Hello,
Aparrently the OpenPGP card is based on BasicCard [1] and from the
BasicCard FAQ [2] I read:
For Enhanced BasicCards, the card has no hardware generator. The Enhanced
BasicCards contain a unique manufacturing number which cannot be read from
outside the card. The Rnd function uses
On Wed, 5 Feb 2014 06:03, d...@fifthhorseman.net said:
Werner recently (in message ID 87zjmv127f@vigenere.g10code.de)
indicated his acceptance of a notation named extended-us...@gnupg.org
with a value that can be set to bitcoin. Maybe the same notation
We can do that as soon as gniibe
On Wed, 5 Feb 2014 04:15, mailinglis...@hauke-laging.de said:
Wow. Does that mean that PGP can verify OpenPGP keys with X.509
certificates (in combination with a related OpenPGP certificate)? Or is
this just a theoretical feature?
IIRC, the PGP desktop client also integrated an IPsec
Hi,
I use the GnuPG card and have installed all the software, including
Scute. I configured a server for HTTPS asking for client certificates.
When the card is inserted before requesting the page, I get a request
for the user PIN for the card, and then the certificate is exchanged
with the
If you have a web server *and* a client where you can control the
session cache and initiate a re-negotiation, Firefox will try to look
at your token again.
At least this was the case a while ago.
--
Martin
+372 515 6495
On Wed, Feb 5, 2014 at 12:58 PM, Urs Hunkeler u...@gmx.ch wrote:
Hi,
I
Dear Martin,
Thanks a lot for your help. It works now!
After you pointed out re-negotiation, I first tried to find a way to
dynamically request TLS renegotiation from the server (apache tomcat).
All I could find is people thinking that this is a bad idea. I still
think it makes sense in the
That is not what I suggest. You can assign certification trust to any
key. Why should this of all keys not be done with certain CA keys?
Ah, I had missed that nuance a bit, sorry.
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if
On 05/02/14 11:23, Werner Koch wrote:
In general it does not make sense to use the same key - there is no
advantage.
I could think of /a/ reason to do it. You could leverage existing X.509
certifications by CAs to verify key validity in the OpenPGP world.
An X.509 certification obviously
On 02/05/2014 01:04 PM, Peter Lebbing wrote:
So you could create a hybrid model:
I assign trust to a specific CA. That CA has issued a certificate with DN
XYZ.
In my public OpenPGP keyring, there exists a key with a UID XYZ, and that
public key has the same raw key material as the
On Wed, 5 Feb 2014 19:04, pe...@digitalbrains.com said:
An X.509 certification obviously certifies that a certain X.509 certificate
belongs to the person or role identified by the Distinguished Name. But seen a
Almost all X.509 certification in public use certify only one of two
things:
-
On 02/05/2014 03:06 PM, Werner Koch wrote:
Almost all X.509 certification in public use certify only one of two
things:
- Someone has pushed a few bucks over to the CA.
- Someone has convinced the CA to directly or indirectly issue a
certificate.
To further clarify: Domain
On 05/02/14 21:06, Werner Koch wrote:
Almost all X.509 certification in public use certify only one of two
things:
I never intended my message to say I would trust any CA. Hauke was looking for a
way to leverage trust in a CA; I was merely contributing something I thought he
might find
Am Mi 05.02.2014, 11:23:24 schrieb Werner Koch:
In general it does not make sense to use the same key - there is no
advantage.
I think that is not correct. It is today but not from the perspective of
my proposal.
a) If a CA uses the same key in both formats then we can get the
advantage
13 matches
Mail list logo