David Picon Alvarez wrote:
Options 4 and 5 are much preferable to option 0 (GnuPG implements PKCS#11
and people use non-free drivers) and not implementing
PKCS#11 might put some optimizing pressure in this direction.
Again, you are wrong.
There is not point in writing a low level code in each
On Tue, 06 Sep 2005 15:56:22 +0200, Zeljko Vrba said:
2. OpenPGP trust model isn't as 'strong' as X.509 (i.e. there aren't
many trusted introducers)
OpenPGP does not define any trust model. Instead it provides the
mechanisms to implement any kind of trust modell on top of it.
Salam-Shalom,
There is not point in writing a low level code in each application to
support each card it is NxN situation, not wise.
The truth is that if cards were more ISO compliant this situation would not
be a big deal.
Also I'm sure a lot of this code could be shared among apps.
Anyway, I'm a gpg user
David Shaw wrote:
On Tue, Sep 06, 2005 at 01:36:37PM -0500, John Clizbe wrote:
Kurt Fitzner wrote:
snip
gpg --edit-key keyID clean
And setting the clean-sigs and clean-uids options on import-options,
export-options, and keyserver-options are our only defense until then.
Like you, I refreshed
Alon Bar-Lev wrote:
David Picon Alvarez wrote:
I dropped all stuff regarding the differences using API and
communication... I think you are wrong, there is exception for the
rules... I try now to contact FSF for a formal position.
The lawyer who wrote GPL wrote it with the explicit
Werner Koch wrote:
On Tue, 06 Sep 2005 19:35:34 +0200, Zeljko Vrba said:
As Alon did remark earlier, the general movement in the industry is
towards multi-purpose smart-cards. OpenPGP card currently doesn't fall
into this category.
Not true. The OpenPGP card specification is a card
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Alphax wrote:
You trust the Microsoft CryptoAPI? Well why don't you just run Windows,
which Microsoft Says is Perfectly Secure, and use Microsoft's inbuilt
X.509 instead of OpenPGP, since Microsoft Guarantees No Back Doors in
the CryptoAPI?
David Picon Alvarez wrote:
You trust the Microsoft CryptoAPI? Well why don't you just run Windows,
which Microsoft Says is Perfectly Secure, and use Microsoft's inbuilt
X.509 instead of OpenPGP, since Microsoft Guarantees No Back Doors in
the CryptoAPI?
No! this is not the issue of
On Wed, Sep 07, 2005 at 08:02:56PM +0930, Alphax wrote:
Not true. The OpenPGP card specification is a card application and
you may put as many other applications on a card as you like and the
EEPROM allows to. With 6k (and even less possible) it is actually a
pretty small application.
The only place in the GPL where libraries are mentioned is in reference
to the LGPL. Using the Microsoft CryptoAPI doesn't appear to be legal;
AFAICT, this is similar to the reason why Enigmail insists on GPG
instead of being able to interface with PGP on Windows systems.
Wrong.
From GPL
Peter Gutmann wrote:
Alphax [EMAIL PROTECTED] writes:
Zeljko Vrba wrote:
Joe Smith wrote:
For example, your CA can revoke your key leaving you with one key that
is invalid X.509, but valid OpenPGP? Yuck!
Using the X.509 cert and OpenPGP public key (having the same private
key) could be
Alon Bar-Lev wrote:
Alphax wrote:
The only place in the GPL where libraries are mentioned is in
reference to the LGPL. Using the Microsoft CryptoAPI doesn't appear
to be legal; AFAICT, this is similar to the reason why Enigmail
insists on GPG instead of being able to interface with PGP on
Alphax [EMAIL PROTECTED] writes:
Zeljko Vrba wrote:
Joe Smith wrote:
For example, your CA can revoke your key leaving you with one key that
is invalid X.509, but valid OpenPGP? Yuck!
Using the X.509 cert and OpenPGP public key (having the same private
key) could be useful in the following
Alphax wrote:
1. What's the standard size of the EEPROM on a smartcard suitable for
OpenPGP?
YOu have cards ranging from 8k to 64k
2. What else could you fit on such a card?
debit/credit applications, X.509 PKI applications, data-containers, etc.
3. Is it possible to have multiple
David Picon Alvarez wrote:
There is not point in writing a low level code in each application to
support each card it is NxN situation, not wise.
The truth is that if cards were more ISO compliant this situation would not
be a big deal.
Even if this were to happen, ISO still doesn't say
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
To my knowledge, the PGP GD doesn't sync with anyone. It would be
interesting to know how/where these signatures are leaking into the
keyserver net.
Probably some PGP users who are automagically synchronising their
entire keyrings with multiple
Alon Bar-Lev wrote:
Great! Super! Amazing!
If you can do it with a little effort I will glad to check and use it.
Not so little. I don't have any card or PKCS#11 driver. Mozilla NSS is a
pain to set up. I have no idea how to use its softtoken implementation.
Opencryptoki uses ^$@@#$$#^!!ng
Hello all,
I use kubuntu with kmail and kgpg.
When I try to send a mail with signature and I use inline openpgp then the
sig is attached and not inline. I see this when I send a mail to winusers and
outlook.
Can someone tell me how I can send a signature inline? So PGP on outlook can
read it?
PLEASE PLEASE PLEASE stop cc'ing messages to me if they are also addressed
to the list
--
Benjamin
[EMAIL PROTECTED]
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On Wed, Sep 07, 2005 at 01:13:02PM +0200, Janusz A. Urbanowicz wrote:
PS The whole discussion made me curious; I worked with smartcards
extensively few years ago and was grossly disappointed with the stuff from
the development side, but times they are a'changin... Where can I purchase a
This may be a very silly question, but I want to know what is involved
with running a key server?
A manager has asked about whether we can somehow use electronic
signatures on internal documents to reduce paper and printer costs as
well as the problem of occasionally losing a printed piece of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Berend Tober wrote:
This may be a very silly question, but I want to know what is involved
with running a key server?
A manager has asked about whether we can somehow use electronic
signatures on internal documents to reduce paper and printer
On Wed, Sep 07, 2005 at 05:29:18PM -0400, Berend Tober wrote:
This may be a very silly question, but I want to know what is involved
with running a key server?
A manager has asked about whether we can somehow use electronic
signatures on internal documents to reduce paper and printer costs
David Shaw wrote:
Would be difficult to do in SKS. You need to be able to verify
signatures (so cleaning doesn't remove the wrong signature), and right
now SKS doesn't verify signatures.
The problem isn't widespread in that other keyservers are doing this
sort of thing. A simple explicit
24 matches
Mail list logo