Hello All,
After having read the recent multitude of messages related to SKS
keyservers related issue, I figured out that
a. The entire SKS keyservers design and interaction has a fundamental
design flaw named "unlimited resources assumption". I.e., it is assumed
every server, every client
On 07/02/2019 05:18 AM, Robert J. Hansen wrote:
>> Signal went the other way. Build a verifiably secure communications
>> platform so easy that literally anyone can figure it out.
>
> I think this is a misunderstanding of Signal.
> Signal is, by its very nature, tightly tied to one specific
Ángel wrote:
> On 2019-07-02 at 12:24 +0200, Werner Koch via Gnupg-users wrote:
> > > My opinion: make "keyserver-options import-clean" the default and
> > make it internally never import any unknown signatures.
> >
> > Sorry, this is a catch-22. We need the key to verify the signature.
>
> I
On 2019-07-02 at 12:24 +0200, Werner Koch via Gnupg-users wrote:
> > My opinion: make "keyserver-options import-clean" the default and
> make it internally never import any unknown signatures.
>
> Sorry, this is a catch-22. We need the key to verify the signature.
I don't think so. You can have
Hi Konstantin,
On 02.07.2019 21:40, Konstantin Ryabitsev wrote:
Most subkey changes that I am aware of are not due to people's old
subkeys expiring, but because they add new ones for reasons like
migrating between smartcard solutions or just being nerdy and picking a
new ECC-based subkey.
On Mon, Jul 01, 2019 at 06:41:41PM +0200, Werner Koch via Gnupg-users wrote:
On Mon, 1 Jul 2019 10:27, konstan...@linuxfoundation.org said:
- subkey changes
An expired key triggers a reload of the key via WKD or DANE. Modulo the
problems I mentioned in the former mail. For new subkeys we
> This is quite cool (I have mine set up the same way), but somewhat
> ironic considering, well... they're Facebook. I mean of all the big
> dog internet companies out there that you'd expect to give you
> extreme measures protect in-transit personal user data... Facebook?!
Oh yes, absolutely
On 2019-07-01 at 18:32 +0200, karel-v_g--- via Gnupg-users wrote:
> Hello!
> Just right now I have read about a security vulnerability in the PGP
> keyservers,
Note: that's a problem with the keyservers and key distribution, not
with PGP itself.
(...)
> So my question as a user with a need for
On Tue 2019-07-02 12:24:42 +0200, Werner Koch via Gnupg-users wrote:
> On Tue, 2 Jul 2019 10:23, gnupg-users@gnupg.org said:
>
>> Why not make "import-clean" and "import-minimal" strip key signatures
>> before importing a key? That would make "import-minimal" behave like
>
> Because that
Werner Koch via Gnupg-users wrote:
[snip]
> [1] https://gnupg.org/blog/20170904-financial-results-2016.html
> [2] https://gnupg.org/blog/data/g10code-bilanz-2017-pub.pdf
Thanks a lot for the detailed reply, much appreciated!
Also *much* success in the future!
Regards
Stefan
On Tue, 2 Jul 2019 16:03, gnupg-users@gnupg.org said:
> With "big boys" I meaned the German Government, German BSI and Facebook.
I, or well my company g10 Code GmbH, has currently no contracts with the
German government or the BSI. We had projects with the BSI but no
funding whatsoever. These
This is quite cool (I have mine set up the same way), but somewhat ironic
considering, well... they're Facebook. I mean of all the big dog internet
companies out there that you'd expect to give you extreme measures protect
in-transit personal user data... Facebook?!
-Ryan McGinnis
On 02/07/2019 15:03, Stefan Claas via Gnupg-users wrote:
> P.S. to me it is still unknown why exactly Facebook is an anual donor.
Facebook are a *serious* user of OpenPGP. Every email they send me is
encrypted to my PGP key. In this respect they are decades ahead of 99.9%
of the other big IT
Robert J. Hansen wrote:
> > Seriously, ... . I'm going to exercise some restraint here and not write
> > anything else, because I can't find words to do it politely.
>
> I could not agree more.
