog. I use it to sign the front page of my website. There is very definite and obvious value in using the same key in multiple places to establish the connection between your key and your identity. Mailing lists are just another one of these places. The only thing what you're doing proves is that at the time those things were posted someone had control of the secret key, and that the messages weren't altered after they were signed. Beyond that everything is speculation. If you see somebody posting on another list using the same key that I've been using to post on this list, then you know it's the same person. If you come across my website and find the content on it signed by my key, you can connect my postings on this list with my website. And so on. Well, no; what you know is that someone with access to the private key and passphrase did it. If someone steals your private key and passphrase, they no longer uniquely identify you. Signatures can't protect against this form of imposture. But they *can* protect against someone else simply creating another key with the same name in it. Not by themselves. But the impostor, in this case, cannot demonstrate control of your private key, and when challenged, will be shown to be lying if he claims to be the person who controls your key. This still doesn't establish that the person named in the certificate has control of the key, but use of the key to create a signature does create evidence which can be investigated. Someone could visit you in person and ask you to create a recognizable signed object in his presence using the same key. If you can, then you are a person who could have created the other signature. If there is no evidence that anyone else could have created the other signature, then there is good reason to believe that you created it, though this is not proof. Signatures also cannot establish *non*identity, since you could easily have another key and pretend you don't. If the key were somehow produced, you could pretend you don't know the passphrase, and demonstrate this any number of times by typing anything which is *not* the passphrase. This is roughly equivalent to claiming that unsigned objects don't come from you. The pattern that you establish is evidence but not proof. I would like to say that, while proof settles the matter, evidence short of proof often has value. I'm going to continue to sign every email. Besides, I'm too lazy to turn it on and off. :-) -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Asking whether markets are efficient is like asking whether people are smart. pgpZZDLEh2fJe.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: hashed user IDs redux [was: Re: Creating a key bearing no user ID]
On Thu, Jan 26, 2012 at 08:29:07PM -0500, Robert J. Hansen wrote: On 1/26/2012 6:41 PM, MFPA wrote: The use of the word harvesting in this context suggests to me a concern about spamming rather than about privacy. The use is correct. Spamming is what someone does once they have your private information: harvesting is the act of collecting. A difficulty here is that spamming is fairly specific, while privacy (it seems to me) is huge, amorphous, and defined differently by different people. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Asking whether markets are efficient is like asking whether people are smart. pgp4JIOh4NGrs.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Using root CAs as a trusted 3rd party
On Sat, Jan 21, 2012 at 01:49:20PM -0800, Ken Hagler wrote: On Jan 21, 2012, at 10:12 AM, Aaron Toponce wrote: What are your thoughts on using root CAs as a trusted 3rd party for trusting that a key is owned by whom it claims? Of course, this is merely for casual checking, but it seems to be good enough. As far as I can see the only checking CAs do before issuing a certificate is does the credit card clear. It seems to depend on the CA. I know that one does a bit more checking because, the first time I sent them a request, I got a call from our corporate security officer to ask if I was really the one who had sent that request, because the CA had asked him the same question. They had wanted some identifying information about us that was not so easy for a mere computer wrangler like me to get, too. That little bit of fussiness won my repeat business, BTW. I figured that being fussy is what we were paying for. I wouldn't spend a dime at one of those CC-clearance-is-good-enough-for-us outfits. I guess that the lesson is: don't assume. Find out for yourself whether a CA is worthy of your trust, before trusting. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Asking whether markets are efficient is like asking whether people are smart. pgpKdDUFmXNkg.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: digitally signing contracts
I have no experience in this matter, but it's an interesting problem, so here are my thoughts, whatever they are worth: When contracting on paper, the signature is a personal characteristic of the signer, so samples can be compared by an expert witness. Unless there's some sort of biometric component to the creation of the certificates, personal characteristics don't enter into crypto signatures, so you need some other way to make it personal, such as a face-to-face meeting at which certificates or at least key fingerprints are exchanged by parties who can sense each other directly, match photo IDs to faces, and the like. You could consider it a keysigning party for two and use published recommendations to guide you in setting up the process. Once personal control is established, I suppose that no more meetings are required. So this would seem to work well for people who are able to meet once, and even better for parties who then make contracts again and again from time to time. If trusted third parties are willing to attest to signatures then the other parties only need to meet with the third parties, separately. I recall seeing notices by some notaries public that they also certify PGP keys. Another form of assurance might be the publication of key fingerprints on the key owner's website. (How much would you bet that your website wasn't cached by Google or sampled by the Wayback Machine before you changed the fingerprint? A number of companies have found, to their embarassment, that trying to disappear inconvenient pages is not reliable.) Still another form of assurance would be the publication of keys in the keyserver network, since it's impossible to remove keys unless you control all of the servers. And again, someone may have a copy of that certificate which is simply not remotely accessible but which could conceivably turn up in court. As with signatures on paper, you need to evaluate your risk and decide whether it's acceptable. Your insurance agent may be able to help. If you read some of the laws governing admissibility of digital signatures, you may find that your requirements are already laid out for you, to some level of abstraction. It's a possible starting point, at any rate. And your lawyer might be a good source of pointers to procedural and technical recommendations, since that would make his job easier. I'll note that there are a number of companies in the business of issuing durable digital identity tokens: X.509 certificates. You might want to insist on EV certificates, since EV has a documented meaning and some CAs are not very energetic in identifying non-EV customers. In any case you probably ought to read the CA's Certification Practice Statement and decide whether their procedures are acceptable to you. There may be sound ways to use X.509 material to initialize OpenPGP exchanges if that's important to you, or you could use PEM instead of PGP. