Re: Problems with cert validation via CRL

2017-02-20 Thread NIIBE Yutaka
Hello, David Gray wrote: > At the same time, I'm curious as to why the Ubuntu installation is > validating the certificate as 'good' while the Windows installation is not - > is this just because the Ubuntu installation was able to successfully > validate the certificate in

Re: GPG, subkeys smartcard and computer

2017-02-20 Thread Kristian Fiskerstrand
On 02/20/2017 05:49 PM, Peter Lebbing wrote: > So perhaps one key per device is superior, also for detecting which client > system was compromised by looking at the SSH auth logs on the server > (supposing > the attacker didn't gain root privileges and wiped his traces immediately). > But > I

Problems with cert validation via CRL

2017-02-20 Thread David Gray
Hello - new user here; this may be an obvious question but I haven't been able to find the answer. Ultimately, this may just highlight some of the problems inherent in a hierarchical trust model. I've got a free x.509 email certificate generated by Comodo. I've got Ubuntu 16.04 LTS

Re: GPG, subkeys smartcard and computer

2017-02-20 Thread Peter Lebbing
On 20/02/17 16:25, Kristian Fiskerstrand wrote: > Wouldn't consider this accurate, the typical use case for multiple A > subkeys is per-device usage, explicitly to avoid having to revoke all if > one is compromised. Well, if you use only one, "revoke all" is still "revoke one" ;). It's not the

Re: GPG, subkeys smartcard and computer

2017-02-20 Thread Personal (open)
On 20.02.2017 15:25, Kristian Fiskerstrand wrote: > On 02/19/2017 01:45 PM, Andrew Gallagher wrote: > >> And in the case of A and S, there next to no benefit - if one of your >> subkeys is lost you should revoke it immediately anyway > > Wouldn't consider this accurate, the typical use

Re: Hybrid keysigning party, your opinion?

2017-02-20 Thread Peter Lebbing
On 19/02/17 21:16, Nils Vogels wrote: > I'll read up on this thread from the archives, but I'm exploring possibilities > to enhance the FOSDEM format with the use of QR for on-the-spot signing for > those who want to and don't mind having signatures submitted by signers to > keyservers. Thank you

Re: GPG, subkeys smartcard and computer

2017-02-20 Thread Kristian Fiskerstrand
On 02/19/2017 01:45 PM, Andrew Gallagher wrote: > And in the case of A and S, there next to no benefit - if one of your > subkeys is lost you should revoke it immediately anyway Wouldn't consider this accurate, the typical use case for multiple A subkeys is per-device usage, explicitly to avoid

Re: powertop(8) Points at gpg-agent.

2017-02-20 Thread Ralph Corderoy
Hi Werner, > > the forking of two siblings to have a `GETINFO pid' chat every > > minute. > > What you see are not new processes but merely two threads every > minute. Yes, sorry, I saw the clone(2) and translated to fork. > --disable-check-own-socket can be used to disable this feature.

Re: GPG, subkeys smartcard and computer

2017-02-20 Thread Stefano Tranquillini
Hi, Things are getting clearer now, the fact is: subkeys are not related and basically only the last generated is used. I missunderstood this step. I need a Auth subkey on the smartcard becuase I've setup the server to access ssh only via a key. If I'm not at my pc I can't access the server, and

Re: powertop(8) Points at gpg-agent.

2017-02-20 Thread Werner Koch
On Fri, 17 Feb 2017 14:59, ra...@inputplus.co.uk said: > gnupg 2.1.18-1 on Arch Linux. I noticed powertop ranking the > gpg-agents, one per user, quite highly, and their impact is multiplied > by their number. strace(1) showed the two-second select(2) timing out > with no syscalls in between,