>
> Stefan, that was out of bounds, inaccurate, and easy to refute. If
> you'd just done a Google
On Tue, 2 Jul 2019 13:47, look@my.amazin.horse said:
> Huh, that's interesting. I was not aware of this issue, and wish you had
> reached
> out to me, or to supp...@keys.openpgp.org, or filed an issue on Hagrid.
I assumed that newly launched server software with the goal to take over
all
On 02/07/2019 13:06, Michał Górny via Gnupg-users wrote:
> In Gentoo we're using a CA-like model with a central service signing
> UIDs of all developers. It is *convenient* for it to be able to inject
> those signatures into keys of the developers, and distribute them along
> with them.
It is
That is true that I am probably being unfair - my focus on GPG for email is
more a nostalgic sadness that secure (beyond TLS transport) email never really
became ubiquitous. In the end the protocol of email itself couldn’t keep up
with way people needed to communicate, so email is now a bit of
On Fri, 2019-06-14 at 10:12 +0200, Oscar Carlsson via Gnupg-users wrote:
> I'm generally curious on your opinions on the latest new keyserver, this
> time running a new software than the normal keyservers.
>
> They seem to have a different model which minimize the amount of
> information
> Signal went the other way. Build a verifiably secure communications platform
> so easy that literally anyone can figure it out.
I think this is a misunderstanding of Signal.
OpenPGP is, by its very nature, agnostic to ... well, just about
everything. It was originally intended for email but
On Tue, 2019-06-25 at 16:30 +0200, Vincent Breitmoser via Gnupg-users
wrote:
> > Hi @ll.
>
> Hi Dirk,
>
> thanks for your thoughts!
>
> > I don't think it's such a good idea to drop Signatures on keys.
>
> As mentioned in our FAQ, the reason we don't support those is that with the
> SKS
>
By the way, I just *love* my iPhone’s desire to help me with words it thinks
I’ve misspelled. :)
-Ryan McGinnis
https://bigstormpicture.com
PGP: 5C73 8727 EE58 786A 777C 4F1D B5AA 3FA3 486E D7AD
Sent with ProtonMail
‐‐‐ Original Message ‐‐‐
On Tuesday, July 2, 2019 7:10 AM, Ryan
Right, I probably wasn’t being very clear with what I meant. What I’m saying
is that people who use PGP at the moment are rather tech savvy, lady over from
the legacy of the fact that for most of PGP’s existence a user *had* to be tech
savvy to even get PGP backed out of the metaphorical
> Seriously, ... . I'm going to exercise some restraint here and not write
> anything else, because I can't find words to do it politely.
I could not agree more.
Stefan, that was out of bounds, inaccurate, and easy to refute. If
you'd just done a Google search before you hit 'Send' you would've
> Unless you are on Windows where the server can't be accessed because it
> uses a pretty limited set of TLS cipher suites. Thus the majority of
> GnuPG encryption users are out of luck.
Huh, that's interesting. I was not aware of this issue, and wish you had reached
out to me, or to
On Tue, 2 Jul 2019 10:01, gnupg-users@gnupg.org said:
> No such issues on keys.openpgp.org, gpg --send-key and the new updated
> key is immediately available with no time outs or delays.
Unless you are on Windows where the server can't be accessed because it
uses a pretty limited set of TLS
On Tue, 2 Jul 2019 10:23, gnupg-users@gnupg.org said:
> Why not make "import-clean" and "import-minimal" strip key signatures
> before importing a key? That would make "import-minimal" behave like
Because that contradicts what import-clean is supposed to do:
After import, compact (remove all
On 02/07/2019 03:44, Mirimir via Gnupg-users wrote:
> On 07/01/2019 07:29 AM, David wrote:
>
>
>
>> My take on all this is that I have had to disable Enigmail because it's
>> screwed - I was not able to send mail and all the settings in enigmail
>> were lots of so I have been
On 2019/07/01 17:32, karel-v_g--- via Gnupg-users wrote:
> So my question as a user with a need for strong mail encryption is,
> whether it is not a time to start over with an all new encryption
> standard replacing OpenPGP and S/MIME completely.
