-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Fri, 31 Jan 2014 01:15:07 +
MFPA 2014-667rhzu3dc-lists-gro...@riseup.net wrote:
On Thursday 30 January 2014 at 10:43:39 PM, in
mid:20140130224339.5fcb0d27@steves-laptop, Steve Jones wrote:
Well therein lies my problem with the PGP
Il 31/01/2014 10:24, Steve Jones ha scritto:
Well the conventions of use, for example the key signing party
protocol, requires photographic id. If I publicly sign a key it has to
be in line with how I expect others to interpret it. Policies and
notations on signatures go some way to alleviate
Il 31/01/2014 01:29, DUELL, BOB ha scritto:
A couple folks (Diego and Johannes) mentioned using a smartcard or a
token. I think a smartcard refers to a piece of hardware, but I
don't know what a token means. Our server is in a datacenter and
I'm sure I cannot attach any sort of hardware.
A
On Friday 31 January 2014 01:28:20 MFPA wrote:
mid:1703510.WrKrPo3DPU@mani, Johannes Zarl wrote:
If the same email-address is used together with the
same key for a long time, it effectively ties the
email-address to a person for all practical concerns.
After all, you are communicating via
Hi,
I've meanwhile seen that others assumed the automatic-persona certification to
use exportable signatures. To clarify:
As far as I understood the original idea, it would use local signatures only
(preferably done with a special purpose local key only used for these
signatures).
If one
On Fri, 31 Jan 2014 15:02:14 +0100
NdK ndk.cla...@gmail.com wrote:
Il 31/01/2014 10:24, Steve Jones ha scritto:
Well the conventions of use, for example the key signing party
protocol, requires photographic id. If I publicly sign a key it has
to be in line with how I expect others to
On Fri, 31 Jan 2014 08:39, micha...@gmx.de said:
you are a legitimate sender. I don't know how gpg does it, in academic
signature I use an hmac to protect solely symmetrically enciphered
OpenPGP defines a MDC feature to detect tampering with the encrypted
message. It works by appending the
Assuming you're talking about encryption algorithms used by GnuPG, the
answer is no, these algorithms do not have publicly known known-plaintext
attacks. Messages encrypted with GnuPG are always symmetrically encrypted
-- when using keys, it just encrypts the random file key using RSA/DSA to
On Thu, Jan 30, 2014 at 11:48:13PM -0800, Paul R. Ramer wrote:
[snip]
Just know that no one is going to attack to the cipher itself to get to your
messages. There are much easier methods such as installing a key logger.
Why beat the door down if you can open the window?
Well...that depends
On Fri, 31 Jan 2014 16:37:28 +0100
Johannes Zarl johan...@zarl.at wrote:
As far as I understood the original idea, it would use local
signatures only (preferably done with a special purpose local key
only used for these signatures).
If one would export these signatures, that would just DDoS
On Friday 31 January 2014 16:09:39 Steve Jones wrote:
Well I was thinking of exporting at first, but it's too fraught with
problems. I would in general like to see more use of persona
signatures as certifying keys as good enough. Essentially I see the
requirements for certifying keys as a
11 matches
Mail list logo