> GnuPG is cross-platform and in no way tied to Linux, but I think you
> have a point about the CLI-focused design of it. The problem isn't that
> it's CLI-based per se, but that this design has made it far too easy for
> it to accumulate features without much consideration for how the whole
>
On 07/01/2019 07:29 AM, David wrote:
> My take on all this is that I have had to disable Enigmail because it's
> screwed - I was not able to send mail and all the settings in enigmail
> were lots of so I have been infected :(
>
> David
Damn. But all is likely not lost.
If you
> I think also (sorry to say this Werner!) the problem is that
> GnuPG is Linux cli based and not like MacPGP from Mr. Zimmermann,
> back in the 90's was GUI based with much lesser commands and
> easier to learn. There was back then no Enigmail or other
> MUA plug-ins and you could simply copy and
> And yes, hkps://keys.openpgp.org would fall over and die if too many
> users started using it. So cert poisoning will be an issue until there's
> a secure alternative.
Just as a point of interest, I've talked to the people running
keys.openpgp.org about their capacity in #hagrid, when we were
Ryan McGinnis via Gnupg-users wrote:
>
> Null modem transfer of your messages? Yikes. To me that’s the issue with
> PGP in general as it relates to secure communications - the nerds and the
> criminals and the spies know how to work it, but your average end user
> doesn’t need their step one
Null modem transfer of your messages? Yikes. To me that’s the issue with PGP
in general as it relates to secure communications - the nerds and the criminals
and the spies know how to work it, but your average end user doesn’t need their
step one to be “go to a Goodwill in a city you don’t
karel-v_g--- via Gnupg-users wrote:
> Hello!
[snip]
Hi Karel,
I think *flame on* Werner does not need to change anything,
because he is in the lucky position do get financed by
the big boys, so I see no need for him to start doing something
new like many others (with no financial support) do.
Hello to all,
Am 01.07.19 um 00:23 schrieb Ryan McGinnis via Gnupg-users:
> Does anyone know what PGP’s peak adoption rate was? I always loved it in
> concept but very very rarely saw people actually trying to use it in the
> wild, outside of the types of people who read this list.
Well
Hello!
Just right now I have read about a security vulnerability in the PGP
keyservers, that can likely not be fixed according to Heise Online.
That makes me writing about something I have been thinking of for quiet some
time now:
I am working in an environment that deals with highly sensitive
On 2019/07/01 17:26, Werner Koch wrote:
> p.s.
> As stop-gap solution the next gpg release sports a
> --keyserver-options self-sigs-only to allow importing of spammed keys.
I think this deserves more than a P.S. ;-)
--
Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
On Mon, 1 Jul 2019 10:27, konstan...@linuxfoundation.org said:
> - subkey changes
An expired key triggers a reload of the key via WKD or DANE. Modulo the
problems I mentioned in the former mail. For new subkeys we have a
problem unless we do a regular refresh similar to what should be done
On Mon, 1 Jul 2019 15:13, gnupg-users@gnupg.org said:
> distribution keys in Gentoo. However, the main problem with WKD right
> now is that AFAIK GnuPG doesn't support refreshing existing keys via WKD
Actually gpg updates expired keys via WKD. However, to not break things
and not to go out
On Mon, 1 Jul 2019 14:55, andr...@andrewg.com said:
> Yes, which is why we've informally had "let the owner choose whether to
> publish her incoming certifications" as best practice for a long time.
Actually gpg has always set the /Key Server Preferences/ to
First octet: 0x80 = No-modify
Andrew Gallagher wrote:
> On 2019/07/01 16:26, Stefan Claas via Gnupg-users wrote:
> > I use encryption tools *offline*
> > on my Notebook and then copy/paste the encrypted messages
> > into CoolTerm to transfer them then via my USB to USB Nullmodem
> > cable to my online computer. :-)
>
> That
I'm kind of a corner case, but I can't use wkd because I don't control
my top level domain for my email. I also can't use DANE for the same
reason. I can and do use DNS CERT records because it allows a
second-level domain. I suppose this has been discussed to death, but
wouldn't it make sense
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Oops, forgot to sign it.
I'm kind of a corner case, but I can't use wkd because I don't control
my top level domain for my email. I also can't use DANE for the same
reason. I can and do use DNS CERT records because it allows a
second-level
On 2019/07/01 16:26, Stefan Claas via Gnupg-users wrote:
> I use encryption tools *offline*
> on my Notebook and then copy/paste the encrypted messages
> into CoolTerm to transfer them then via my USB to USB Nullmodem
> cable to my online computer. :-)
That seems excessively baroque. What's your
Michał Górny via Gnupg-users wrote:
> On Mon, 2019-07-01 at 15:38 +0100, Andrew Gallagher wrote:
> > On 2019/07/01 15:13, Stefan Claas via Gnupg-users wrote:
> > > I agree with Professor Green. Maybe he and his students can
> > > program a POC something more simple, preferably in Golang and
> > >
Andrew Gallagher wrote:
> On 2019/07/01 15:13, Stefan Claas via Gnupg-users wrote:
> > I agree with Professor Green. Maybe he and his students can
> > program a POC something more simple, preferably in Golang and
> > while using the NaCl* library.
>
> Golang? Not Rust? :-P
He he, I have tried
On 2019/07/01 15:47, Michał Górny wrote:
> I do find it odd how many projects choose exotic languages and then
> become defunct because few years later nobody wants to touch them.
