Just chiming in here with some comments below. I am an active U2F user
and have played around with the server API's and read some of the
specs. Just to be clear, not an expert on U2F.
On 2/27/17 3:28 PM, NIIBE Yutaka wrote:
> Hello,
>
> Let me ask a question about U2F. Or, more generally,
If you read the announcement Google never uses the words "completely broken"
that you attribute to them. I believe that was someone else's characterization.
Mis-attribution and name calling can also be unhelpful.
Google's security team has been the driving force behind two major security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Awesome! Works perfectly now. Tested on macOS (Sierra) Safari and
current iOS Safari.
Congrats on your A+ at SSLlabs
https://www.ssllabs.com/ssltest/analyze.html?d=gnupg.org=217.69.76.60
I would suggest you also look at doing HSTS browser preload
odern
> level: remove protocols TLSv1, TLSv1.1 - for modern level: consider
> enabling OCSP stapling - for modern level: enable Perfect Forward
> Secrecy with a curve of at least 256bits, don't use DHE - for
> modern level: use a certificate of type ecdsa, not RSA
>
> Hope this helps,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Werner, you (or anyone setting up a web server themselves really)
might also find this config generator from Mozilla helpful as a
shortcut in creating what is considered a modern web server config for
TLS.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
I would also like to note that gnupg.org does not appear to work on
the latest versions of Apple iOS or macOS Safari due to TLS cert
issues. It fails to load in Safari on either platform (but Chrome and
Firefox do work on macOS, Safari is the only
On 12/5/16 4:11 AM, Bertram Scharpf wrote:
> I might resume it to two possibilities to accomplish the task:
>
> - Post a digest to a site where you cannot withdraw it
> ever and where it can be retrieved by everybody. This
> could be a Github issue, on Reddit or Twitter or maybe
>
Unfortunately, I think the public key from that service is no longer importable
in modern GnuPG.
https://gnupg.org/faq/whats-new-in-2.1.html#nopgp2
Trying to import the public key on this page results in no public key being
imported. Without this the service cannot be used to verify the
Tierion creates a Merkle tree of incoming hashes and puts the root of the
Merkle tree on the Bitcoin blockchain which proves that the hash was placed
there prior to the time embedded in the BTC transaction. You want to use their
HashAPI.
https://tierion.com/features
Other similar services
I think this is where you want to look into a Hardware Security Module
(HSM) or a solution like Hashicorp's Vault server. The split secret would
be used to initialize either of those solutions (Vault uses split keys to
unseal the server out of the box, and can even encrypt those shares to
several
>
>
> > Are there any current plans to integrate Keybase.io into GnuPG at some
> > point in the future?
>
> (ObWarning: I am not a GnuPG developer.)
>
> I think this is unlikely to occur. Werner's spoken out pretty strongly
> against the keybase.io model, which relies heavily on social media
On Fri, Jan 15, 2016 at 10:29:13AM +0100, Simon Josefsson wrote:
> Glenn Rempe <gl...@rempe.us> writes:
>
> > I recently setup my own Mac w/ gnupg 2.1.10, and I am using a Yubikey to
> > manage my gpg private keys and I am using that key for SSH auth. I have it
> >
I'm not sure when the use of sshcontrol emerged. My impression was that it
is only used as part of GnuPG 'Modern' 2.1.x versions. That being said, If
I remove the keygrip entry from the sshcontrol file it appears to work
fine. The only difference I've just noticed is in the output of 'ssh-add
/e143796b8f399f5fa391
Perhaps NIIBE Yutaka or someone else more knowledgable than I can take a
look and
get us closer to resolution. :-)
Thanks for everyone who is helping.
On Fri, Jan 15, 2016 at 3:08 PM Peter Lebbing <pe...@digitalbrains.com>
wrote:
> On 15/01/16 21:17, Glenn Rempe wrote:
&g
I recently setup my own Mac w/ gnupg 2.1.10, and I am using a Yubikey to
manage my gpg private keys and I am using that key for SSH auth. I have it
all up and running but I ran into some issues as well so I wrote up a blog
post. I'd appreciate any suggestions for improvement and especially for
15 matches
Mail list logo
