Thanks once again for the feedback.
Best,
Edwin
On Thu, Jan 2, 2014 at 3:04 PM, Olav Seyfarth o...@enigmail.net wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Hi Edwin,
IN SHORT
To your question: I don't think there is a mobile solution for ePGP
available.
LONG ANSWER
Am Fr 03.01.2014, 00:33:51 schrieb Doug Barton:
On 01/02/2014 09:35 PM, Hauke Laging wrote:
| I just noticed that you can easily be deluded about an email being
| encrypted: That you receive an encrypted mail does not mean that it
| was sent encrypted. An adversary may encrypt a non-encrypted
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
FYI, your client has horrible line wrapping. If there is a setting,
please change it to 72 columns.
On 01/03/2014 12:59 AM, Hauke Laging wrote:
| Do you agree that it is (or, depending on the content, can be) an
| important information whether a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 01/03/2014 01:13 AM, Doug Barton wrote:
| My argument is that the_only_ thing relevant to message validity
| is the signature on the message itself. Whether it was encrypted or
| not should play no role in the recipient's calculation of the
|
On 1/3/2014 3:33 AM, Doug Barton wrote:
This threat model doesn't make a lot of sense, except for very naive
users who cannot distinguish the importance of a message that is
encrypted vs. a message (encrypted or not) which is signed.
I'm going to cautiously disagree. What we call very naive
Am Fr 03.01.2014, 01:13:13 schrieb Doug Barton:
On 01/03/2014 12:59 AM, Hauke Laging wrote:
| Do you agree that it is (or, depending on the content, can be) an
| important information whether a message was encrypted by the sender
| (and for which key)?
Not particularly, no. The message
On Thu, 2 Jan 2014 18:54, eagleeyes...@yahoo.com said:
I have created a test ECC 25519 subkey.
You mean using the experimental code in GnuPG master? Don't use it - it
is is work in progress.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
All,
I have a script that I use to send mail (as part of pine/alpine) that
needs to prompt for my key passphrase.
I run alpine on a private unix server, within a screen session.
It basically works perfectly with gpg1, where I can get an inline prompt
for a password, but gpg2 falls short
Am Fr 03.01.2014, 10:02:28 schrieb MFPA:
OpenPGP's mitigation against this is signing emails, and the web of
trust to give assurance who signed.
That's exactly why I want signatures. But I do not only want a signature
which guarantees the data integrity, I want a(nother) signature which
Am Fr 03.01.2014, 04:28:38 schrieb Robert J. Hansen:
or that his proposed fix would work.
Would you explain how that shall be avoided?
You send an email to me. You encrypt it to the key which I want you to
encrypt it to. Then you sign the encrypted data.
If I receive an email from you which
Am Fr 03.01.2014, 01:14:22 schrieb Dan Mahoney, System Admin:
It basically works perfectly with gpg1, where I can get an inline
prompt for a password, but gpg2 falls short where it tries to set up
some kind of a unix-socket connection to a pinentry dialog, and this
all falls apart within the
On 1/3/2014 4:57 AM, Hauke Laging wrote:
Would you explain how that shall be avoided?
I already did, in quite clear language.
You are trying to solve a social problem (people don't have the
background to think formally about trust issues) via technological
means (if we just change the way we
On 03/01/14 10:57, Hauke Laging wrote:
If I receive an email from you which is not encrypted and signed (as the
outer layer) then I go on red alert. Like today I might if the message is
not encrypted or not signed.
How do you know the sender doesn't have an unencrypted copy of the message in
On Fri, Jan 03, 2014 at 06:21:05AM -0500, Robert J. Hansen wrote:
On 1/3/2014 4:57 AM, Hauke Laging wrote:
Would you explain how that shall be avoided?
I already did, in quite clear language.
You are trying to solve a social problem (people don't have the
background to think formally
On Fri, 3 Jan 2014, Hauke Laging wrote:
Am Fr 03.01.2014, 01:14:22 schrieb Dan Mahoney, System Admin:
It basically works perfectly with gpg1, where I can get an inline
prompt for a password, but gpg2 falls short where it tries to set up
some kind of a unix-socket connection to a pinentry
On Fri, 3 Jan 2014, Hauke Laging wrote:
Am Fr 03.01.2014, 01:14:22 schrieb Dan Mahoney, System Admin:
It basically works perfectly with gpg1, where I can get an inline
prompt for a password, but gpg2 falls short where it tries to set up
some kind of a unix-socket connection to a pinentry
On 01/03/2014 08:12 AM, Leo Gaspard wrote:
So changing the encryption could break an opsec.
If someone's opsec is based on the question of whether a message was
encrypted or not, then they've probably got their cart before their
horse too.
opsec requirements should indicate whether you encrypt,
On 01/03/2014 12:35 AM, Hauke Laging wrote:
From the RfC perspective (PGP/MIME) this should not be a problem; you just
need another level of nesting. Maybe the mail clients are not even prepared
for reading such messages. That would not surprise me but would not be an
argument against one
Il 03/01/2014 11:28, Hauke Laging ha scritto:
But I do not suggest to make my configuration the default. I just want
to be able to use it. Sometimes it's best to send a signed cleartext
message, sometimes to send an unsingned encrypted message, sometimes a
first signed then encrypted
On 03/01/14 14:31, Dan Mahoney, System Admin wrote:
Hauke, in your posts, you mention that the pinentry protocol isn't on the GPG
website. Could that please be fixed by the people who maintain the project?
I
notice it also missing from http://www.gnupg.org/documentation/manuals/
I remember
Hi all.
Nothing new actually, but this is nice point:
“The irony of quantum computing is that if you can imagine someone
building a quantum computer that can break encryption a few decades into
the future, then you need to be worried right now,” Lidar said. [1]
[1]
On Fri, Jan 03, 2014 at 12:50:47PM -0500, Daniel Kahn Gillmor wrote:
On 01/03/2014 08:12 AM, Leo Gaspard wrote:
So changing the encryption could break an opsec.
If someone's opsec is based on the question of whether a message was
encrypted or not, then they've probably got their cart before
On 01/03/2014 06:56 PM, Leo Gaspard wrote:
On Fri, Jan 03, 2014 at 12:50:47PM -0500, Daniel Kahn Gillmor wrote:
On 01/03/2014 08:12 AM, Leo Gaspard wrote:
So changing the encryption could break an opsec.
If someone's opsec is based on the question of whether a message was
encrypted or not,
On 01/03/2014 01:28 AM, Robert J. Hansen wrote:
On 1/3/2014 3:33 AM, Doug Barton wrote:
This threat model doesn't make a lot of sense, except for very naive
users who cannot distinguish the importance of a message that is
encrypted vs. a message (encrypted or not) which is signed.
I'm going
24 matches
Mail list logo