> Presuming you're still able to build them. It's ironic people still
> don't see that even though SKS has just
On Mon, 2019-07-01 at 15:38 +0100, Andrew Gallagher wrote:
> On 2019/07/01 15:13, Stefan Claas via Gnupg-users wrote:
> > I agree with Professor Green. Maybe he and his students can
> > program a POC something more simple, preferably in Golang and
> > while using the NaCl* library.
>
> Golang?
On 2019/07/01 15:13, Stefan Claas via Gnupg-users wrote:
> I agree with Professor Green. Maybe he and his students can
> program a POC something more simple, preferably in Golang and
> while using the NaCl* library.
Golang? Not Rust? :-P
I do find it odd how many projects make such a big deal of
On 01/07/2019 14:55, Andrew Gallagher wrote:
> On 2019/07/01 14:26, Robert J. Hansen wrote:
>> A thought that would unfortunately require an adjustment to the OpenPGP
>> spec itself: why do we put certification signatures on the target's
>> certificate, anyway?
>
> I think it's mostly to do with
On Mon, Jul 01, 2019 at 03:13:29PM +0200, Michał Górny via Gnupg-users wrote:
The problem with autocrypt are the cases where its security measures
are
tested. There is not good way to interact with the users in those cases.
I know this is not parts of its design goals, but it works against a
David wrote:
> Your Thoughts :)
>
> https://blog.cryptographyengineering.com/2014/08/13/whats-matter-with-pgp/
>
I agree with Professor Green. Maybe he and his students can
program a POC something more simple, preferably in Golang and
while using the NaCl* library.
I think also (sorry to say
On 2019/07/01 14:26, Robert J. Hansen wrote:
> A thought that would unfortunately require an adjustment to the OpenPGP
> spec itself: why do we put certification signatures on the target's
> certificate, anyway?
I think it's mostly to do with key size. This works fine either way when
it's among
> On 1 Jul 2019, at 13:36, Andrew Gallagher wrote:
>
> We start from hagrid or something like it, and carefully add the ability
> to sync only the absolute minimum of data required to allow revocations
> to propagate. This probably means primary keys, their self-sigs and
> revocation sigs.
Or
> We start from hagrid or something like it, and carefully add the ability
> to sync only the absolute minimum of data required to allow revocations
> to propagate. This probably means primary keys, their self-sigs and
> revocation sigs.
A thought that would unfortunately require an adjustment to
On Mon, 2019-07-01 at 12:18 +0200, Bernhard Reiter wrote:
> Am Montag 01 Juli 2019 01:36:41 schrieb Robert J. Hansen:
> > Now we've got Autocrypt, WKD, and Hagrid: of these Autocrypt is probably the
> > most mature and the easiest for email users.
>
> The problem with autocrypt are the cases
On 2019/06/30 18:06, Daniel Kahn Gillmor wrote:
> On Sun 2019-06-30 00:33:22 +0100, Andrew Gallagher wrote:
>> Indeed, c) was exactly the killer use case I had in mind.
>
> so, how do we get there?
We start from hagrid or something like it, and carefully add the ability
to sync only the absolute
Am Montag 01 Juli 2019 01:36:41 schrieb Robert J. Hansen:
> Now we've got Autocrypt, WKD, and Hagrid: of these Autocrypt is probably the
> most mature and the easiest for email users.
The problem with autocrypt are the cases where its security measures are
tested. There is not good way to
Mirimir via Gnupg-users writes:
>>- Embeds a hardcoded list of already-disrupted keys for which packets
>> should be filtered-out when serving them
>
> That's what I meant. Plus some mechanism for testing keys, so poisoned
> ones are blocked, as soon as possible.
>
> It'd also be useful
On 01/07/2019 10:54, Robert J. Hansen wrote:
>> I think not.
> Thankfully we live in free societies where dissent is allowed: on good
> days, even tolerated and encouraged. You're wrong, of course, but
> please understand I encourage you to be wrong. :)
>
> Also, if it isn't clear: although I
> Third-party signatures from locally unknown certificates are arguably
> not so useful, so how about using ?--keyserver-options import-clean??
> (Or even making it the default behavior?) Of course it's not perfect as
> it still clutters network traffic and gpg(1) needs to clean up the mess
>
On 01/07/2019 11:54, Robert J. Hansen wrote:
> [...]
I think this mail sums up the most important points about this whole
ordeal very well. I completely, wholeheartedly agree. I encourage
everyone to re-read it and internalise it.
The only point not touched upon in this specific mail, I think,
> I think not.
Thankfully we live in free societies where dissent is allowed: on good
days, even tolerated and encouraged. You're wrong, of course, but
please understand I encourage you to be wrong. :)
Also, if it isn't clear: although I emphatically disagree with you, this
is not a personal
On 30/06/2019 21:01, Ralph Seichter wrote:
> * da...@gbenet.com:
>
>> Your Thoughts :)
>
> I think the article is five years old, has not aged well (e.g. MUA
> integration has improved), and that nothing better than PGP has come
> along in the meantime.
>
> Next. ;-)
>
> -Ralph
>
>
On 30/06/2019 13:44, Robert J. Hansen wrote:
> This has all the hallmarks of a child playing with matches and
> clapping with glee as the house catches fire.
I think not.
You yourself say that the SKS system has had known problems for well
over a decade and yet nothing has been done about it. In
> I must have missed the memo
> describing the exact nature of the problem.
https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
39 matches
Mail list logo