The main problem with OpenPGP isn't that its guts
On 01.07.2019 14:36, Andrew Gallagher wrote:
OpenPGP already has the "keyserver" field which is rarely used. It is
supposedly a hint to clients to tell them to prefer a particular
keyserver, but it could also be used as a hint to the keyservers
themselves, to tell them where the master copy of
Dear Forum,
GNUPG Users Digest is nearly flooding my mailbox with exchanges about
the WoT and keyserver issues.
A simple user (me) needs to know how one could make adaptations in the
settings of GPA or Kleopatra. I would expect instructions here:
Dear Forum,
GNUPG Users Digest is nearly flooding my mailbox with exchanges about
the WoT and keyserver issues.
A simple user (me) needs to know how one could make adaptations in the
settings of GPA or Kleopatra. I would expect instructions here:
Dear Forum,
GNUPG Users Digest is nearly flooding my mailbox with exchanges about
the WoT and keyserver issues.
A simple user (me) needs to know how one could make adaptations in the
settings of GPA or Kleopatra. I would expect instructions here:
On 01.07.2019 23:08, Juergen Bruckner via Gnupg-users wrote:
Well that not pretty "in the wild" but its pretty new:
The Austrian Parliament and some parts of the Austria Government have
released a website [1] where the PGP-Keys of Members of the Parliament
and other people in the government are
On 01/07/2019 23:36, Stefan Claas via Gnupg-users wrote:
> I think *flame on* Werner does not need to change anything,
> because he is in the lucky position do get financed by
> the big boys, so I see no need for him to start doing something
> new like many others (with no financial support) do.
On 02.07.2019 00:58, Alyssa Ross wrote:
For example, why isn't ask-cert-level a default?
For an alternative view on ask-cert-level see also:
https://debian-administration.org/users/dkg/weblog/98
I do agree that no two people use gpg in the same way.
Kind regards,
Wiktor
--
On 01/07/2019 23:55, Ryan McGinnis via Gnupg-users wrote:
> Null modem transfer of your messages? Yikes. To me that’s the issue
> with PGP in general as it relates to secure communications
None of any of the alternatives to OpenPGP you mention solve the issue
that a secure offline system sets
Hi Alyssa,
On 02.07.2019 00:43, Alyssa Ross wrote:
The impression I got was that they're very optimistic about their
ability to handle traffic to their server -- they were happy to have a
distro make the switch, and will be changing the defaults in Enigmail
and OpenKeychain very soon, as I
Am Dienstag 02 Juli 2019 00:58:32 schrieb Alyssa Ross:
> A large part of what makes alternative encryption software like Signal
> successful is its simplicity.
Though at some points it is too simple to use (from my point of view).
My main point of critic are the central server architecture, the
Am Dienstag 02 Juli 2019 05:47:56 schrieb Robert J. Hansen:
> Remember that for about fifteen years GnuPG received basically nil for
> funding.
In the last 20 years there has been significant cross-funding through
contracts that the companies g10 code, KDAB, some other companies and
Intevation
Werner Koch [2019-07-01 18:26:20+02:00] wrote:
> As stop-gap solution the next gpg release sports a --keyserver-options
> self-sigs-only to allow importing of spammed keys.
Why not make "import-clean" and "import-minimal" strip key signatures
before importing a key? That would make
Am Montag 01 Juli 2019 18:33:41 schrieb Werner Koch via Gnupg-users:
> I consider to change this so that gpg always tries to update
> an expired key via the WKD.
To add to this:
The idea for WKD was to be able to improve the algorithm when a new search is
done. It is just obvious that the
On Mon, 1 Jul 2019 23:47, r...@sixdemonbag.org said:
> for development. My donation capped at $500. For several of those
> years, I was one of the largest individual contributors to GnuPG.
Right, your donation encouraged me to keep on working on this set of
tool which is used at many more
On Mon, 1 Jul 2019 22:58, h...@alyssa.is said:
> For example, why isn't ask-cert-level a default? I'm guessing it's just
> because at some point it didn't exist, and the developers didn't want to
Because we have good defaults and options to chnage them in the config.
We do not want to expose
43 matches
Mail list logo