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Asking whether markets are efficient is like asking whether people are smart. pgpA1fVkuY1J1.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: STEED - Usable end-to-end encryption
So, to summarize what I think I've been hearing: the problem which remains to be solved (if it is a problem) is a nontechnical one, and no amount of technical wizardry will solve it. The most that can be done now is to be ready to help someone who fears for his privacy and asks, what can I do? Maybe someday there will be a panic and everybody will be asking. It's good to have an answer. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Asking whether markets are efficient is like asking whether people are smart. pgposLjY6QnZN.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: STEED - Usable end-to-end encryption
On Fri, Oct 21, 2011 at 06:55:47PM +0100, MFPA wrote: If you are trying to get people to think about privacy, maybe suggesting Diaspora as an alternative to Facebook is a direction to consider... I would suggest that, if you are trying to get people to think about privacy, about the only thing worth saying to them (initially) is to point out real-life examples of bad things happening to average people who didn't think about privacy. No one can desire salvation until he believes that he is in jeopardy. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Asking whether markets are efficient is like asking whether people are smart. pgpSNcORr6GO6.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: STEED - Usable end-to-end encryption
On Mon, Oct 24, 2011 at 11:24:40AM -0400, Robert J. Hansen wrote: On 10/24/11 11:15 AM, Mark H. Wood wrote: No one can desire salvation until he believes that he is in jeopardy. Although hellfire-and-damnation preachers are a popular cultural idea, they're really quite rare: most preachers go more for the John 10:10 angle [*]. They've found through centuries of proselytization experience that things work better if you pitch the benefit of the faith, rather than the hypothesized penalties if you live without it. And I agree with this. The problem with applying the turn-or-burn sermon to proselytization is that it requires that the audience already believes in sin and hell, and that the problem is one of raising awareness. Unbelievers...don't believe. It is fortunate to such efforts that an argument couched in terms of benefit is available. The relevance here should be plain: we need to pitch the benefits of confidential and assured communications, not the hypothetical penalties if they fail to take our advice. So, in the absence of any threat, what exactly *are* those benefits? The cited passage asserts that the hearer is missing out -- he could have more than he has now. How much more can I get out of email by using crypto? What do I get, if I don't believe that my privacy is threatened or I do not value privacy? -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Asking whether markets are efficient is like asking whether people are smart. pgpEr6jJyBnF3.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: STEED - Usable end-to-end encryption
What proportion of consumer-grade ISPs have bothered to implement DNSSEC for serving their customers? I don't think mine does, and they're a big outfit. If I asked, I expect they'd think I was speaking Aldebaranese or something. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Asking whether markets are efficient is like asking whether people are smart. pgptlqzy4h9zc.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: The problem is motivational
On Thu, Oct 20, 2011 at 05:39:28AM +, M.R. wrote: On the other hand, I keep wondering: why are we (and we obviously are, witness this paper and the initiative behind it) so motivated to spread the gospel of e-mail encryption among those that completely lack the motivation for it? o Philosophical: I just think that communication channels should be encrypted unless someone demonstrates a good reason not to. Perhaps it comes under the heading of not tempting others to sin. :-) o Protective coloration: if email is normally encrypted, this further weakens the already-stupid argument that if you want this much privacy then you must be up to no good. o Weariness of duh moments: some people throw their secrets around like confetti and then get all bent out of shape when this comes back to bite them. Saying, well, you could easily have protected yourself with X if you cared is always unrewarding and always hard to eschew. I'd rather not be tempted. o Taking unenthusiasm personally: we obviously think this stuff is interesting and useful, and it can feel kind of insulting that others don't. o The telephone quandary: if *I* want to communicate securely with you, then I need for *you* to have a compatible secure means of communication. (If I'm the only person with a telephone, whom can I call?) o Cassandra complex: the vague feeling that Something Bad Will Happen And I Didn't Warn Them. That's all I can think of right now. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Asking whether markets are efficient is like asking whether people are smart. pgpw5gM4CyipF.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: The problem is motivational
BTW I have nothing to hide but like my privacy anyway. Privacy is essential for maintaining personal boundaries, as well as security. (That said, the vast majority of my use of crypto in email is to establish identity, not to protect privacy. I *want* to be positively identifiable in most circumstances.) -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Asking whether markets are efficient is like asking whether people are smart. pgpRe5Gr1rxur.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users